-
Notifications
You must be signed in to change notification settings - Fork 0
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
P2 (security): ReAct prompt-injection from observed log/registry/file content
area:agentAgent loop, investigation planning, and LLM orchestrationAgent loop, investigation planning, and LLM orchestrationbugSomething isn't workingSomething isn't workingpriority:p2Normal-priority issueNormal-priority issuesecuritySecurity-related hardening or fixesSecurity-related hardening or fixesStatus: Open.P2 (IR): Network/IOC enrichment — passive DNS, IP reputation, ASN
area:toolsCyber tools, tool registry, and host introspectionCyber tools, tool registry, and host introspectionenhancementNew feature or requestNew feature or requestir-featuresIncident-response capabilities for practitionersIncident-response capabilities for practitionerspriority:p2Normal-priority issueNormal-priority issueStatus: Open.P2 (IR): No remediation actions — read-only triage tools have a usefulness ceiling
enhancementNew feature or requestNew feature or requestir-featuresIncident-response capabilities for practitionersIncident-response capabilities for practitionerspriority:p2Normal-priority issueNormal-priority issuesecuritySecurity-related hardening or fixesSecurity-related hardening or fixesStatus: Open.P2 (IR): Multi-host investigation — fleet-wide context
enhancementNew feature or requestNew feature or requestir-featuresIncident-response capabilities for practitionersIncident-response capabilities for practitionerspriority:p2Normal-priority issueNormal-priority issueStatus: Open.P1 (IR): Output formats — STIX 2.1 / OCSF / Sigma — for SIEM/EDR ingestion
enhancementNew feature or requestNew feature or requestir-featuresIncident-response capabilities for practitionersIncident-response capabilities for practitionerspriority:p1High-priority issue for current milestoneHigh-priority issue for current milestoneStatus: Open.P1 (signal): Evidence is a pointer into transient state, not preserved evidence
area:agentAgent loop, investigation planning, and LLM orchestrationAgent loop, investigation planning, and LLM orchestrationenhancementNew feature or requestNew feature or requestpriority:p1High-priority issue for current milestoneHigh-priority issue for current milestonesecuritySecurity-related hardening or fixesSecurity-related hardening or fixessignal-qualityFindings/signal-quality (vs infrastructure/build)Findings/signal-quality (vs infrastructure/build)Status: Open.P1 (signal): Reports are unordered tool dumps — no timeline reconstruction
area:agentAgent loop, investigation planning, and LLM orchestrationAgent loop, investigation planning, and LLM orchestrationenhancementNew feature or requestNew feature or requestpriority:p1High-priority issue for current milestoneHigh-priority issue for current milestonesignal-qualityFindings/signal-quality (vs infrastructure/build)Findings/signal-quality (vs infrastructure/build)Status: Open.P1 (signal): Confidence scores are unjustified — show derivation or remove
area:agentAgent loop, investigation planning, and LLM orchestrationAgent loop, investigation planning, and LLM orchestrationenhancementNew feature or requestNew feature or requestpriority:p1High-priority issue for current milestoneHigh-priority issue for current milestonesignal-qualityFindings/signal-quality (vs infrastructure/build)Findings/signal-quality (vs infrastructure/build)Status: Open.P0 (signal): No baseline / suppression / first-vs-Nth-run distinction
area:agentAgent loop, investigation planning, and LLM orchestrationAgent loop, investigation planning, and LLM orchestrationenhancementNew feature or requestNew feature or requestpriority:p0Must-fix blocker before releaseMust-fix blocker before releasesignal-qualityFindings/signal-quality (vs infrastructure/build)Findings/signal-quality (vs infrastructure/build)Status: Open.P0 (signal): Hardcoded substring suspiciousness produces high false-positive rate
area:toolsCyber tools, tool registry, and host introspectionCyber tools, tool registry, and host introspectionenhancementNew feature or requestNew feature or requestpriority:p0Must-fix blocker before releaseMust-fix blocker before releasesignal-qualityFindings/signal-quality (vs infrastructure/build)Findings/signal-quality (vs infrastructure/build)Status: Open.P0 (signal): Findings are unjoined per-tool outputs — no cross-tool correlation
area:agentAgent loop, investigation planning, and LLM orchestrationAgent loop, investigation planning, and LLM orchestrationenhancementNew feature or requestNew feature or requestpriority:p0Must-fix blocker before releaseMust-fix blocker before releasesignal-qualityFindings/signal-quality (vs infrastructure/build)Findings/signal-quality (vs infrastructure/build)Status: Open.P3: Enhance dashboard with live status, run monitoring, and findings chart
enhancementNew feature or requestNew feature or requestlive-testing-auditFrom v1.6.0 live-mode comprehensive testingFrom v1.6.0 live-mode comprehensive testingpriority:p3Priority: P3 - Nice to havePriority: P3 - Nice to haveStatus: Open.