Outputs are generated once correlation admits edges through hardened gates. Artifacts are structured, provenance-preserving, and ingestible. Outputs are designed for graph analysis, correlation monitoring, and audit. Parameters are omitted by design.Documentation Index
Fetch the complete documentation index at: https://none-38c466ad.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
10.1 Cluster Graphs
Cluster graphs represent correlated networks where nodes denote surfaces and infrastructure artifacts, and edges capture pivots across structural, behavioral, and infrastructure families. Edge weights reflect rarity estimates contextualized by platform norms. Graphs are exported with linkage rationale, timestamps, and integrity records for audit. Invariants- Node and edge types are schema-typed for reproducibility
- Weights derive from family-level evidence rather than single heuristics
- Provenance and acquisition context accompany every edge
- Visualizing operator networks
- Loading directly into graph stores for live queries
10.2 Infrastructure Pivot Maps
Infrastructure pivot maps present time-ordered linkages that capture how an operator’s underlying resources evolve. Each pivot includes first-seen and last-seen timestamps together with persistence markers derived from observed continuity. Invariants- Temporal ordering is anchored in acquisition events
- Persistence is computed at the family level but full raw values are preserved
- Significant changes are explicitly recorded with their identifiers for audit and replay
- Locating durable core infrastructure within ephemeral deployments.
- Post-event attribution and reentry detection.
10.3 Behavioral Fingerprint Profiles
Behavioral fingerprint profiles summarize operator workflows across deployments. They combine signals such as deployment cadence, reuse ratios across surface launches, and deviations from baseline interaction patterns. Invariants- Computed from normalized behavioral families only
- Robust to cosmetic change
- Suitable for longitudinal comparison
- Early detection of infrastructure reappearance
- Actor stratification within mixed ecosystems
10.4 Risk Scoring Outputs
Risk scoring outputs assign a composite value that estimates the likelihood a given surface belongs to a coordinated network. Contributions from different signal families are weighted by rarity and stability to prevent distortion by common artifacts. Formal definition- : extracted pivots for domain
- : family type label
- : entropy estimate
- : stability estimate
- : platform context modulation
- Parameters omitted by design.
- No single family contributes without corroboration
- Each score is accompanied by an explanation vector for audit
- Results are expressed as ranks or bands, not absolute values
- Prioritizing domains for investigation
- Providing standardized inputs for automated triage systems
10.5 Enrichment-Ready Exports
Enrichment-ready exports preserve typing, provenance, and integrity, and are delivered in formats compatible with investigative workflows. Formats- JSON for programmatic pipelines
- CSV for structured review
- GraphML for visualization tools
- Typed signals and linkage rationale
- Acquisition timestamps and session context.
- Integrity digests for replay and verification.
10.6 Analyst-Assist Artifacts
Analyst-assist artifacts are derived objects that accelerate investigations by surfacing cluster composition, key pivots, and anomalies. Examples- Cluster summaries describing composition, dominant pivots, and observed drift
- Ranked pivot lists that identify the strongest contributors to linkage
- Anomaly reports that surface deviations in platform behavior or infrastructure patterns
