Use Cases
IP, Domain, and Log Analysis
Assists analysts during investigations by enriching indicators like IP addresses or domains, generating urlscan reports, and performing smart log queries that summarize user activity across systems. This helps accelerate threat identification and reduce research fatigue.
Threat Investigation & Enrichment
Tools
 |  | |||
|---|---|---|---|---|
UrlScan | Sublime Security |
Copilot Flow:
Given user input describing a domain, IP address, or behavioral question (e.g. "How many users visited x domain"), this copilot:
Enriches the domain or IP with threat intelligence (location, ASN, proxy service, ISP)
Retrieves and summarizes Urlscan reports
Executes federated log queries across DNS and HTTP logs to extract counts, user lists, and contextual metadata
Provides a summarized, readable response to the analyst
It is also capable of offering insights about domains, such as WHOIS info, hosting providers, or detection hits. This workflow reduces time spent on enrichment and correlation, and improves investigation accuracy.