Every action below is available as a verb in Cerebral OS — callable from a Cerebral, a Map, or the Runtime API. All executions are governed, audited, and dry-run safe.
Create Watchlist
knowfirst:create_watchlist
Create a new watchlist to monitor specific indicators and generate alerts.
Write
Medium risk
Delete Watchlist
knowfirst:delete_watchlist
Permanently delete a watchlist and all its indicators. This action cannot be undone.
Write
High risk
Get Alert
knowfirst:get_alert
Fetch a single alert by ID with full details including risk score and indicators.
Read
Low risk
Get Threat Intel
knowfirst:get_threat_intel
Fetch a single threat intelligence report by ID with indicators and analysis.
Read
Low risk
Get Watchlist
knowfirst:get_watchlist
Fetch a single watchlist by ID with all indicators and recent alerts.
Read
Low risk
List Alerts
knowfirst:list_alerts
List alerts with optional filtering by severity, status, category, and date range.
Read
Low risk
List Threat Intel
knowfirst:list_threat_intel
List threat intelligence reports with filtering and search capabilities.
Read
Low risk
List Watchlists
knowfirst:list_watchlists
List all watchlists with optional filtering by status, severity, and search.
Read
Low risk
Search Indicators
knowfirst:search_indicators
Search for threat indicators by value with confidence scoring and context.
Read
Low risk
Update Alert
knowfirst:update_alert
Update an alert's status, assignee, notes, or tags.
Write
Medium risk
Update Watchlist
knowfirst:update_watchlist
Update a watchlist's configuration, status, or metadata.
Write
Medium risk