coordinated_attack_check
Analyzes timing and pattern similarity across threat events to determine if they form a coordinated attack. Returns a boolean indicating coordination.
Instructions
Check if multiple threat events are part of a coordinated attack.
Analyzes timing and pattern similarity across events. Requires Pro tier or Novyx Cloud.
Args: threat_events: JSON string with array of threat events to analyze. time_window_hours: Optional time window for correlation (default: auto).
Returns: JSON string with is_coordinated boolean.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| threat_events | Yes | ||
| time_window_hours | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |