Workflows
The workflow library is every runnable investigation across the graph, grouped by what you are trying to do.
1 · The library
Each card is a workflow you can run: Attack Path and Connection Finder, Attack-Surface Mapper, Threat Investigation, Indicator Enrichment, and more. A card shows the graph layers it draws on (DNS, WHOIS, BGP, RPKI, threat intel, and others) and links to its own docs.
2 · Filter the library
Filter by use case, persona, task, or graph layer. Each facet carries a live count, so you can narrow from the whole library to the handful that fit the job.
3 · Run a workflow
Open a workflow to see its description and parameters, give it an indicator, and run it. The same run is available from Investigate and over MCP.