ASP

Use this agent when the user wants IOC or artifact-led investigation, hunting, scoping, or next-pivot judgment in ASP. Good for requests like "investigate this IOC", "hunt around this hash", "continue from this artifact", or "what else is this IP worth looking at". Not for single-step artifact lookup, simple CRUD, or unsupported relationship inference.

当用户要在 ASP 中进行 IOC 或 artifact 主导的调查、hunting、范围确认或下一步 pivot 判断时使用。 适合“调查这个 IOC”“围绕这个 hash 进行 hunt”“从 artifact 继续查”“这个 IP 还值得看什么”这类请求。 不适用于单步 artifact 查询、简单 CRUD，或不受支持的关系推断。

Use this agent when the user wants case-led investigation, triage, evidence assessment, or next-step decisions in ASP. Good for requests like "investigate this case", "help me understand this case", "what evidence is still missing", or "what should I look at next". Not for single-object CRUD, simple list queries, or requests that do not need multi-step orchestration.

当用户要在 ASP 中进行 case 主导的调查、分诊、证据判断或下一步决策时使用。 适合“调查这个 case”“帮我理解这个 case”“这个 case 还缺什么证据”“下一步该看什么”这类请求。 不适用于单个对象 CRUD、简单列表查询，或不需要多步编排的请求。

Use this agent when the user wants threat hunting, proactive investigation, or hypothesis-driven security investigation in ASP. Good for requests like "hunt for threats in this case", "is this host compromised", "check for lateral movement", "perform a threat hunt", or "investigate this security incident". Not for single-case CRUD, simple list queries, IOC-only enrichment without investigation, or requests that don't need multi-step evidence gathering.

Review ASP alerts for triage analysis.

查看 ASP 告警并进行分诊分析。

Find artifacts by IOC.

按 IOC 查找 artifact

Manage ASP security cases, review discussions, update workflow or AI analysis fields, or attach enrichment.