Sign Up
Products
Synapse
High-performance reverse proxy & firewall with XDP packet filtering.
Cerebrum
Inline ARM-based hardware sensor with 800 Gbps eBPF/XDP processing.
Cerebellum
GPU-accelerated AI platform for cross-site correlation and encrypted traffic analysis.
Workflow
Auto-respond to detections with visual playbooks and Slack approvals.
View all products
back
/ automation

Workflow

From detection to response, automatically. Build visual playbooks that triage, enrich, and act — so your team approves outcomes instead of chasing alerts.

Open WorkflowTalk to us
Auto-deploy WAF rules when threats are detected

Cerebellum sees a new bot signature, a JA4+ fingerprint cluster, or a credential-stuffing pattern — Workflow pushes the matching block rule to every Synapse and Cerebrum in your fleet. No copy-paste between consoles.

Triggered by any Cerebellum detectionFleet-wide policy push in millisecondsRollback any change with one click
Slack-approve high-risk blocks before they ship

For high-blast-radius actions — blocking a /24, banning a country, dropping a vendor ASN — Workflow posts to Slack and waits for a human ✓ before committing. Ship safely, prove who approved what.

Slack / Teams / email approversPer-rule approval thresholdsTimeouts auto-escalate or auto-deny
Page on-call only when it really matters

Stop drowning the SOC in alerts. Workflow filters, enriches, and deduplicates events from across the fleet — and only pages the on-call when a detection clears your severity and confidence thresholds.

Native PagerDuty / Opsgenie / webhookPer-tenant severity + confidence rulesQuiet hours and rotation-aware
Conditional response, visually

Drag-and-drop the steps your runbook already describes. Branch on detection type, IP reputation, business hours, or any field on the event. The same canvas the SOC uses is the same canvas the engine runs.

If-then-else branchingWait-for-signal and sleep stepsParallel join across multiple checks
Every run, audit-logged

Every playbook run is a permanent record — what fired it, who approved each step, what the result was, when it finished. Show your auditor the receipts without writing a ticket.

Full run history per playbookInputs, outputs, approver, timestampExportable for SOC2 / ISO evidence
Same identity, same RBAC

Workflow inherits the user, org, and role you already have in Gen0Sec. No second login, no second permission model — viewers see runs, operators approve, admins edit playbooks.

Single sign-on with the platformPer-action RBAC (view / run / edit / approve)Org and workspace isolated
/ start from a template

Pre-built playbooks for the runbooks you already have

Each template is a working playbook — open it, swap the destinations to your Slack / PagerDuty / Synapse fleet, and run.

Template
Block traffic spike
Page on-call and auto-block the offending ASN when Synapse drop-rate exceeds your baseline.
Template
Approve high-risk WAF push
Cerebellum proposes a new WAF rule → Slack approval → push to every Synapse on confirmation.
Template
Tier-1 enrichment
Every Cerebellum detection auto-enriches with WHOIS, GeoIP, and recent-history before paging.