Configuring Cymind
Setting your consciousness level
Navigate to Settings > Cymind in your workspace, or use the API:
curl -X POST https://app.cybrium.ai/api/cymind/policies/ \
-H "Authorization: Bearer $TOKEN" \
-d '{
"level": 2,
"scope": "all",
"cooldown_seconds": 300,
"require_approval_above": "medium",
"enabled": true
}'
Level recommendations
| Environment | Recommended level | Why |
|---|---|---|
| New deployment | 1 (Aware) | Build trust, learn normal traffic patterns |
| Hospital production | 2 (Reactive) | Human confirms before acting on medical networks |
| Cloud staging | 3 (Adaptive) | Auto-fix misconfigs, notify after |
| Enterprise SOC | 4 (Autonomous) | Full automation with audit trail |
Severity threshold
The require_approval_above setting controls which findings require human
approval even at higher consciousness levels:
- Set to
medium: auto-fix low and info findings, require approval for medium+ - Set to
high: auto-fix up to medium, require approval for high and critical - Set to
critical: only critical findings need approval - Set to
info: everything needs approval (effectively level 1)
Response rules
Create custom rules to define specific responses for specific events:
curl -X POST https://app.cybrium.ai/api/cymind/rules/ \
-H "Authorization: Bearer $TOKEN" \
-d '{
"event_type": "misconfiguration",
"severity": "high",
"source_tool": "cspm",
"action": "revert_config",
"action_params": {},
"min_consciousness_level": 2,
"is_active": true
}'
Cooldown
The cooldown prevents response storms. If Cymind receives 100 events for the same issue within seconds, it will only respond once within the cooldown window (default: 300 seconds).
Scoping
Set scope to limit Cymind's reach:
| Scope | What Cymind watches |
|---|---|
all | Everything |
cloud | CSPM findings, cloud misconfigs only |
endpoint | Cyguard events only |
network | Cysense events only |
ot | OT/ICS events (cyprobe, cydeep, cysense on OT VLANs) |