Cymind — Autonomous Security Consciousness
Cymind is the autonomous defense layer that watches, decides, and acts. When sensors detect threats, anomalies, or misconfigurations, Cymind evaluates the event against your tenant's consciousness policy and either recommends, queues for approval, or auto-remediates — depending on the configured consciousness level.
Consciousness levels
| Level | Name | Behavior | Use case |
|---|---|---|---|
| 0 | Dormant | Detect and log only | Initial deployment, audit mode |
| 1 | Aware | Detect + recommend action | New environments, building trust |
| 2 | Reactive | Detect + auto-fix with dry-run preview, human confirms | Production with oversight |
| 3 | Adaptive | Auto-fix immediately, notify after. Rollback window. | Trusted environments |
| 4 | Autonomous | Auto-fix + learn + update rules + re-verify | Enterprise, full automation |
Event sources
Cymind processes events from every sensor and scan type in the platform:
| Source | Event types |
|---|---|
| Cysense (network sensor) | New device, anomalous traffic, protocol violation |
| Cyguard (endpoint agent) | Suspicious process, unauthorized listener, software change |
| Cywave (wireless RF) | Rogue access point, unauthorized BLE device |
| CSPM engine | Cloud misconfiguration, compliance drift |
| Adversary engine | Vulnerability exploited during campaign |
| DAST / SAST | New vulnerability discovered |
Response actions
| Action | What Cymind does |
|---|---|
quarantine | Network isolation via firewall/ACL rules |
block_ip | Add IP to WAF blocklist |
close_port | Modify security group to close exposed port |
revert_config | Roll back cloud resource to compliant state |
kill_process | Terminate suspicious process via cyguard agent |
deploy_waf_rule | Push WAF rule to AWS WAF / Cloudflare |
isolate_segment | Apply network ACL to isolate a VLAN segment |
Every response captures pre-state and post-state for full audit trail and rollback capability.
How it works
Sensor detects event
|
v
CymindEvent created
|
v
CymindEngine.evaluate()
|
├── Check tenant ConsciousnessPolicy
├── Match CymindResponseRules
├── Check severity threshold
├── Enforce cooldown (no duplicate responses)
|
v
Decision: ignore | recommend | queue_approval | auto_execute
|
v
CymindEngine.execute_response()
|
├── Capture pre-state
├── Execute action (via Dexter / cyguard / WAF API)
├── Capture post-state
├── Notify via email + WebSocket
└── Log to audit trail
API
| Method | Path | Description |
|---|---|---|
| GET | /api/cymind/policies/ | List consciousness policies |
| POST | /api/cymind/policies/ | Create/update policy |
| GET | /api/cymind/events/ | List events (filterable) |
| POST | /api/cymind/events/{id}/approve/ | Approve pending response |
| POST | /api/cymind/events/{id}/rollback/ | Rollback applied response |
| GET | /api/cymind/rules/ | List response rules |
| GET | /api/cymind/dashboard/ | Aggregated stats |