PeriDex Learning Engine

PeriDex is the self-evolving rules engine that powers all Cybrium scanning tools. Every scan finding can become a new detection rule — automatically generated by AI, validated against test corpora, committed to the tool's repository, built, signed, and released.

Your tools get smarter every time they run.

The learning loop

Scan runs → finding discovered
    |
    v
AI generates YAML signature rule (PeriDex format)
    |
    v
Rule validated against test corpus (precision/recall check)
    |
    v
Git commit to tool repo (cyscan/cyweb/cyprobe/cysense)
    |
    v
GitHub Action: build → test → sign → release
    |
    v
Homebrew formula auto-updated
    |
    v
Platform pulls new version on next scan
    |
    v
Finding re-verified with new rule

Supported tools

Tool	What PeriDex learns
Cyscan	New code vulnerability patterns from SAST findings
Cyweb	New web vuln signatures from DAST discoveries
Cyprobe	New OT device fingerprints from passive observation
Cysense	New protocol patterns from traffic capture
Cydeep	New PLC firmware-to-CVE mappings
Cymail	New email threat patterns

Rule generation triggers

Trigger	Description
new_vuln	Scan found a vulnerability with no matching rule
new_device	Network sensor discovered an unknown device type
false_negative	Manual review found something the tool missed
cve_advisory	New CVE published that affects monitored systems
protocol_anomaly	Traffic pattern doesn't match any known protocol
manual	User explicitly requests rule generation

API

Method	Path	Description
GET	/api/peridex/rules/	List generated rules
GET	/api/peridex/rules/{id}/	Rule detail with YAML
POST	/api/peridex/rules/{id}/approve/	Approve for publishing
POST	/api/peridex/rules/{id}/reject/	Reject rule
POST	/api/peridex/generate/	Manually trigger rule generation
POST	/api/peridex/feedback/	Submit feedback on a rule
GET	/api/peridex/status/	Pipeline summary