Triage and recurring investigations
Resolve risky infrastructure faster, move across the evidence graph, and preserve the resulting judgment for later operators or agents.
Syndu is an external context layer for monitoring, hygiene review, agent workflows, and decision support. It complements SoC and SIEM processes rather than replacing them, while sharing the same evidence and memory model used elsewhere on the platform.
Resolve risky infrastructure faster, move across the evidence graph, and preserve the resulting judgment for later operators or agents.
Use the report shell for operators, the API for product logic, or MCP for shared investigation workflows with memory.
Syndu is not limited to the SOC path; the same graph and memory loop also support fraud, merchant-risk, and abuse workflows.
Open fraud workflowsAnalysts can move from a suspicious IP into its subnet, ISP, ASN, organization, and geography without leaving the reporting graph. That accelerates triage and attribution review.
MCP-compatible agents can use the same evidence graph and contextual-risk model while preserving findings, playbooks, and outcomes inside a governed workspace hive mind with private-by-default memory.
The reports surface the observed behavior of network entities and their surrounding footprint. This supports network-hygiene decisions, partner reviews, and third-party posture assessments.
At higher layers such as city, region, and country, the same data can be used for briefing-ready summaries and broader operational posture reviews.
Syndu turns outside-in network behavior into shared cyber-and-fraud context, then preserves decisions in memory for humans, applications, and agents. This manual is the public map of that platform: the evidence graph, the Risk API, the MCP server, and the governance layer that ties them together.
Syndu exposes a dimensional risk surface across network entities and geography: ip address, subnet, ISP, ASN, organization, city, region, and country. That same dimensional graph powers the Risk API, MCP tools, and the memory loop that preserves the resulting decisions.
Syndu is also a decision surface for fraud, payments, merchant-risk, and trust workflows. The same outside-in evidence graph, Risk API, and governed memory loop help teams score, review, and preserve conclusions around risky identifiers.
The platform supports three access surfaces at scale: direct report access for large-scale browser or agent consumption, the Risk API for application-native scoring, and the MCP server for collaborative agent workflows.
Syndu is one platform with three access surfaces: direct access for report-shell consumption, API access for application-side scoring, and MCP access for agent collaboration. They sit under the same workspace, quota, and subscription control plane, but differ in delivery contract.
Score risky IPs in real time, report lightweight business feedback, and push structured identifier outcomes back into workspace memory from the same authenticated API surface. Syndu keeps the contract simple: `score` is the metered read path, while `rate` and `report` are authenticated writeback endpoints that do not consume score quota.
Registration unlocks the workspace control plane, plan selection, credential provisioning, and the subscription flow across web, API, and MCP access.
