ВозможностиДокументацияЦеныPlaygroundFAQ

Forensics & Compliance

FlowLink Forensics provides incident timeline reconstruction, compliance-ready reports, and point-in-time state snapshots for audit and rollback. Built on your existing audit logs, command history, infrastructure map, and shield data.

Incident Timeline

GET /api/v1/forensics/timeline

Reconstructs what happened during an incident from audit_log + command_history + infra_map.

  • Blast radius — which services/hosts could be affected via the infrastructure graph
  • Anomaly detection — off-hours activity, privilege escalation, lateral movement, data exfil risk
  • Risk scoring — 0-100 based on events, blocked actions, anomalies
  • Recommendations — auto-generated based on detected patterns
curl -H "Authorization: Bearer $TOKEN" \
  "https://your-org.flowlink.io/api/v1/forensics/timeline?limit=200"

Agent Reconstruction

GET /api/v1/forensics/reconstruct/{agent_id}

Full chronological scenario replay: commands, audit events, services touched, blocked/approved counts.

curl "https://your-org.flowlink.io/api/v1/forensics/reconstruct/agent-123?hours=6"

Compliance Reports

POST /api/v1/forensics/report

Auto-generated reports: executive summary, security audit, policy compliance, agent activity.

Compliance scoring (0-100):

  • Access Control — approval rate, blocked ratio
  • Audit Trail — completeness of audit coverage
  • Policy Enforcement — shield effectiveness
  • Data Protection — secret management status
  • Incident Response — anomaly detection coverage
curl -X POST -H "Content-Type: application/json" \
  -d '{"report_type": "executive", "period_days": 30}' \
  "https://your-org.flowlink.io/api/v1/forensics/report"

Context Snapshots

POST /api/v1/forensics/snapshot

Point-in-time state capture: agents, infrastructure, policies, secret configs.

curl -X POST -d '{"label": "Pre-deploy"}' \
  "https://your-org.flowlink.io/api/v1/forensics/snapshot"

# Compare two snapshots
curl "https://your-org.flowlink.io/api/v1/forensics/diff/1/2"

Service Catalog

GET /api/v1/catalog/services — live catalog with owner, SLA, health, risk score

GET /api/v1/catalog/summary — business dashboard (by env, criticality, owner)

GET /api/v1/catalog/efficiency — cost & time savings, agent ROI

Change Management

Safe rollout through agents with approval and rollback:

  • POST /api/v1/changes — create change request (deploy/config/patch/rollback/emergency)
  • POST /api/v1/changes/{id}/approve — approve change
  • POST /api/v1/changes/{id}/rollback — trigger rollback

AI Ops Assistant

GET /api/v1/ops/ask?q=...

Natural language queries about infrastructure, agents, risk, costs. Understands Russian and English.

curl "https://your-org.flowlink.io/api/v1/ops/ask?q=%D0%BF%D0%BE%D0%BA%D0%B0%D0%B6%D0%B8%20%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D1%8B"