SECOPS

New-Domain Onboarding Exposure Baseline to Postgres

When a domain is added to your monitored list, runs a deep Brave Search exposure scan, snapshots every confirmed leak into a Postgres baseline table.

CategorySecOps

Enginesim

Difficultyintermediate

Triggerevent

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerDomain added to the monitored set
ActionBrave Search deep multi-query exposure scanBrave Search
ActionOpenAI normalizes hits into structured recordsOpenAI
ActionUpsert confirmed exposures into Postgres baselinePostgres
OutputPost inherited-risk summary to SlackSlack

What it does

Establishes a clean exposure baseline the moment you start monitoring a new domain. It records what's already public so your recurring sweeps can distinguish brand-new leaks from pre-existing noise, preventing day-one alert storms.

When to use it

Run it whenever you onboard a newly acquired company, a fresh brand domain, or a previously unmonitored asset and need to know your starting exposure before turning on continuous monitoring.

How it works

1An event fires when a domain is added to the monitored set.
2Brave Search runs a deep multi-query scan across paste sites and the open web for that domain.
3An OpenAI step normalizes each hit into a structured record — leaked identity, source URL, type, severity.
4Every confirmed exposure is upserted into a Postgres `exposure_baseline` table keyed by source URL.
5A Slack summary reports the baseline count and top severities so the team knows the inherited risk before live alerting begins.

Set it up

What you configure once, before turning it on.

1
Connect Brave SearchWeb, news, image, video search.
2
Connect OpenAIModels, embeddings, files.
3
Connect PostgresAny Postgres URL — query, write, migrate.
4
Connect SlackChannels, DMs, threads, mentions.
5
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
6
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
7
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More SecOps workflows

Scheduled AWS Access-Key Age Sweep and Forced Rotation

Runs daily to find IAM access keys older than your policy threshold, deactivates the stale key, issues a fresh pair, and notifies the key owner with their replacement instructions.

Correlate Datadog WAF anomaly alert with Cloudflare evidence

When Datadog fires a WAF block-rate anomaly monitor, it pulls the matching Cloudflare firewall events, builds an evidence pack of top rules and ASNs.

Exposed-Secret Incident Triage and Remediation Agent

An agent-driven workflow that investigates a reported leaked secret end to end, decides revoke-versus-escalate, executes the rotation.

Non-Rotatable Leaked Secret to PagerDuty Escalation

Catches secret-scan hits for credentials that cannot be auto-rotated, gathers blast-radius context, and pages the on-call engineer with a step-by-step manual rotation runbook.

GitHub Secret-Scan Hit to Auto-Revoke and Rotate

When GitHub secret scanning flags a leaked credential in a repo, it auto-classifies the secret type, revokes the live key at the provider, mints a replacement.

Post-Revocation Verification and Audit Logging

After a key is revoked, it confirms the old credential actually fails, verifies the replacement works.

Browse all SecOps →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

Software

AI Tools Startup

Ship an AI tool, distribute on every channel, watch the unit economics.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →