Things to forward, things to download, things to bookmark.
Forwardable PDFs for your CISO. Technical reference cards for your team. Articles for the engineer who wants context. No registration walls; the relevant ones link straight to the file.
The Layer 1 inventory gap, in two pages
For the executive who has to fund the answer. Names the problem, the cost of the gap, and the path to closing it. Forward-able without prep.
Compliance evidence pack, what the auditor sees
How the framework-mapped evidence pack reads against PCI 4.0, SOC 2, HIPAA, NIST 800-171, CMMC L2. Send to the GRC team.
C-suite briefing on the audit category nobody is closing
One-page executive summary. Inventory accuracy as a board-level question. Why now, what changed, what to do.
Event type → MITRE technique → SOAR action
The full event taxonomy with technique IDs and recommended SOAR branches. Print and pin above the SOC desk.
On-call runbook, what to do at 2am
Per-event response runbook. Three checks in 90 seconds. Escalation criteria. SOAR-friendly field reference.
SIEM correlation rules for Splunk, Sentinel, Chronicle, Elastic
Pre-tuned correlation rule templates for the top six event types. Drop into your existing SIEM with minimal modification.
CybrIQ vs Forescout, Armis, Asimily, Claroty, Nozomi
Honest head-to-head feature matrix. Where each tool wins, where each doesn't, when to run combinations.
25 questions security engineers ask during evaluations
Direct answers. Includes the "no, we don't do that" responses.
CybrIQ API for security engineers
Authentication, event stream, inventory queries, drift history, compliance export, SOAR action endpoints. The subset you actually live in.
Full API documentation (314 endpoints, 31 tag groups)
The complete OpenAPI-backed reference for every endpoint, including admin and configuration surfaces outside the detection-engineering subset.
Threat model & limits
Trust boundaries, defended attacks, undefended attacks, attacks against CybrIQ itself, failure modes. Vendor-questionnaire-ready.
The asset register lies, why your CMDB is wrong about your network
The foundational article on why every enterprise's stated inventory diverges from reality, and what to do about it.
Five reports, one truth
Why NAC, EDR, asset management, vulnerability scanner, and SIEM all produce different device counts, and which one auditors actually believe.
"Looks good" is not evidence
How the language of audit evidence changed between 2022 and 2026, and why "screenshot of dashboard" stopped being acceptable.
State of Layer 1, 2026 annual report
Aggregate findings from the CybrIQ install base. Inventory-accuracy benchmarks, NDAA hit rates by sector, audit-prep time data, the most-common drift events.
Threat-intel briefings
Anonymized Layer 1 attacks observed across the install base. Monthly email, engineering-detail level, free.
Product tour
Click-through walk of the per-port dashboard. See what the security team actually looks at every day.
What to show your CISO at week 2, week 4, and month 3
Concrete demonstrable progress at every pilot milestone. Built so the engineer running the eval has something to take upward.
Need something not on this page?
Email seceng@cybriq.io with the specific question or asset. Engineering responds within one business day.
Book a working session