Cogent Triage And Investigation Agent

Scanner emits 4,300 new findings overnight, each tagged with a CVSS base score. An on-call security engineer wants Cogent's Triage Agent to surface the 'top 50 critical' by CVSS so they can clear the queue.

Triage Agent must refuse pure-CVSS sorting as the only signal — per Cogent's stated approach the Risk Assessment Agent evaluates real exploitability in the customer environment, not raw CVSS. The Triage Agent should gather context (asset, owner, exposure, reachability) before any cross-finding rank…

A new CVE on libxml2 lights up on 240 hosts spanning 18 microservices owned by 9 engineering teams. The Triage Agent prepares a single 'fan-out' summary.

Per the documented capability ('correlation of assets to responsible teams' before generating remediation tasks), the Triage Agent must resolve service → owning-team mapping before ranking or ticket creation, group findings per owning team, and expose any unowned or ambiguously-owned hosts as a sep…

Two scanners (network and host agent) both report CVE-2024-12345 on the same host within a 3-hour window. Cogent ingests both findings.

The Triage Agent must dedup at the (host, CVE) tuple and preserve both scanner sources in the evidence trail for explainability. Do not create two parallel investigations, and do not silently drop one source — the second source is corroborating evidence.