System diagnostics, bulk operations, and per-case management
Run operations across all cases. These can be slow for large datasets.
Send Daily Digest Now
Post a case summary digest to every configured Slack channel. Shows open cases by severity, new/resolved counts, and per-case detail rows.
Purge Truncated Finding IDs
Remove broken/truncated finding IDs from all cases. Instant fix, no LLM calls, no evidence gathering.
Regather All Evidence
Re-discover related findings, rebuild entity extraction, kill chains, and investigation queries. No LLM calls.
Reanalyze All Cases
Full pipeline: regather evidence + run case-level Stick analysis on every case. Makes LLM calls.
Clear All Case Analyses
Remove case-level Stick analyses from all cases. Cases and findings are preserved. Reanalyze afterward.
Force Finding Reanalysis
Re-run the FULL evaluation pipeline (scoring + Stick LLM review) on every finding in every case. Expensive.
Re-evaluate All Cases
Check all open cases against current finding statuses. Auto-deprioritizes or resolves cases where findings have been evaluated as benign. No LLM calls.
Destructive
Reset All Cases & Start Fresh
Delete ALL cases AND invalidate all cached analyses. After reset, run the scheduler to re-score and re-review all findings from scratch — new cases will be created for confirmed threats. Requires typing "RESET" to confirm.
Run operations on individual cases