@neurovagrant I’ve used it to help build first pass threat narratives when an alert is triggered. I did side by side analysis of a SQL backed agent vs a GraphDB based one and did several runs on known behavior I had emulated. My agents almost always found the behavior but had some trouble either adding extra activity or attributing the wrong activity. But about 80-90% was perfectly correct. It’s an excellent first pass for something that would take me several minutes or even hours before depending on complexity. I found that the type of DB backend modified performance with everything else (system prompt, tools, etc.. staying the same).