How do PulseLab commands work in HuntBot?

PulseLab commands allow you to explore threat insights using HuntBot, HuntCode's interactive security assistant. These commands provide structured summaries of PulseLab’s aggregated Web Application Firewall (WAF) data through simple, natural-language prompts.

Unlike the PulseLab dashboard, which presents curated insight cards, HuntBot enables deeper, on-demand exploration of the same underlying threat data using command-based queries.

PulseLab commands are available in the standalone HuntBot interface. They are not executed directly inside the PulseLab dashboard. HuntBot returns read-only summaries derived from PulseLab’s snapshot-based analysis.

Users can discover PulseLab functionality by typing commands in HuntBot, then entering pulselab to view the available PulseLab-specific commands.

• pulselab status – Shows data freshness and coverage
• pulselab uris – Summarizes the most frequently probed paths
• pulselab user agents – Breaks down observed user agent categories
• pulselab threats – Highlights dominant WAF rules and threat types
• pulselab global threats – Summarizes activity by country and rule

PulseLab commands support optional time windows that control the scope of analysis. These windows allow HuntBot to summarize activity over recent periods, such as hours or days, depending on the selected query.

Results represent aggregated observations within the selected window and are intended for exploratory and educational analysis rather than real-time monitoring.

All PulseLab commands operate in a read-only mode. HuntBot cannot modify firewall rules, access private infrastructure, or expose sensitive request data. All responses are generated from anonymized, aggregated telemetry.

For high-level summaries, the PulseLab dashboard provides curated insight cards. For deeper investigation and flexible exploration, PulseLab commands in HuntBot offer a more interactive way to analyze recent threat activity.