Quick Start
Get Triage Warden running and process your first incident in 5 minutes.
1. Start the Server
# Start with default settings (SQLite, mock connectors)
cargo run --bin tw-api
# Or use the release binary
./target/release/tw-api
The web dashboard is now available at http://localhost:8080.
2. Create an Incident
Via Web Dashboard
- Open
http://localhost:8080in your browser - Click "New Incident"
- Fill in the incident details:
- Type: Phishing
- Source: Email Gateway
- Severity: Medium
- Click Create
Via CLI
tw-cli incident create \
--type phishing \
--source "email-gateway" \
--severity medium \
--data '{
"subject": "Urgent: Verify Your Account",
"sender": "[email protected]",
"recipient": "[email protected]"
}'
Via API
curl -X POST http://localhost:8080/api/incidents \
-H "Content-Type: application/json" \
-d '{
"incident_type": "phishing",
"source": "email-gateway",
"severity": "medium",
"raw_data": {
"subject": "Urgent: Verify Your Account",
"sender": "[email protected]"
}
}'
3. Run AI Triage
# Trigger triage for the incident
tw-cli triage run --incident INC-2024-0001
The AI agent will:
- Parse email headers and content
- Check sender reputation
- Analyze URLs and attachments
- Generate a verdict with confidence score
4. View the Verdict
# Get incident with triage results
tw-cli incident get INC-2024-0001
# Example output:
# Incident: INC-2024-0001
# Type: phishing
# Status: triaged
# Verdict: malicious
# Confidence: 0.92
# Recommended Actions:
# - quarantine_email
# - block_sender
# - notify_user
5. Execute Actions
Actions may require approval based on your policy configuration:
# Request to quarantine the email
tw-cli action execute --incident INC-2024-0001 --action quarantine_email
# If auto-approved:
# Action executed: quarantine_email (status: completed)
# If requires approval:
# Action pending approval from: Senior Analyst
Approve pending actions via the dashboard at /approvals.
Next Steps
- Configuration - Set up real connectors
- Playbooks - Create automated workflows
- Policy Engine - Configure approval rules