Skip to Content
Alprina is in active development. Join us in building the future of security scanning.
PlaybooksAgent Field Guide

Agent Field Guide

Alprina ships with 18 specialized agents. Each brings a different expertise so you can tailor scans to your stack and stage of development. Use this guide to choose the right option and trigger it from the CLI, API, or chat assistant.

Case Study: SecureHealth’s Multi-Agent Security Transformation

Background: SecureHealth, a healthcare app startup handling PHI (Protected Health Information), needed HIPAA compliance before their Q2 launch. They had 6 different security concerns across their stack but couldn’t afford multiple specialized tools.

The Challenge:

  • Web Application: Needed penetration testing (Red Team)
  • API Layer: Required authentication audit (Blue Team)
  • Mobile App: Android security assessment needed (Android SAST)
  • Container Infrastructure: Docker images needed scanning (Container Agent)
  • Network Security: TLS and protocol validation required (Network Analyzer)
  • Compliance: SBOM generation for HIPAA auditors (Compliance Agent)

Traditional Solution Cost:

  • Penetration testing firm: $15,000 one-time
  • SAST tool (Checkmarx): $1,200/month
  • Container scanner (Snyk): $500/month
  • Network scanner (Nessus): $4,000/year
  • Total First Year: $35,400

Alprina Solution: $99/month Team tier with 18 agents included

  • Total First Year: $1,188
  • Savings: $34,212 (97% cost reduction)

Implementation Timeline:

Week 1 - Web & API Security:

# Red Team agent found 12 critical vulnerabilities
alprina scan ./api --profile code-audit --safe-only false
 
# Blue Team validated authentication controls
alprina scan ./api --profile defense-review

Week 2 - Mobile & Container:

# Android SAST scanned mobile app
alprina scan ./mobile/app-release.aab --profile android-sast
 
# Container scanning of Docker images
alprina scan healthcare-api:latest --container

Week 3 - Network & Compliance:

# Network Analyzer checked TLS configuration
alprina scan https://api.securehealth.com --profile web-recon
 
# Generated SBOM for HIPAA compliance
alprina sbom ./project --format both

Results:

  • 23 critical vulnerabilities discovered across all systems
  • 19 fixed using AI-powered auto-fix (83% success rate)
  • 4 manual fixes with detailed remediation guidance
  • HIPAA compliance achieved in 3 weeks (vs 3 months traditional)
  • $34,212 saved in first year vs traditional tooling
  • Passed external audit with comprehensive documentation

CTO’s Testimonial: “We needed six different security tools. Alprina gave us 18 specialized agents for less than the cost of one traditional tool. We achieved HIPAA compliance in 3 weeks and saved our entire security budget.”

Key Success Factors:

  1. Multi-agent workflows eliminated tool fragmentation
  2. AI-powered fixes accelerated remediation by 75%
  3. Single dashboard simplified compliance reporting
  4. Team collaboration features kept everyone aligned
  5. Continuous scanning prevented regression

Core Agent Categories

CategoryFocusTypical Use CaseKickoff Command
Offensive (Red Team)Attack simulation, exploit discoveryPre-release penetration testingalprina scan ./api --profile code-audit --safe-only false
Defensive (Blue Team)Control validation, detection gapsPost-incident hardening, SOC readinessalprina scan ./infra --profile defense-review
ReconnaissanceSurface mapping, service enumerationStaging/production perimeter reviewsalprina scan https://staging.example.com --profile web-recon
DFIRForensics, log correlationAfter suspicious activity or breachalprina scan ./logs --profile dfir
SpecializedMobile, firmware, network, emailDomain-specific checks (IoT, Android, etc.)See sections below

Tip: Run alprina agents list (coming soon) or check GET /v1/agents to see the exact agents enabled for your account.

Offensive & Defensive Agents

  • Red Team Agent — Simulates attacker paths, privilege escalation, and chained exploits. Best when you want to mimic a motivated adversary. Use --safe-only false to allow deeper exploitation in controlled environments.
  • Blue Team Agent — Evaluates defensive controls, logging, alerting, and incident response readiness. Perfect for validating SOC coverage after launches.
  • Guardrails Agent — Confirms policy adherence (allowed domains, restricted ports, compliance configs) before granting approvals.
  • Retester Agent — Re-runs previous findings after fixes. Point it at the same target to automatically verify remediation.

Example

alprina scan ./services/auth --profile code-audit --safe-only true
alprina chat --load ~/.alprina/out/latest-results.json
# In chat:
# You: Cross-check these findings with the Blue Team agent.

Reconnaissance & Network Agents

  • Network Analyzer — Maps endpoints, open ports, and TLS hygiene for web hosts or internal services.
  • Replay Attack Agent — Looks for session fixation and replay weaknesses in APIs.
  • Wi-Fi Security Agent — Audits wireless configurations and posture (bring your own capture files).
  • Sub-GHz SDR Agent — Investigates radio protocols and embedded devices (supply RF captures).

Example

alprina scan https://platform.example.com --profile web-recon --safe-only false

Use chat to pivot:

You: /scan https://platform.example.com
You: Summarize the TLS misconfiguration findings.
You: Recommend mitigations for the open redirect issue.

Code & Application Agents

  • Android SAST Agent — Static analysis for Android apps or APKs.
  • Reverse Engineer Agent — Binary and firmware inspection for supply-chain checks.
  • Memory Analysis Agent — Detects unsafe memory access patterns and potential leaks.
  • Mail Agent — Audits email security settings, SPF/DKIM alignment, and phishing resilience.

Example

alprina scan ./mobile/app-release.aab --profile android-sast

Ask the chat assistant:

You: Highlight the critical issues from the Android scan.
You: Provide code snippets to fix the insecure storage warning.

Incident & Forensics Agents

  • DFIR Agent — Builds incident timelines, correlates logs, and suggests containment steps.
  • Memory Forensics Agent — Parses memory dumps for indicators of compromise.
  • Replay & Retrospective Agents — Validate whether past detections were successful and recommend new alert rules.

Example

alprina scan ./incident-artifacts --profile dfir --safe-only true

Follow-on in chat:

You: Summarize evidence of lateral movement.
You: What immediate containment steps should we take?

Multi-Agent Workflows

Chain agents when you need layered assurance:

  • Attack → Defense — Run a Red Team scan, then ask the Blue Team to validate controls against the discovered paths.
  • Discovery → DFIR → Retest — Start with Recon, escalate to DFIR if anomalies appear, and finish with Retester once fixes land.

You can orchestrate chains from chat:

You: Run a sequential deep scan on ./services/payments.
Alprina: [Executes Red Team, then Blue Team, then Retester]
You: Produce a consolidated report showing the initial vulnerability and the retest outcome.

Always operate in environments where you have permission, and toggle --safe-only carefully. Offensive agents can simulate exploit behavior; keep them to staging or controlled tests unless your policy allows otherwise.

Last updated on
PlaybooksInteractive Chat Workflows