CQwerty
Cora Operator Graph·Watch · Draft · Approve

Cora runs domain
security operations.

Continuous detection, decision-ready context, approval-first automation, and board-ready reporting for customer-facing domains. Built for lean teams who run production, not policy.

No card required · first signal map in under 90 seconds · read only by default

01 · Watch

What Cora keeps eyes on, by default.

Six signal surfaces, scanned continuously and correlated together. Each one feeds the response graph below.

Certificates

TLS chain, leaf and intermediate validity, OCSP, transparency log entries, expiry windows, auto renewal state.

DNS drift

A, AAAA, CNAME, MX, NS, TXT, DNSSEC chain. Daily snapshot with severity tiered diff alerts.

Mail authentication

SPF, DKIM, DMARC, MTA STS, BIMI. Policy ladder enforcement. Aggregate report ingestion.

Brand impersonation

Lookalike permutation generation, certificate transparency log scan, login form probe, same IP alias detection.

Vendor incidents

Detected vendor inventory plus 10 minute status page polling. Blast radius scoping per incident.

Uptime + trust surface

HTTPS HEAD probes every 5 minutes. Public trust page per verified domain. Embeddable widget.

02 · Operator lifecycle

A real response, in minutes.

Every signal Cora handles flows through this graph. Times are typical observations from production tenants.

00:00
Signal detected

A change crosses a watcher threshold. Cora pins the raw observation with timestamp and source.

00:41
Scope mapped

Cora correlates the signal with vendor state, mail posture, and prior drift. Blast radius scoped.

01:18
Fix drafted

A safe remediation is drafted with rollback guardrails. Read only by default unless approved.

02:14
Approval logged

You approve in plain English. Action runs against the user provided token. Audit log captured.

03:02
Report delivered

Cora drafts a board safe summary plus a technical appendix. Ready to ship to a stakeholder.

03 · The specialist graph

16 specialists, four roles.

Each agent runs in its own loop with its own state. Cora correlates and routes between them. No agent acts without an approval.

Watch9
  • CertWatchTLS chain + expiry
  • DriftSentinelDNS snapshot diff
  • BrandHawkLookalike detection
  • PhishWatchCT log + login form probe
  • UptimeWitness5 min HEAD probes
  • SearchEyeSafe Browsing + URLhaus
  • DomainGuardWHOIS + DNSSEC poll
  • ContentSentryThird party script SHA
  • SocialGuardHandle squat probe
Act4
  • PolicyAuthorPrivacy / TOS / DPA drafts
  • IncidentResponderIncident draft generator
  • CoraInboxMailbox classifier
  • MailMarshalSPF / DMARC enforcement
Predict2
  • CompliancePilotFramework mapping
  • VendorWatchVendor inventory + status
Defend1
  • DefenderShieldWAF rule push + 7d expire
04 · Safety model

The constraints Cora ships with.

Operators stay in the loop because the system makes it cheap to stay in the loop. Five constraints that hold across every agent.

Read only by default

Cora cannot mutate anything until you connect a scoped credential and approve a specific action.

Approval first automation

Every fix is drafted as a proposal. Apply requires a click. Auto apply is opt in per fix type.

Rollback aware fixes

Every applied change records the prior state. One click revert reverts every action without policy work.

Audit log

Every signal, every draft, every approval, every revert is logged with timestamp, actor, and content hash.

No silent destructive action

Cora never deletes records, never disables senders, and never edits content without a logged approval.

05 · Honest status

What is live today, what is in beta, what is planned.

Public, no marketing edits. Items move between columns as they ship. Run the scan and the report only cites Live items.

Live today6
  • Free public scan with the full 18 check coverage
  • Cora drafted remediations for DMARC, SPF, headers
  • Public trust page per verified domain
  • REST API + webhooks for scan results
  • GitHub Action for security score gating
  • Free Beta account: 2 domains, 7 scans/day, 5 watchers
In beta9
  • 16 specialist agents (Watch / Act / Predict / Defend)
  • Continuous monitoring with daily snapshot
  • Cora autopilot for vetted fix types (revertible)
  • Auto fix for Cloudflare DNS records via scoped token
  • Custom WAF rule push to user Cloudflare zone
  • GitHub auto PR for security headers
  • CoraInbox webhook + manual paste classifier
  • Compliance evaluations (PCI DSS, SOC 2, ISO 27001) on signed in accounts
  • Operator chat with peer context prompt
Planned7
  • Stripe billing for paid capacity tiers (Sentinel, Operator, Org, Fortress)
  • Inbound MX receiver for the cora@yourdomain inbox
  • PagerDuty + Linear + Jira native integrations
  • Self host on Fortress
  • SOC 2 Type II audit completion
  • Multi tenant agency surface
  • White label MSP mode

Start with one domain.

Cora maps the first signal set in minutes. Drafted remediations follow. Approval stays with you.

No credit card Results in 90 seconds Read only
Free beta No card Read only without your token One click revert on every action