Product

StørmGraph: reachability and blast-radius reasoning

Inputs canonical entities and typed edges from events; outputs reachability sets, blast radius, and containment candidates.

Not a graph database or visualization tool; it computes decision-grade reachability.

Request demo View architecture
Role in the pipeline

Role in the pipeline

StørmGraph maintains event and trust graphs with typed, time-bounded edges to compute reachability sets, attack-chain candidates, and containment scope for StørmDecision.

Graph contracts: typed, time-bounded edges with trust and policy annotations.
Reachability sets and blast-radius computation for containment.
Attack-chain assembly inputs from behaviour and inference signals.
Graph deltas and decision context sealed to StørmVault.
Request demo View architecture
graph reachability interface

Contract: graph inputs → outputs

Typed edges and reachability outputs with sealed evidence artefacts.

Inputs

Event edges, trust edges, and policy annotations from upstream signals.

Processing

Time-bounded, typed edges with reachability and boundary queries.

Outputs

Reachability sets, blast radius, chain candidates, and sealed evidence to StørmVault.

How it works

Three steps from edges to containment constraints.

Ingest edges

Canonical entities and typed edges derived from events.

Compute reachability

Time-bounded reachability and blast-radius queries.

Emit constraints

Containment scope and signals for StørmDecision.

Interfaces

Interfaces

  • Inputs: entities and edges from canonical events.
  • Outputs: reachability sets, blast radius, containment candidates.
  • Contracts: graph schema and versioning for edge types.
  • Failure semantics: stale graph handling with bounded degradation.
stormgraph interfaces
How to think about StørmGraph

Reachability math over event truth.

StørmGraph is a reachability engine, not a visualization layer.

It converts event streams into typed edges with time bounds.

Decisions consume reachable sets and containment scope, not raw graphs.

reachability mental model
Contracts & guarantees

Bounded graph contracts.

  • Edges are typed, signed, and time-bounded to preserve causality.
  • Reachability sets are deterministic for the same inputs and ruleset.
  • Probabilistic inputs only annotate nodes/edges; rules remain deterministic.
  • Outputs include reachability, chain candidates, and containment scope.
  • Graph deltas and decision context are sealed in StørmVault.
Operator controls

Operator controls

  • Edge TTLs and expiry windows per domain.
  • Trust-domain segmentation boundaries.
  • Query budgets and rate limits for reachability scans.
operator controls

Capabilities

Contracted graph reasoning with deterministic rulesets.

Graph contracts

Typed, time-bounded edges

Edges encode authenticated-as, connected-to, issued-command-to, and other typed interactions with explicit time bounds. So what: graph reasoning stays causally bounded.

blast radius containment
Reachability sets

Compute blast radius in real time

Reachable sets and boundary crossings are computed for containment scope and decision context. So what: containment is scoped to what is actually reachable.

Attack-chain assembly

Path candidates from upstream signals

StørmBehaviour sequences and StørmAI inference scores annotate nodes and edges for chain candidate assembly. So what: decisions receive structured path candidates.

Decision context

Actionable graph outputs

StørmDecision consumes reachability, chain candidates, and containment scope for policy-bounded actions. So what: actions are bounded to the computed blast radius.

Decision impact

How reachability outputs shape downstream actions.

StørmDecision

Consumes reachability sets and chain candidates to bind policy decisions to actual scope.

StørmControl

Uses blast-radius outputs to constrain enforcement actions and containment.

What StørmGraph will not allow

Hard boundaries that preserve reachability integrity.

Untyped, unbounded edges

Edges must be typed and time-bounded to preserve causality.

Probabilistic graph rules

Rulesets remain deterministic; probabilistic inputs only annotate.

Opaque graph changes

Graph deltas and context are recorded and sealed for audit.

Unscoped containment

Containment scope must be computed from reachability, not guesswork.

Works with

Canonical entity sources and policy fusion.

StørmPrep

Canonical entities and typed event envelopes.

StørmDecision

Consumes reachability and containment scope for actions.

FAQ

Common questions about StørmGraph boundaries and evidence.

Is StørmGraph a graph database?

No. It is a reachability engine that computes decision-grade sets over typed edges.

How are boundaries defined?

Boundaries are enforced with edge typing, TTLs, and trust-domain segmentation.

How is evidence captured?

Graph deltas and decision context are sealed to StørmVault as evidence artefacts.

Request a StørmGraph demo.

Review graph contracts, outputs, and evidence artefacts.

Request demo View architecture