Hybrid Search & Investigation
pgvector semantics + full-text precision. Find, pivot, and act with explainable context.
Why Hybrid Beats Either-Or
Pure keyword search misses semantic intent; pure embeddings miss exact filters, governance tags, or IDs. ClarioSec combines both: semantic recall to surface “near” matches and full-text precision to filter by fields, owners, severities, frameworks, or dates. Results carry risk hints, control mappings, and last-seen activity, so investigators jump straight to decisions—no context hunting.
Under the hood, we use pgvector for embeddings and PostgreSQL full-text for structured filters. A lightweight ranker blends both scores, then we cluster and deduplicate to remove near-identical items. You get relevant, compact result sets that reflect the real world of SaaS agents and cross-app workflows.
What You Can Search & Pivot
Agents & Identities
SaaS bots, AI agents, service accounts, OAuth apps, webhooks, and tokens—by name, purpose, owner, or behavior. Pivot to effective permissions and reachable resources.
Permissions & Scopes
Search by OAuth scopes, IAM roles, and policy fragments. See where scopes are over-privileged and which entities inherit them.
Rules & Policies
Find policy pack rules by ID, severity, or framework mapping. Jump from a rule to the agents it would match—or the evidence from past decisions.
Resources & Signals
Repos, channels, files, data stores, and activity traces. Trace end-to-end flows and locate potential exfil paths or lateral movement.
Investigation Workflows
From Anomaly to Root Cause
Start with an anomalous agent, pivot to its recent actions, then to the permissions enabling them. See which policy would have blocked or required JIT approval—apply it with confidence.
Pre-Audit Evidence Hunt
Query controls, rules, and prior decisions to compile evidence in minutes. Deep-link findings for reviewers so everyone sees the same signed narrative.
Least-Privilege Rollout
Search for broad scopes across tenants, prioritize targets by risk and usage, then verify reductions via activity and baseline diffs.
Integrations & Architecture Notes
Hybrid Search spans all connected systems: Google Workspace, Slack, GitHub, Microsoft 365/Teams, and cloud IAMs. Data is tenant-scoped with separate PostgreSQL schemas. Embeddings are maintained per entity type to improve semantic recall, while full-text indices support precise filters and sorting. Results link directly to scoring, policy packs, and Runtime Governance, so you can move from a search to a governed change—without losing context or evidence.
Frequently Asked Questions
What is Hybrid Search & Investigation?
A fast investigation layer that combines pgvector-based semantic retrieval with PostgreSQL full-text search. It lets you query agents, rules, scopes, repos, channels, and files by name, behavior, or meaning—then pivot across relationships to act quickly.
How does hybrid search reduce noise?
Results are clustered and de-duplicated so you don’t triage the same issue five ways. Signals carry risk hints, mapped controls, and last-seen activity—helping you prioritize what matters instead of paging through similar items.
What can I pivot to during an investigation?
From an anomalous agent to its effective permissions; from a risky scope to impacted resources; from a policy to the entities it affects. Pivots are context-rich and keep evidence attached for explainability and audit.
How does it integrate with enforcement?
Search findings feed drift-aware scoring and Runtime Governance. You can move from a query to a governed action—minimize scope, require JIT approval, or block—with explainable, audit-ready outcomes.
See ClarioSec in action
Discover hidden agents, drift, and policy risks in minutes.