> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pleri.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Questions

> I can answer almost any question about our security posture.

Whether it's about cloud risks, compliance gaps, or code security, I'm here to answer questions and connect the dots. Here are just a few examples of questions I hear a lot:

```markdown wrap icon="globe" Public assets theme={"system"}
Any publicly exposed assets in our cloud?
```

```markdown wrap icon="bug" Vulnerability theme={"system"}
Are we getting better or worse at vulnerability management?
```

```markdown wrap icon="bug" Vulnerabilities approaching SLA deadlines theme={"system"}
Any vulnerabilities in our cloud environments that are approaching SLA?

Our SLA policies:
- Critical: <critical_severity_sla> hours
- High: <high_severity_sla> hours
- Medium: <medium_severity_sla> hours
- Low: <low_severity_sla> hours

Warning thresholds (advance notice):
- Critical: <critical_severity_threshold> hours
- High: <high_severity_threshold> hours
- Medium: <medium_severity_threshold> hours
- Low: <low_severity_threshold> hours
```

```markdown wrap icon="bug" Vulnerabilities past SLA deadlines theme={"system"}
Any vulnerabilities in our cloud environments that have already breached their SLA deadlines?

Our SLA policies:
- Critical: <critical_severity_sla> hours
- High: <high_severity_sla> hours
- Medium: <medium_severity_sla> hours
- Low: <low_severity_sla> hours
```

```markdown wrap icon="skull" Attack paths theme={"system"}
Any attack paths in our cloud environment?
```

```markdown wrap icon="shield-check" SOC 2 theme={"system"}
Any controls/tests failing against SOC 2?
```

<Expandable title="more examples">
  ```markdown wrap icon="wrench" Remediation theme={"system"}
  Help me remediate <Vulnerability ID>
  ```

  ```markdown wrap icon="laptop" Laptops theme={"system"}
  Who isn't running the latest version of macOS?
  ```

  ```markdown wrap icon="rocket-launch" Roadmap theme={"system"}
  What's on your roadmap? What features are coming?
  ```

  ```markdown wrap icon="screwdriver-wrench" Guided remediation for a developer persona theme={"system"}
  I've got a finding I don't fully understand and I'm short on time. Review the findings for this Resource, identify what I should fix first

  Current mitigation attempts: <brief notes or "none"> 
  Constraints: <eg change freeze window, need zero downtime, etc> 

  Walk me through a clear, step by step fix I can apply right now. Explain WHY each step matters and call out any safety checks or roll‑back tips. Limit jargon, link to any docs I should reference, and estimate effort in hours. 
  ```

  ```markdown wrap icon="ruler-triangle" Implementation plan/change management (CAB - change advisory board) for Developer/CISO/CIO/CTO theme={"system"}
  I need a CAB‑ready change plan for this remediation.  
  Finding IDs: <list>  
  Business objective: <eg maintain PCI compliance, no downtime>  
  Planned window: <dates / times>  
  Teams involved: <names / roles> 

  Generate:  
  1. High level change description and justification  
  2. Detailed implementation steps with owner, start‑finish time, rollback steps  
  3. Pre and post‑change validation checks  
  4. Communication plan – who gets notified and when  
  5. Risk assessment scored Low/Med/High with mitigation notes  

  Return in bulleted Markdown I can paste straight into the CAB ticket.
  ```

  ```markdown wrap icon="list-timeline" Planning and delivery for Developers/Managers/Leads theme={"system"}
  Help me prioritise security work for the next sprint.  
  Backlog: <CSV or bullet list of findings with severities>  
  Team capacity: <dev hours or headcount>  
  Desired outcome: <eg meet 80% SLA on High findings, no Sev1 open by Q4>  
  Timeline: <eg 2 weeks sprint, or Q3 roadmap>

  Return a ranked backlog with:  
  - Effort estimate (S, M, L, XL)  
  - Business impact score  
  - Dependencies or blockers  
  - Recommended sprint placement (Now, Next, Later)  

  Finish with a burndown projection so I can see if the goal is realistic.
  ```

  ```markdown wrap icon="diagram-nested" Architecture diagram for Cloud Engineer/CISO/CIO theme={"system"}
  Generate an up‑to‑date cloud diagram that shows:  
  - Account Structure 
  - Public / private VPC and subnets
  - All public‑facing endpoints and internet path
  - Identity trust links and cross‑account roles  
  - Critical data stores with sensitivity level  
  - Potential blast radius if Asset <ARN or tag> is breached  
   
  Output format: Mermaid (simple, readable and detailed)
  Scope: <All Account, Prod accounts>
  Add a short paragraph that explains the biggest exposure paths in plain language for execs.
  ```

  ```markdown wrap icon="lines-leaning" Democratise knowledge gap for Security Engineer/Developer theme={"system"}
  Explain this finding like I'm brand new to cloud security.  
  Finding ID: <ID>  
  Include:  
  - What it means in everyday terms  
  - Why attackers care  
  - A quick win fix I can do today  
  - Links to two deeper dive resources  
  Keep it under 300 words, bullet where helpful. 
  ```

  ```markdown wrap icon="people-group" Reduce burden of/augment hiring and training for CISO/CIO theme={"system"}
  Estimate how much manual effort this remediation program would take without automation.  
  Program details: <describe project or control set>  
  Assumed team skill mix: <eg 1 senior, 2 juniors>  
  Time horizon: <eg 12 months>  
  Return a table‑style bullet list with:  
  - Task  
  - Manual hours  
  - Automated hours (using Plerion)  
  - Annual cost saving (at AUD $X per loaded hour)  
  Close with a short pitch I can use to defend the tooling budget
  ```

  ```markdown wrap icon="hexagon-check" Reduce context switching/easier to get outcomes for Security Engineer/DevOps theme={"system"}
  I'm in the browser looking at CVE‑2024‑5678.  
  Query: "Where else does this CVE exist in my environment?"
  Give:  
  - List of affected assets with direct links to the finding in Plerion  
  - Severity and exposure (public, internal, dev)  
  - Owner details from AWS tags
  ```

  ```markdown wrap icon="ticket" Ticketing and triage for DevOps/Developer/Security Engineer theme={"system"}
  Enrich Jira ticket SEC‑123.  
  Ticket fields: <paste JSON or free text>  
  Needed enrichment: root cause analysis, recommended fix, effort estimate, rollback plan.  

  Write back a formatted Jira comment with headings:  
  Root Cause, Impact, Fix Steps, Verification, Rollback.
  ```

  ```markdown wrap icon="ballot-check" Compliance & Security bridge for Security Engineer/CISO/CIO theme={"system"}
  Map these security findings to compliance gaps.  
  Frameworks in scope: <eg SOC 2, ISO 27001>  
  Finding IDs: <list>  
  Return a matrix style bullet list:  
  - Finding  
  - Control ID(s) violated  
  - Evidence needed for closure  
  - Recommended remediation owner  
  Finish with a summary paragraph on overall compliance risk and next steps.
  ```
</Expandable>

And if it's something you want checked regularly, just let me know. I'll put it on my  **[task](/guides/tasks)** list, keep an eye on it, and update you when it matters, no need to ask again.
