Project ClearNebel Agent Builder: Usage and Integration Possibilities

Released: Aug. 17, 2025 | Categories: Security Web LLM ClearNebel Agent Builder
Author: samuelgiger

SecOverview and ClearNebel integrate to deliver automated security insights and recommendations.

Integration between Project SecOverview and ClearNebel over the API is simple. Currently an Agent can have the API Calls as Tools. This allows the Model to call the API every time it thinks it's needed. Therefore, with help of SecOverview the Agent can fetch IP Reputation data, execute NMAP Scans or check the Certificate History, Security Headers and the used Web Technologies. This will provide a small text-based summary and can, if wanted, also contain some recommendations to mitigate possible security risks/issues.
The following functions are available for the LLM: 

"nmap_scan": {
  "function": nmap_scan,
  "schema": "nmap_scan(target: str, parameters: str = '-sV -T4') -> str: Executes NMAP-Scan on Target with the provided scan parameters."
},
"get_crtsh_securityheaders_webtechfingerprinting": {
  "function": get_crtsh_securityheaders_webtechfingerprinting,
  "schema": "get_crtsh_securityheaders_webtechfingerprinting(domain: str) -> str: Get Crtsh infos, security headers and web tech fingerprinting."
},
"get_ipinformation_reputation": {
  "function": get_ipinformation_reputation,
  "schema": "get_ipinformation_reputation(ip: str) -> str: Get IP BGP information, AbuseIPDB information and MISP information if available"
},
This setup allows to get a simple-to-read summary of some infrastructure information. This setup could be used to pre-analyze some monitoring data and create a recommendation on what to do, or with help of fine-tuning/RAG/defined in the master prompt which team the event should be forwarded to. A Security Alert from the SIEM, EDR, NIDS or other system can be summarized for the team which is responsible for the service, and may even contain some mitigation steps.
The summarization capabilities of the LLMs allow the summarization of current news and aggregation of a lot of information in a small compact form. The tools allow the LLM, if needed, to fetch further data for certain topics if a custom tool is available.