---

title: CLI Examples¶

CLI Examples¶

The following illustrative commands show how a CLI‑native workflow might look. Adapt names/flags to your actual binaries.

Inspect & Observe¶

# List recent high‑value events (process/file/network/identity)
ecos observe --since 15m --limit 50

# Show raw + normalized view for a PID
ecos inspect process --pid 3421 --include-raw --include-ltm

Reason & Explain¶

# Ask SynA to classify a behavior and explain why
ecos reason classify --event-id ev_9f2a --explain --show-evidence --uncertainty

Guard & Enforce¶

# Enable STRIDE guardrails for a local LLM
ecos protect stride enable --target llm.local --policy @policies/llm_guard.yml

# Simulate before enforcing (dry run)
ecos protect stride simulate --target llm.local --duration 10m

Learn & Label¶

# Triage ambiguous cases and apply human labels
ecos learn queue --min-uncertainty 0.3
ecos learn label ev_9f2a --label benign --rationale "Confirms admin script baseline"

Research & Generate¶

# Convert open intel to candidate policies for review
ecos research generate --intel ./ioc_bundle.md --out ./candidate_policies/

Keep CLI help (--help) comprehensive: include examples, exit codes, and machine‑readable output (--json).