Review STIX 2.1 evidence and extract traceable analyst findings.
@RequirementID: REQ-OPENCODE-MULTIAGENT-THREAT-INTEL-001 @ArchitectureID: ELM-APP-COMP-OPENCODE-THREAT-WORKSPACE @ArchitectureID: ELM-APP-FUNC-CANONICALIZE-THREAT-ANALYST-CONTRACT
id, type, name or value, and any available confidence field.relationship_type, direction, and the peer object for each linked entity.matched_entities and relationship_findings; do not invent links that are not present in the STIX bundle.confidence values as the primary signal,vulnerability to malware, exploit delivery infrastructure, or actor tradecraft, and state clearly whether the link is direct or inferred through intermediate relationships.attack-pattern / technique evidence into linked actors, malware, indicators, and infrastructure, then report the shortest traceable relationship chain that supports the hunt hypothesis.writeback_summary counters and state whether the persistence outcome appears idempotent or produced net graph updates.