Learn about Cortex AgentiX and the key integrated capabilities.
What is Cortex AgentiX?
Cortex AgentiX enables SecOps teams to orchestrate system and custom agents to plan and execute complex workflows, governed by enterprise-grade security and permissions management. Built upon our industry-leading security automation platform, Cortex AgentiX is designed for the era of AI agents, enhancing automations with AI-driven intelligent, dynamic operations. This revolutionary platform empowers security teams to leverage AI and automations to resolve significantly more cases at scale with minimal effort, unlocking unparalleled efficiency.
Cortex AgentiX can tap into thousands of proven integrations and automations to power dynamic, autonomous operations.
The Cortex AgentiX Command Center assists SOC teams in understanding how their organization utilizes Cortex AgentiX and its impact on improving Key Performance Indicators (KPIs) and overall security outcomes by providing a complete view of the Cortex AgentiX ecosystem, its agents, and executed plans. Its users can access information such as total triggers, agent plans, user prompts, interactions, as well as open cases.
Why Cortex AgentiX?
Cortex AgentiX has the following benefits:
Improved SOC outcomes
Leveraging Security Orchestration, Automation, and Response (SOAR) capabilities with Agentic AI significantly improves Security Operations Center (SOC) outcomes by combining the strengths of both rule-based and AI-driven automation. While traditional rule-based automation efficiently handles routine security issues, ensuring consistent and rapid response for known threats, AI agents provide dynamic, on-demand assistance for ad-hoc or complex problems that don't fit predefined workflows, leading to faster resolution of novel threats.
Intelligent investigation and response
Cortex AgentiX leverages intelligent automation and orchestration through agents to optimize security operations. Existing platform artifacts such as playbooks, scripts, and commands are transformed into actions. Users prompt agents to create and execute multi-step dynamic and responsive plans to augment day-to-day SOC operations.
Enterprise-grade security and governance
Agents are bound by the same rules and robust permissions as a human user. In addition, you can mark actions that make real-world changes in production systems as sensitive, requiring a quick manual review and confirmation, ensuring peace of mind before critical system changes are made.
System and custom agents for personalized assistance
Cortex AgentiX offers system agents that are mission-focused, as well as the ability to create custom agents. An analyst focused on threat hunting might work primarily with the system Threat Intel agent, while analysts focused on general investigations might build custom agents, including all the actions required to perform their daily tasks. Analysts no longer need to look up specific commands or switch between screens. They can prompt AgentiX in natural language prompts to find the information they require, to prompt the creation of plans, and to authorize sensitive actions, as needed.
AI capabilities to enhance existing rule-based automation
Leveraging natural language, the user can ask any question, automate any task, and dramatically lower the bar for building automation using:
Automation Engineer agent to develop scripts: Create fully functional Python automation scripts based on natural language prompts in the Agentic Assistant. Save time, reduce the need for coding expertise, and help maintain consistent coding standards.
AI prompts in playbooks: You can add AI prompts to playbooks, enabling automated interaction with an LLM as a single step in a playbook. AI prompts contain inputs and outputs that guide the LLM to perform specific actions and provide structured results. For example, you can use an AI prompt to identify malware categories.
Flexible and extendable SOAR capabilities
Marketplace: The Cortex AgentiX Marketplace provides users with pre-built automation and orchestration content. Marketplace content packs contain AI actions, integrations, playbooks, dashboards, fields, and more, to support specific security orchestration use cases.
Customization: With custom scripts, playbooks, fields, and layouts, you can build your own solutions for a wide variety of use cases, not limited to traditional SOC workflows.
Improved investigation collaboration
Collaborative investigation features provide a powerful toolkit to help analysts assist each other, run real-time security commands, and learn from each issue with auto-documentation of all actions. An ML-driven assistant learns from actions taken in the platform and offers guidance on analyst assignments and commands to execute actions.