Use the Cortex Agentic Assistant to investigate cases, perform threat hunting, and create scripts. Embed and run LLM prompts in playbooks. View AI case summaries.
Cortex Cloud integrates advanced artificial intelligence to streamline security operations. Through the Cortex Agentic Assistant, the platform provides a unified interface for interacting with both system-provided and custom AI agents capable of creating and executing multi-step plans. These agents leverage specific capabilities to perform actions across your infrastructure, facilitating deep case investigations and proactive threat hunting while allowing for the creation of tailored automation.
Key AI Capabilities
Agents Hub: A centralized hub for managing agents and actions. System agents can be enabled and disabled, and you can create custom agents tailored to your organizational needs, including the ability to execute custom scripts.
Automation Engineer Agent: Provides a natural language interface to draft, refine, and deploy automation scripts.
MCP Integration: Supports the configuration of integrations that communicate with external MCP servers, enabling agents to access third-party tools and data sources via a standardized protocol.
Embedded AI Prompts: Facilitates the inclusion of generative AI tasks within playbooks. These prompts function as standalone workflow steps to analyze data or generate content without requiring a dedicated agent.
AI-Generated Case Summaries: Automatically generate technical overviews of security incidents. These summaries consolidate complex telemetry and impact data into high-level reports to accelerate initial triage and stakeholder reporting.
Cortex Agentic Assistant
Cortex Agentic Assistant is the autonomous "brain" of Cortex Cloud. It utilizes AI agents that plan, reason, and investigate complex threats, such as cloud identity theft or container breaches. Cortex Agentic Assistant enables security operations teams to use natural language prompts to interact with AI agents. The agents have access to case context and can create plans and perform actions such as running commands, playbooks, and scripts, as well as visualizing data or investigations.
You can also interact directly from Slack with the Agentic Assistant. This enables you to trigger agents, investigate, and perform remote executions within your collaboration workflow without needing to log into Cortex Cloud.
To enable the Cortex Agentic Assistant, go to → → → → .
Cortex Agentic Assistant is based on an ecosystem of agents and actions.
The Cortex Agentic Assistant includes system agents that are mission-focused, as well as the ability to create custom agents. Analysts focused on general investigations might build custom agents that include all the actions required to perform their daily tasks.
Each agent is assigned actions it can execute. System actions can be based on playbooks, scripts, commands, or AI prompts. You can also register custom actions, which are based on scripts, commands, or AI prompts.
Access to the Cortex Agentic Assistant and the ability to manage agents and actions is restricted by role-based access controls. Actions marked as sensitive require manual approval, and all actions an agent executes are logged.
Tip
The system Help Center agent delivers fast, context-aware assistance to answer your questions. You can ask natural language questions, such as "How do I create a dashboard?" or "Where can I review my data retention policies?" and the agent retrieves concise, relevant information from the documentation. If a question remains unresolved, the agent assists you in creating a support case.
To view how your organization utilizes the Cortex Agentic Assistant, including information on agent plans, user prompts, as well as open cases, see the Cortex Agentic Assistant dashboard.
Supported regions
The Cortex Agentic Assistant is currently available for tenants in the following regions:
Australia (AU)
Canada (CA)
France (FA)
Germany (DE)
India (IN)
Japan (JP)
Netherlands (EU)
Singapore (SG)
South Korea (KR)
United Kingdom (UK)
United States (US)