The Agentic assistant provides side-by-side support throughout the case analysis and resolution process.
The Agentic Assistant is a context-aware, generative intelligence tool embedded directly within the case card. It is designed to act as a side-by-side partner for security analysts, eliminating the need to pivot away from the investigation to consolidate complex data.
When you open the Agentic Assistant you can select the agent that is best suited for each task. The dedicated Case Investigation agent can help you with your case investigation. It specializes in advanced summarization, and recognizes the context of the case, ensuring every insight provided is highly relevant and grounded in the specific issues, assets, and telemetry of the current investigation.
For more information about using other agents in the Agentic Assistant, see Get started with Agentic Assistant chat.
To streamline case analysis, the assistant provides the following areas of support:
Dynamic summarization of log data and issues into clear, actionable narratives, including:
Executive overviews: High-level summaries that focus on impact and risk.
Extended technical overviews: Deep-dive summaries that outline the technical progression of the threat.
Focused contextual inquiries to extract specific details without manual filtering. You can ask targeted questions regarding:
Issue deep-dives: Understanding the specific triggers and severity of an issue.
Asset relationships: Identifying which users or devices are at the center of the activity.
Asset and artifact investigation: Understanding the impact and risk of the assets and artifacts in the investigation.
Intelligent pivoting and clarification to help you navigate through complex investigations:
Entity-specific prompts: By clicking Ask AI next to a specific entity (such as an IP address or file hash), the assistant launches with a pre-configured prompt tailored to that specific object.
Investigation guidance: It suggests potential next steps and actions, and links to detailed views