Feature comparison between Cortex Agentic Assistant and Cortex Assistant.
Cortex XSIAM offers two distinct forms of AI-driven assistance. Agentic Assistant is an advanced, optional capability that utilizes generative AI to autonomously plan and execute complex workflows. Cortex Assistant is a basic interface for streamlined navigation and entity investigation using natural language.
The following details the differences between Agentic Assistant and Cortex Assistant.
Features | Agentic Assistant | Cortex Assistant |
|---|---|---|
How it operates | Uses a Large Language Model (LLM) to analyze intent and dynamically generate a plan, a unique sequence of actions executed step-by-step to resolve a specific request. | Uses natural language processing to convert user questions into XQL queries and suggest a list of static, predefined responses (for example, "Run Playbook," "Scan Host"). |
Scope of operation | Complex, ad-hoc scenarios. Agents function as virtual personas (for example, Threat Intel, IT) that can autonomously determine the necessary steps to achieve a broad objective. | Routine tasks such as single-entity investigations (host, hash, user) and navigation shortcuts. |
Customization | Anyone with the relevant permissions can build custom agents with specific instructions, personas, and restricted sets of actions. Scripts and commands can be registered as new actions for agents to utilize. | Functionality is limited to out-of-the-box capabilities provided by the platform. You cannot modify Cortex Assistant's behavior. |
Execution logic | Agents validate their own plans, clarify ambiguous prompts, and execute multiple steps in sequence or parallel based on the context of the investigation. | Relies on traditional rule-based automation. Actions are discrete and require manual selection from a recommended list. |
Infrastructure | Leverages dedicated Google Cloud Platform (GCP) infrastructure for GenAI processing. | Processes queries within the standard tenant infrastructure. |
Availability | Disabled by default. It requires enablement by an Administrator via → → → → and is currently restricted to tenants in specific regions. For more information, see Cortex Agentic Assistant. | Available by default to all tenants not using Cortex Agentic Assistant. |
Access Control (RBAC) | Administrators use a dedicated CORTEX AGENTIC ASSISTANT permission category to configure specific permissions for:
| Permissions are determined by standard Cortex XSIAM user roles (for example, View/Edit access to specific modules). |
Auditing | All agent activities are logged in a specific dataset ( | Actions taken are logged as standard system activities. |