AI SOC Applications

ai soc includes the following applications you can find them in applications & applets after install each application defines a data model and record layout that organizes how you view and work with records case management (case) primary application for triage and investigation with hero ai ingestion creates records here (tracking prefix case ) the case analysis tab includes controls (sla, claim , re assign owner ), signal and case fields, evidence areas, and the ai analysis widget (shown as ai alert analysis on the record) timelines, audit, and support manual actions live on additional tabs threat intelligence (tia) application for storing observable enrichment results (package name threat intelligence artifact ) records display with an observable panel that anchors key fields, plus enrichment results and risk scores signal routing rules (rule) application for defining routing logic that maps records to playbooks (package name routing rule ) records use a tabbed layout for rule data and configuration knowledge base articles (kb) application for storing investigation guidance and procedures (package name kb article ) records use an article tab layout with a status toggle for enable/disable ai ingestion (ai) application for building and tracking alert ingestion configurations (separate ai ingestion workspace ) each record represents an ingestion setup (for example, vendor product, api specification uploaded, components generated) the custom widget guides you through creating connector components and ingestion pipelines; use the audit tab to review configurations and activity for the full workflow, see ai soc ingestion these walkthroughs explain where to start in each application, which panels to prioritize when viewing records, and the actions to use for triage and investigation