AI SOC Solution

the ai soc solution is an end to end security operations package powered by hero ai alerts and reported phishing email become case management records (prefix case ); playbooks enrich, correlate, route, and support analyst triage in one place choose your path if you want to start here install and configure the solution installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j run your first investigation getting started docid\ p7qjquayekczhpxeppwcp understand data flow (diagrams) architecture and data flow docid\ kwciabpwqozqcjd2eztic look up playbook flows and triggers playbook flow reference docid\ zlfipkihfjknqgchw7sxb connect a new alert source choose your ingestion path docid b7njxu5xnzyrjcngqg5j#choose your ingestion path do daily analyst work operations and guidance docid\ dsdgtaqeg95dseaf2iat learn applications and record layout ai soc applications docid\ uosuzrpsl6hfe9d6br5az fix an issue troubleshooting docid\ cknuxqv85k9lu0ocqv218 workflow at a glance step what happens learn more 1 ingest webhook, cron, or email playbooks receive alerts or phishing reports choose your ingestion path docid b7njxu5xnzyrjcngqg5j#choose your ingestion path 2 normalize ingest alert/email to case record creates or updates case records architecture and data flow docid\ kwciabpwqozqcjd2eztic 3 enrich threat intelligence and knowledge base articles attach to the record threat intelligence (ti) docid\ e1qpwkfxzx978j09dl7oz 4 evaluate correlation, rules engine, and hero ai verdict when gates are complete understanding verdict generation docid\ bnyc263ysl2bmajhbaiob 5 investigate analysts claim records, run plan steps, set manual verdicts getting started docid\ p7qjquayekczhpxeppwcp , operations and guidance docid\ dsdgtaqeg95dseaf2iat 6 route / automate signal routing rules trigger rule execute playbooks building routing rule playbooks docid\ veifyg4oywkq3dcmmwjxi 7 resolve status, classification, and closure per tenant playbooks and analyst action case management (case) docid\ sdpesft6lsyz0zfrn hok analyst entry point case management → ai alert analysis panel ( ai analysis widget) hands on steps getting started docid\ p7qjquayekczhpxeppwcp what is in the package area included guide triage and investigation case management , hero ai plans and verdicts ai soc applications docid\ uosuzrpsl6hfe9d6br5az enrichment and routing threat intelligence , signal routing rules , knowledge base articles configure threat intelligence enrichment docid wafaim1sg 7z1uzmvr p , knowledge base articles (kb) docid\ ntgnxpveszjgy llqojmf ingestion builder ai ingestion application and workspace (alert sources) ai soc ingestion docid 0p9qwz3o 0j5dnkpjugmq reporting soc reporting , roi calculator workspaces dashboards docid\ aayntc5rumve6m xru 0 automation prebuilt playbooks, assets, dashboards playbook types and usage docid\ np4vvqlu6pnrwzsbel eo , installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j tenant connectivity ai soc tenant configuration , turbine tenant credentials configure custom assets docid\ qdckijlols 7dwzjgrbqk key capabilities capability summary ingestion multi source alerts (webhook, api, cron); phishing email processing; turbine schema normalization threat intelligence multi provider enrichment; primary provider per observable type; manual and automatic enrichment hero ai investigation plans, verdicts (malicious, suspicious, benign, unknown), plans to playbooks, mitre mapping, remediation guidance routing and playbooks condition based rules; compatible custom routing playbooks; marketplace components case management unified case lifecycle, evidence, escalation, metrics knowledge base scoped articles ( global , signal source , signal rule , signal name ) linked by matching value correlation related signals and historical context on the case record next steps if you want to go to install and configure (assets, hero ai, ingestion playbooks) installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j set roles and permissions rbac considerations for ai soc docid\ jl6dsw0qjbkpq iojdglp build connectors (ai ingestion widget, turbine schema) ai soc ingestion docid 0p9qwz3o 0j5dnkpjugmq run your first investigation getting started docid\ p7qjquayekczhpxeppwcp understand data flow and playbook handoffs architecture and data flow docid\ kwciabpwqozqcjd2eztic map playbook flows, triggers, and troubleshooting playbook flow reference docid\ zlfipkihfjknqgchw7sxb learn the applications ai soc applications docid\ uosuzrpsl6hfe9d6br5az author kb articles knowledge base articles (kb) docid\ ntgnxpveszjgy llqojmf do daily tasks operations and guidance docid\ dsdgtaqeg95dseaf2iat build routing rule playbooks building routing rule playbooks docid\ veifyg4oywkq3dcmmwjxi monitor operations dashboards and reports docid\ devhsmat40h1mlpucmenr improve how you use ai soc operational best practices docid\ ww gfwujljt7opjduu8vg see example investigations example scenarios docid\ mg9xuakoaxk0hy1tlf5dm connect your tools integration examples docid\ vm1j5 5rzqx4lc0hqoaiv fix issues troubleshooting docid\ cknuxqv85k9lu0ocqv218 recommended reader journeys role or goal suggested order installer / admin installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j → rbac considerations for ai soc docid\ jl6dsw0qjbkpq iojdglp → getting started docid\ p7qjquayekczhpxeppwcp analyst getting started docid\ p7qjquayekczhpxeppwcp → ai soc applications docid\ uosuzrpsl6hfe9d6br5az → operations and guidance docid\ dsdgtaqeg95dseaf2iat architect / ps architecture and data flow docid\ kwciabpwqozqcjd2eztic → playbook types and usage docid\ np4vvqlu6pnrwzsbel eo → playbook flow reference docid\ zlfipkihfjknqgchw7sxb new alert source choose your ingestion path docid b7njxu5xnzyrjcngqg5j#choose your ingestion path → configure ingestion playbooks docid\ b1 f6uepz95dfn5nnl0la or ai soc ingestion docid 0p9qwz3o 0j5dnkpjugmq use the links in the tables above for each step in a journey