Solutions and Applications
AI SOC Solution
Installing and Configuring AI SOC Solution
this guide covers installing and configuring the ai soc solution the ai soc solution is a complete bundle that includes all necessary components for ai powered security operations install from the content library navigate to library → swimlane content select ai soc solution and click install keep all required content selected to avoid incomplete installs if you are prompted to overwrite content, deselect only items you do not want to replace removing required items can lead to missing functionality verify installation after installation, verify that all components are present applications confirm the following applications exist signal triage threat intelligence signal routing rules (may appear as routing rule in the ui) knowledge base articles (may appear as kb article in the ui) case management ai ingestion (for building and running ingestion; may appear as ai in acronyms) ai features open signal triage and verify the ai alert analysis panel is present generate plan button is visible hero ai components are available workspaces verify the ai soc workspace exists (it may be labeled ai soc or ai soc workspace in your environment) playbooks check orchestration → playbooks to ensure ingestion and enrichment playbooks are installed assets check orchestration → assets to see available asset templates configure hero ai ai soc requires hero ai to be enabled for plan generation and verdict analysis verify hero ai status confirm hero ai is enabled for your tenant verify hero ai services are running and accessible test hero ai connectivity if needed if hero ai is disabled or unavailable, the ai alert analysis panel in signal triage will not generate plans or show ai output contact your administrator to enable hero ai if ai features are missing configure assets configure assets for the security tools and threat intelligence providers you will use threat intelligence providers configure assets for threat intelligence providers such as virustotal recorded future abuse ch urlhaus ipqualityscore other ti providers you use steps navigate to orchestration → assets create or configure assets for each ti provider enter api keys, tokens, or credentials as required save each asset; you can confirm it works when enrichment runs (for example, on a signal with observables) security tools configure assets for security tools you will integrate siem platforms (for alert ingestion) edr/xdr platforms (for endpoint data) email security gateways (for phishing ingestion) identity providers (for user data) steps navigate to orchestration → assets create assets for each tool configure authentication (api keys, oauth, etc ) verify the asset is saved; you can confirm it works when you use it in an ingestion playbook or other component