AI SOC Solution Release 26.0.0

ai driven security operations (ai soc) turbine 26 0 0 introduces foundational capabilities for ai driven security operations (ai soc), combining traditional soc workflows with ai powered automation to accelerate triage, reduce false positives, and help analysts resolve cases faster the ai soc solution https //docs swimlane com/solutions/ai soc solution is an end to end security operations package powered by hero ai alerts and reported phishing email become case management records (prefix case ) prebuilt playbooks ingest, normalize, enrich, correlate, route, and support analyst investigation in one place analysts work from case management → ai alert analysis (the ai analysis widget) from there they claim records, review hero ai plans and verdicts, run remediation steps, and set manual verdicts when needed end to end workflow step what happens ingest webhook, cron, or email playbooks receive alerts or phishing reports normalize ingest flows create or update case records enrich threat intelligence and knowledge base articles attach to the record evaluate correlation, the rules engine, and hero ai produce a verdict when gates are complete investigate analysts claim records, run plan steps, and set manual verdicts route / automate signal routing rules trigger rule execute playbooks resolve status, classification, and closure per tenant playbooks and analyst action the release includes case management, threat intelligence, signal routing rules, ai ingestion, prebuilt playbooks, and reporting workspaces key capabilities capability summary ingestion multi source alerts (webhook, api, cron); phishing email processing; turbine schema normalization threat intelligence multi provider enrichment; primary provider per observable type; manual and automatic enrichment hero ai investigation plans; verdicts (malicious, suspicious, benign, unknown); plans to playbooks; mitre mapping; remediation guidance routing and playbooks condition based signal routing rules; custom routing playbooks; marketplace components case management unified case lifecycle, evidence, escalation, and metrics knowledge base scoped articles (global, signal source, signal rule, signal name) linked by matching value correlation related signals and historical context on the case record the ai soc solution integrates hero ai throughout soc workflows intelligent alert analysis to prioritize true threats, automated threat intelligence correlation across providers, case investigation assistance with ai recommendations and remediation guidance, and knowledge management with context aware access to procedures and best practices these experiences are powered by hero ai deep agents investigation and response agent — assists analysts in triaging and investigating incoming signals playbook generator agent — helps create playbooks to automate and streamline investigation and response workflows ingestion agent — accelerates onboarding by connecting to third party apis to ingest alerts and signals ai soc ingestion makes it faster to connect sources and bring alerts and signals into ai soc, reducing time to value from the alert or security event view, analysts can kick off playbook creation to streamline investigation and response workflows these capabilities are delivered through hero ai and core platform enhancements in this release, enabling ai assisted security automation workflows for installation, configuration, daily operations, and troubleshooting, see ai soc solution docid\ yfo ufehbh4ro9rddfhd