0
3.2.2
Yokohama Patch 3, Yokohama Patch 1, Yokohama, Xanadu Patch 9, Xanadu Patch 7, Xanadu Patch 4, Xanadu Patch 3, Xanadu
Empower your SOC team with Generative AI capabilities for Security Incident Response.
- Expedite triaging of security incidents with long activity streams by reviewing work notes and contextual information quickly in a concise, easy-to-read format.
- Preview security incident details, their potential impact, and any key actions already taken with security incident summaries using generative AI.
- Automatically generate:
- Within the workflow and upon request the next recommended steps your analysts can follow to help them close a security incident.
- A post-incident analysis for a security incident that includes a root cause analysis, impact assessment, and learning and recommendations information.
- Closure notes for security incidents using generative AI.
- Access summaries and closure notes from the Now Assist panel, security incident records, or from the Security Incident Response Workspace.
New:
- Security Incident Resolving: This agentic workflow helps security analysts resolve security incidents by leveraging existing runbooks and historical security incidents. By analyzing similar past cases, it generates a clear and effective plan to resolve ongoing security incidents.
- SOC Efficiency Analyzing: This agentic workflow helps SOC managers assess the quality of security incidents and track the key performance metrics, providing insights to explain and improve SOC operations.
- Generate Key Metrics for Security Incident Response (SIR): Track case volume, Mean Time to Assign (MTTA), and Mean Time to Resolve (MTTR) over a customizable date range.
- Metrics Analysis and Insights: Receive actionable insights into how to optimize MTTR, MTTA, and case volume, along with recommendations for improvement based on the data.
Changed:
Recommended Actions:
- Enhanced to incorporate a feedback option on the overall recommendation provided, enabling continuous improvement of future recommendations.
- Additionally, the top (N) number of recommendation cards are displayed based on the configuration settings.
Required plugins and products:
- Now Assist for Platform v6.0.0
- Security Incident Response Core: v13.6.5
- Security Incident Response (SIR) Workspace: v1.7.0
- Recommended Actions for Security Operations: v1.0.2