|
| 1 | +--- |
| 2 | +id: ai-investigation-for-insights |
| 3 | +title: AI Investigation for Cloud SIEM Insights |
| 4 | +sidebar_label: AI Investigation for Insights |
| 5 | +description: Learn about the AI verdicts for Cloud SIEM insights. |
| 6 | +--- |
| 7 | + |
| 8 | +<head> |
| 9 | + <meta name="robots" content="noindex" /> |
| 10 | +</head> |
| 11 | + |
| 12 | +<p><a href={useBaseUrl('docs/beta')}><span className="beta">Beta</span></a></p> |
| 13 | + |
| 14 | +import useBaseUrl from '@docusaurus/useBaseUrl'; |
| 15 | + |
| 16 | +The **AI Investigation** tab in the details page of a Cloud SIEM insight is an AI-generated analysis of the insight that accelerates investigation and troubleshooting by your Security Operations Center (SOC) team. The information in the tab is generated by Sumo Logic's SOC Analyst Agent, an agentic AI tool. |
| 17 | + |
| 18 | +The SOC Analyst Agent performs two distinct jobs that mirror an analyst’s daily responsibilities: |
| 19 | +* Triage. Delivers automated verdicts on insights using evidence-backed |
| 20 | +reasoning to determine whether the insights are malicious, suspicious, or benign. |
| 21 | +* Investigation. Supports analysts with a hypothesis-driven approach to assess |
| 22 | +the scope, context, and likely impact of an event. |
| 23 | + |
| 24 | +## View the AI Investigation tab |
| 25 | + |
| 26 | +1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Cloud SIEM > Insights**. You can also click **Go To...** at the top of the screen and select **Insights**. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main menu select **Cloud SIEM** and then click **Insights** at the top of the screen. |
| 27 | +1. In the insight list page, note that the **AI Verdit ** column shows the results of the AI analysis.< br/><img src={useBaseUrl('img/cse/insight-ai-verdict-column.png')} alt="Insight AI Verdict column" style={{border: '1px solid gray'}} width="800" /> |
| 28 | +1. Click an insight. |
| 29 | +1. The insight details are displayed. The **AI Investigation ** tab for the insight shows the results of the AI analysis:< br/><img src={useBaseUrl('img/cse/insight-ai-investigation-tab.png')} alt="Insight AI Investigation tab" style={{border: '1px solid gray'}} width="800" /> |
| 30 | + 1. **Severity Verdict**. |
| 31 | + * **Current Severity**. The severity of the insight as set by the cumulative activity score for the insight. For more information, see [About insight severity](/docs/cse/get-started-with-cloud-siem/insight-generation-process/#about-insight-severity). |
| 32 | + * **Global Confidence Score**. A level of confidence that the insight is actionable, predicted by Sumo Logic’s Global Intelligence machine learning model. See [What is a Global Confidence score?](/docs/cse/records-signals-entities-insights/global-intelligence-security-insights/#what-is-a-global-confidence-score). |
| 33 | + * **AI Verdict**. The AI system's qualitative assessment of the insight. Following are the available verdicts: |
| 34 | + * **Benign**. AI analysis determined that the insight is harmless and is not a candidate for elevation to SOC team investigation. |
| 35 | + * **Inconclusive**. AI analysis could not determine whether the insight needs to be investigated. |
| 36 | + * **In Progress**. AI analysis is in process. |
| 37 | + * **Malicious**. AI analysis determined that the insight is malicious, and warrants immediate investigation by your SOC team. |
| 38 | + * **Suspicious**. AI analysis determined that the insight is suspicious and warrants investigation by your SOC team. |
| 39 | + * **Recommends security level of**. AI analysis recommends a severity level be assigned to this insight. If you agree with the assessment, click **Accept**. The **Current Severity** field changes to the new value. |
| 40 | + 1. **What Happened**. |
| 41 | + 1. **Key Findings**. |
| 42 | + 1. **Ask Mobot**. |
| 43 | + |
| 44 | + |
0 commit comments