What are some of the roles you can identify in your organizations where having documented use cases would be a big benefit to understand how to get the best value from Copilot for Security?
Here’s a few examples: CISO and CIO, Investigative Analyst, Forensic Analyst, Threat Hunter, Security Engineer, Cloud Security, Endpoint Manager, Data Security Officer, Incidental Security/IT Pro, etc.
We use Splunk SOAR and playbooks/workbooks to add details or repeat I’ve tasks that the analyst needs to do when investigating an event. The use of AI could add value here. Thus the event is a strange command line in PowerShell Copilot could break this down and give context into the event ticket to help sped up the analysts understanding and if it is a FP or a TP and thus close the ticket out or dig deeper into the ticket.
All of the SOPs in the SOC should be reviewed and add in actions where an AI input or validation would help in the actions needed or to add value to the results of the investigation.
We use Splunk SOAR and playbooks/workbooks to add details or repeat I’ve tasks that the analyst needs to do when investigating an event. The use of AI could add value here. Thus the event is a strange command line in PowerShell Copilot could break this down and give context into the event ticket to help sped up the analysts understanding and if it is a FP or a TP and thus close the ticket out or dig deeper into the ticket.
All of the SOPs in the SOC should be reviewed and add in actions where an AI input or validation would help in the actions needed or to add value to the results of the investigation.