https://store-images.s-microsoft.com/image/apps.6473.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.9a2640f0-291e-4c97-9e8a-68d10c703b66

L1 SOC Triage Agent

Autor: adaQuest

Enhance SOC workflows with L1, designed for rapid triage and threat prioritization.

The L1 SOC Triage Agent accelerates and standardizes the triage of Microsoft Sentinel incidents for Tier-1 SOC analysts.
It automatically collects and correlates evidence from Microsoft Defender, Purview, and Threat Intelligence (DTI), applying MCP-aligned logic to classify each incident as Close, Remediate, or Escalate.
The agent produces a concise Markdown triage report containing an executive summary, correlated evidence, analyst reasoning, and actionable recommendations — all within Security Copilot.
Designed for operational efficiency, it ensures consistent triage quality, reduces time-to-respond, and enables analysts to focus on higher-severity cases.

Rychlý přehled

https://store-images.s-microsoft.com/image/apps.42268.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.de32e041-e46c-41fb-bc85-8e3b98cf160c
https://store-images.s-microsoft.com/image/apps.30153.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.92cfbf7d-ccfa-4551-8055-d7ae1375f0f0
https://store-images.s-microsoft.com/image/apps.18193.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.b862e8a0-701f-4d7e-8503-d51d874074f3