https://store-images.s-microsoft.com/image/apps.6473.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.9a2640f0-291e-4c97-9e8a-68d10c703b66

L1 SOC Triage Agent

by adaQuest

Enhance SOC workflows with L1, designed for rapid triage and threat prioritization.

The L1 SOC Triage Agent accelerates and standardizes the triage of Microsoft Sentinel incidents for Tier-1 SOC analysts.
It automatically collects and correlates evidence from Microsoft Defender, Purview, and Threat Intelligence (DTI), applying MCP-aligned logic to classify each incident as Close, Remediate, or Escalate.
The agent produces a concise Markdown triage report containing an executive summary, correlated evidence, analyst reasoning, and actionable recommendations — all within Security Copilot.
Designed for operational efficiency, it ensures consistent triage quality, reduces time-to-respond, and enables analysts to focus on higher-severity cases.

At a glance

https://store-images.s-microsoft.com/image/apps.42268.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.de32e041-e46c-41fb-bc85-8e3b98cf160c
https://store-images.s-microsoft.com/image/apps.30153.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.92cfbf7d-ccfa-4551-8055-d7ae1375f0f0
https://store-images.s-microsoft.com/image/apps.18193.248906e3-1e52-49fc-b2e4-2497588cc4a1.ff480f65-c3ac-4d8b-8820-8b54c4847bfb.b862e8a0-701f-4d7e-8503-d51d874074f3