- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 02-04-2025 08:22 AM
In the high-stakes world like security operations, every second counts. SOC analysts juggle fragmented data, vague resolutions, and the pressure to resolve incidents faster. To help SOC teams work more efficiently and effectively, we’re introducing two powerful AI-driven capabilities that are live on store now: Correlation Insights and Now Assist Context Menu (with shortened and elaborate options).
- Correlation Insights – Helping analysts uncover hidden connections across historical data to speed up investigations.
- Now Assist Context Menu – Giving analysts the flexibility to shorten or elaborate resolution notes and post-incident analysis for better clarity and communication.
These enhancements leverage Generative AI to automate time-consuming tasks, allowing analysts to focus on strategic decision-making rather than manual data retrieval and documentation.
1. Correlation Insights: Connecting the Dots in Investigations
The Challenge:
Security analysts often struggle to identify patterns and correlations across different records, requiring them to manually search through historical data. This process is not only time-consuming but also risks missing critical connections that could impact the effectiveness of an investigation.
Our Solution
With Correlation Insights skill in the Now Assist Panel, analysts can:
Trigger the correlation insights skill in now assist panel
- Choose variables to correlate on—Configuration Item (CI), Observable (e.g., IP, file hash), or Affected User.
Choose CI/ Affected user/ Observable to perform correlation
- Automatically retrieve and analyze historical records (security incidents, ITSM incidents, change requests, problems, and vulnerabilities) from the past 30 days (default adjustable).
- Receive a concise AI-generated summary explaining how each correlated record is related to the ongoing security incident.
Example to perform correlation on affected user
Example to perform correlation on an observable
The Value
- Faster Investigations: AI reduces manual searching and correlates data in seconds.
- Proactive defense: Uncover hidden patterns (e.g., a vulnerability exploited after a recent system change).
- Reduced human error: AI highlights correlations analysts might overlook.
Smart Text Refinement: Customize Resolution Notes & Post-Incident Analysis Using Now Assist Context Menu
The Challenge
Resolution notes and post-incident analyses are crucial for documenting security incidents, but analysts often face two issues:
- Too much detail – Long, complex reports that make it hard for stakeholders to extract key takeaways.
- Too little context – Analysts may need additional details for executive reporting or compliance reviews.
Our Solution
With the new AI-powered text refinement capabilities provided by now assist context menu, analysts can:
- Shorten resolution notes or post-incident analysis to generate a concise, one-line summary.
Shorten example on resolution notes
- Elaborate to add more context, details, or reasoning where needed.
Elaborate example on post incident analysis
- Ensure documentation is consistent, clear, and tailored to different audiences (SOC teams, executives, auditors).
Now assist context menu available in the SIR form
The Value
- Improved Documentation Quality – Ensures incident records are clear, actionable, and professional.
- Faster Reporting – Quickly adjust summaries for internal reviews, compliance, and executive reporting.
- Customization & Flexibility – Adapt resolution notes based on who needs to read them and how much detail they need.
Today’s SOC teams need tools that think with them, not against them. Correlation Insights turns fragmented and historical data into actionable intelligence, while now assist context menu ensure clarity and precision in every communication. Together, they empower analysts to focus less on manual legwork and more on what matters: defending their organizations.
These latest capabilities in Now Assist for Security Incident Response, combined with existing Gen AI capabilities for security incident summarization, recommended actions, resolution notes generation, and post Incident analysis, provide security analysts with formidable tools, to streamline their investigations and speed-up their response times.
For more information, refer to Now Assist for Security Operations is Generally Available! and Revolutionizing Security Incident Management: Introducing November Gen AI Capabilities.
- 2,173 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Would love to see posts like this for every product released for SecOps!