Introducing AI-powered Alert Investigation in Log360 Cloud
Hello everyone,
We're excited to announce the release of the AI Alert Investigation in Log360 Cloud. This new AI capability allows security analysts to investigate alerts autonomously, significantly reducing the time and effort spent on manual investigation.
When you click Start Investigation on any alert, the Zia Alert Investigation takes over. It uses LLM-driven reasoning to determine what to examine and in what order, adapting to each alert's type and available data.
Here's what the Alert Investigation Agent does:
- Entity identification and enrichment: Extracts users, IPs, domains, hosts, processes, and files from the alert and checks their reputation against VirusTotal, Advanced Threat Analytics (ATA), UEBA.
- Related alert and log analysis: Finds alerts linked to the same entities, identifies patterns, and runs targeted log searches when needed.
- Timeline and attack-chain reconstruction: Reconstructs the sequence of events chronologically, mapped to MITRE ATT&CK® techniques.
- Analyst-in-the-loop control: Pause the investigation at any point, pivot to a different entity, or use the Ask Zia text box to ask follow-up questions about the findings.
- Actionable output: Delivers a structured investigation report with remediation steps and future risk indicators — exportable as PDF or attachable directly to an incident.
To get started, enable the Investigation Agent from Admin > Zia > Configuration.
Thank you for being a valued part of the Log360 Cloud community.
Best regards,
Log360 Cloud Team