Corelight today unveiled Guided Triage—a new set of capabilities in its SaaS solution, Corelight Investigator. Guided Triage utilizes artificial intelligence (AI) to deliver fast, expert-level data insights in plain language, which expedites triage, reduces SIEM ingest requirements and associated costs, and bridges analyst skill gaps.
According to a 2023 report by Enterprise Strategy Group (ESG), 62% of Security Operations Center (SOC) teams are seeking cost-effective solutions due to the escalating expenses related to storing and managing large volumes of log data within SIEM systems. In addition, the increasing complexity and volume of cyber threats are pushing SOC teams to leverage AI to ensure that security analysts at all levels can better understand both the severity and priority of alerts using plain language for faster decision-making. Corelight applies large language models (LLMs) to summarize network activity and attack payloads and packet capture and single-screen triage technology to both reduce costs and accelerate incident response.
"The volume of data that SOC analysts have historically needed to wade through and manually correlate can make it difficult to quickly determine which alerts are the most important to remediate. In some cases, that data requires review by the most experienced analysts to determine the complete context of an attack and better inform incident response," said Vijit Nair, vice president of product, Corelight. "By creating one interface with all the necessary context along with plain language summaries and easy access to raw data, we are aiming to reduce analyst fatigue, speed incident response, and empower all levels of the SOC team."
Corelight Investigator with Guided Triage is the ideal tool for junior analysts looking to speed discovery and correlation activities with simplified AI-driven summaries. It enables them to rapidly enhance both their incident response skills and knowledge. Similarly, the new capability gives senior analysts the ability to easily assess pre-correlated context and quickly pivot into the raw data for deeper investigation through a single screen triage.
"Corelight's Guided Triage is a fantastic force multiplier, surfacing correlated information quickly and concisely to help analysts make faster decisions with more confidence," said Sheldon Carmichael, information security architect, Sally Beauty. "This is information that analysts would normally have to pivot to collect from different sources and manually correlate, which takes significant time and knowledge. The more information available with fewer pivots or clicks, the faster analysts of all skill levels can move to resolution."
Guided Triage also delivers:
Full triage history: All alerts appear in the context of the original detection, building knowledge on that threat. Analysts can easily see the true positive (TP) and false positive (FP) history, their teammates who made any decisions, and their notes to help tune and automate their future decision-making.
Interactive visual timeline: A unique depiction of all detections on the source and destination machines involved that helps create a cohesive story, ensuring that the analyst doesn't miss any related alerts in the sequence.
Easy access to raw network data: Suricata payloads and PCAP links are easily viewable and accessible through one-click access, eliminating the usage of Log Search and streamlining critical workflows.
For more information on the new Guided Triage in Corelight Investigator visit https://corelight.com/blog/guided-triage.