What is an agentic SOC?

An agentic SOC uses AI agents that can reason, investigate, and propose actions across your security data, instead of running fixed playbooks. In LogPulse the agents triage and investigate autonomously, but any change to detections, rules, or response actions goes through a human approval gate.

Will the AI take actions on its own?

No. LogPulse is propose-and-approve: agents can draft detections, alert rules, and response playbooks, but they are created disabled and applied only after a human approves. Destructive response actions additionally require owner approval.

Which AI agents can connect?

Any Model Context Protocol client — Claude Code, Cursor, Codex, Continue, or a custom agent — connects to the LogPulse MCP server over a single HTTPS endpoint, scoped per personal access token and audited.

LogPulse

Anmelden Loslegen

LogPulse

Loslegen

An agentic SOC that keeps humans in control

AI agents triage alerts, investigate notables, and draft response actions. Every change waits behind a human approval gate — so you get the speed of automation without handing over the keys.

Get started Read the docs

Where AI does the work, and where you decide

Built on LogPulse Security Monitoring — the same risk-based SIEM, now driven by agents you supervise.

Autonomous alert triage

Every notable is auto-investigated by an LLM that closes false positives before a human sees them, so analysts only open what genuinely needs a person.

AI Investigator

Ask in natural language; the Investigator runs LPQL, correlates deploys and threat intel, and writes a likely root cause with every query shown so you can verify.

Propose-and-approve

Agents can draft detections, alert rules, and response playbooks — created disabled until a human approves. Nothing is applied to your environment directly.

MCP agent gateway

Connect Claude Code, Cursor, or Codex over a single endpoint. Read-only by default, scoped per token, rate-limited, and fully audited.

One shared risk model

Agent findings feed the same bounded 0–100 risk score per entity, so AI signal and human judgment converge on one number instead of a separate queue.

Guardrails and audit

Tool output is treated as data, not instructions, to resist prompt injection. Every agent call is logged and watched by built-in detections that flag abnormal behavior.

Agentic SOC FAQ

What is an agentic SOC?: An agentic SOC uses AI agents that can reason, investigate, and propose actions across your security data, instead of running fixed playbooks. In LogPulse the agents triage and investigate autonomously, but any change to detections, rules, or response actions goes through a human approval gate.
Will the AI take actions on its own?: No. LogPulse is propose-and-approve: agents can draft detections, alert rules, and response playbooks, but they are created disabled and applied only after a human approves. Destructive response actions additionally require owner approval.
Which AI agents can connect?: Any Model Context Protocol client — Claude Code, Cursor, Codex, Continue, or a custom agent — connects to the LogPulse MCP server over a single HTTPS endpoint, scoped per personal access token and audited.

Security Monitoring (SIEM)NIS2 compliance MCP server

Bring an agentic SOC onto your logs

Security Monitoring is available on the Business plan. Start free and turn it on when you're ready.

Get started

EU-hosted · Human-in-the-loop · Audited

Wir verwenden Cookies, um den Site-Verkehr zu analysieren und Ihre Erfahrung zu verbessern. Ohne Ihre Einwilligung werden keine Cookies gesetzt. Datenschutzerklärung