Hey,

I’ve been seeing a lot of SOC tools lately that call themselves “AI agents” - things that are supposed to help with investigation, triage, hunting, threat intel enrichment, etc.

We’re thinking about trying something like that in our SOC, but I haven’t really heard from other people who really gave it a thought.
Do you use it for traiging or also for more complex tasks like investigation and even hunting?
Do they help also in cloud environments or do they struggle there?

Also, from your perspective, what is the biggest problem these tools could actually help with in a SOC?
Is it:

1. Cleaning up noisy cloud alerts

2. Making threat intel feeds relevant

3. Helping with proactive hunting

4. Supporting faster investigation

5. Writing Detections

6. Something else

Thanks!