Quickstart
This guide takes you from an empty workspace to a fully closed detection-to-response loop. You will create your organization, connect a Wazuh data source, watch your first alert arrive, let Jutsu's AI agents triage it, and run an AgentSOAR response — all in a single sitting.
You need access to a Wazuh manager (or any supported source) and an admin role in your Jutsu workspace. Confirm exact UI routes against your deployment.
Walkthrough
- 1
Create your organization and invite your team
Sign in and create an organization — this is the tenant that owns your data sources, alerts, and response actions. Open your organization settings and send invitations to your analysts so they can collaborate on triage and response from day one.
- 2
Connect a data source (Wazuh)
Add Wazuh as your first source. Jutsu ingests Wazuh alerts through a native forwarder that runs on your Wazuh manager and posts to the Jutsu Ingest API. Generate an API key in the integration screen, then run the one-line installer on the manager to start streaming events. See Connect your first data source and the full Wazuh integration guide.
- 3
See your first alert
Open the Alerts view. As the forwarder streams events, normalized alerts appear here within moments of detection. Each alert carries its source, rule context, and the affected asset or identity. Learn more in Alerts.
- 4
Triage it and open the correlated incident
Jutsu's AI agents classify each alert and assign a severity and priority automatically, so you focus on what matters first. Open a high-priority alert to review the agent's reasoning and supporting context, then jump to the correlated incident that groups related alerts into a single investigation.
- 5
Respond with an AgentSOAR action
From the incident, run a policy-approved AgentSOAR action — for example, block a malicious IP or disable a compromised user. Every action runs against your connected cloud or identity provider and is recorded with a full audit trail you can revert. See AgentSOAR overview.
You just closed the loop: an event was ingested, normalized into an alert, triaged and prioritized by AI agents, correlated into an incident, and resolved with an automated response — end to end, in one workspace.
Next steps
- Connect your first data source — full Wazuh forwarder setup and verification.
- The SOC workflow tour — how detect, investigate, triage, respond, and report fit together.
- Alerts — work the Alerts view in depth.