The SOC workflow tour
You will follow a single security signal as it moves through Jutsu's SOC lifecycle, from raw event to resolved incident to finished report. Each stage maps to a place in the platform, so by the end you'll know where to work at every step.
Detect
Detection starts with collection. Jutsu ingests telemetry from your connected sources — Wazuh, Google Workspace email logs, syslog, and custom events — then normalizes it into a consistent shape and runs detections against it. Matches surface as alerts you can act on.
Work this stage in the Alerts view, where every detection lands as it arrives.
Investigate
A raw alert rarely tells the whole story, so Jutsu enriches it with context: the affected asset, the identity involved, related cloud resources, and threat intelligence. That context turns a lone signal into an understandable picture and links it to other activity around the same entities.
Investigation comes together on the Incidents page, where correlated alerts are grouped into a single, contextual timeline.
Triage
Triage is where Jutsu's AI agents earn their keep. They classify each alert and assign a severity and priority automatically, so your queue is ordered by what actually matters instead of by arrival time. The agents explain their reasoning, and analysts stay in control to confirm, adjust, or mark false positives.
See how the agents work in AI agents, and review their output alongside each alert in the Alerts view.
Respond
Once an incident is understood, you respond. Jutsu recommends — or, where policy allows, executes — AgentSOAR actions such as blocking a malicious IP, disabling a compromised user, isolating a host, or blocking a sender. Every action runs against your connected provider, is recorded with a full audit trail, and can be reverted.
Drive response from the Incidents page, backed by the action catalog in AI agents.
Report
Closing an incident isn't the end — someone always needs the record. Jutsu generates SOC, compliance, and executive reports automatically, turning your alerts, incidents, and responses into shareable summaries on demand or on a schedule.
Generate and review these from your organization's reporting tools, fed directly by the work captured across the lifecycle.
Where to go next
You've seen a signal travel the full loop: detected, investigated, triaged, responded to, and reported. Pick the stage you want to go deeper on and dive into its platform page.