AgentSOAR (native)#

AgentSOAR is Jutsu's built-in response automation—no external SOAR required. Containment and remediation actions run directly inside the platform, against credentials you have already connected.

Capability model#

AgentSOAR exposes a small set of containment capabilities and maps each one to the providers that can carry it out. You run a capability against a target resource, and AgentSOAR dispatches the action through the matching provider plugin.

• block_ip — block a source IP at the cloud network layer (AWS, GCP, Azure).
• isolate — isolate a compromised instance from the network (AWS, GCP, Azure).
• power — stop or power off a host or instance (AWS, GCP, Azure, Hostinger).
• block_sender — block a specific sender address in the mail provider (Google Workspace).
• block_email_domain — block an entire sending domain (Google Workspace, Microsoft 365).
• disable_user — disable a user account in your identity provider (Google Workspace, Microsoft 365).

Not every provider implements every capability. Jutsu only offers the capabilities a connected provider actually supports, so the available actions depend on which cloud and identity integrations you have set up.

Audit and revert#

Every action AgentSOAR runs is recorded with who ran it, what capability executed, and against which resource, so you keep a complete trail of every response. Where a capability supports it, you can revert the action—restoring the prior state—without leaving Jutsu.

This page is a pointer. For the full capability reference, provider requirements, and step-by-step usage, see the AgentSOAR section.

Related#

• AgentSOAR overview
• AgentSOAR capabilities
• Integrations overview