Copilot
Copilot is the AI chat assistant for analysts. Open it at /copilot and ask plain-language questions about your environment—what the most critical alerts in the last 24 hours mean, whether an IP is suspicious, what the next investigation steps are, or how to draft an incident note. It answers in context instead of making you pivot between screens.
Passing alerts and incidents as context
Copilot is most useful when it can see what you are looking at. You can attach the alert or incident you are viewing as context, and Copilot grounds its answer in that specific record rather than answering generically. Context is sent with each message, so a question like "summarize this alert and recommend next steps" is answered against the real alert data, including its enrichment and triage results.
From an alert you are investigating, Copilot offers ready-made prompts such as summarizing the alert, investigating suspicious IPs that appear in it, outlining remediation steps, and drafting an incident note you can paste into a ticket.
Saved conversations
Conversations and their messages are saved, so you can leave Copilot and come back to a thread later. Each conversation keeps its history, and you can scope the history to the alert or incident it was started from. This makes Copilot a running record of your reasoning during an investigation, not just a throwaway prompt box.
Built on your LLM providers
Copilot runs on the same large language model providers configured for your organization—OpenAI and Anthropic, with the model chosen by your organization's model settings. Responses stream back token by token as they are generated.