FAQ
Quick answers to the questions teams ask most when getting started with Jutsu. For step-by-step help, see Troubleshooting; for an overview of the platform, see the Introduction.
Product & platform
What is Jutsu?
Jutsu is an AI-native Security Operations OS. It unifies detection, investigation, and response in one multi-tenant platform, so a small team can run a full SOC workflow from ingestion through containment.
How do the products relate to each other?
Jutsu centers on AgentSOC, the SOC platform, with AgentSOAR as its built-in response automation:
| Product | Role |
|---|---|
| AgentSOC | The core SOC platform. Ingests events, runs detection and triage, correlates alerts into incidents, manages cases, and drives response. |
| AgentSOAR | The response automation module of AgentSOC. Executes cloud, email, and identity response actions against your connected providers. |
AgentSOC ingests your security events, detects and correlates threats, and drives response through AgentSOAR. See the Introduction.
Data & integrations
What data sources are supported today?
Jutsu ingests from Wazuh, Google Workspace email logs, syslog, and custom events sent to the ingest webhook. See the Integrations overview for the full matrix.
Do I need Wazuh to use Jutsu?
No. Wazuh is a supported and common source, but you can send syslog or push custom events directly to the Ingestion API.
Which response actions exist?
AgentSOAR provides six capabilities, each with a defined target, providers, and revert behavior:
| Capability | What it does |
|---|---|
block_ip | Blocks an attacker IP at the host's cloud firewall. |
isolate | Quarantines a host so it can neither send nor receive traffic. |
power | Powers a host off as a containment action. |
block_sender | Blocks a sender address for a protected mailbox. |
block_email_domain | Blocks a sending domain for a protected mailbox or tenant. |
disable_user | Suspends or disables an identity. |
See Capabilities for providers, inputs, and revert rules.
Security & architecture
Is my data isolated per organization?
Yes. Jutsu is multi-tenant and organization-scoped. Every event, alert, incident, case, and credential belongs to an organization, and all access is evaluated within that boundary. See the Architecture overview.
How do the AI agents work?
AI agents triage alerts, enrich context, and recommend or drive response within the same organization boundary as your data. Sensitive response actions run through AgentSOAR with safety controls and approvals. See AI agents and Safety & approvals.
Roadmap
What is on the roadmap?
Additional data-source and SOAR integrations are planned, including Splunk, Elastic SIEM, Microsoft Sentinel, CrowdStrike, Datadog, Sumo Logic, Graylog, and IBM QRadar for data, and Splunk SOAR, Tines, and Cortex XSOAR for response. Roadmap items are not yet available; only entries marked available can be connected today. See the Integrations overview.