Your AI Partner -- Copilot

Copilot is Jutsu/AgentSOC's built-in AI assistant. Ask it security questions in plain English: what a specific threat means, what a MITRE technique is, how to explain the current security posture to leadership, what to investigate next in a case. It understands the context of your environment and can reference your actual alert data when accessed from inside an alert.

Two access points: the standalone Copilot page for general questions, and the Talk with AI button inside any Alert Detail for context-specific questions about that specific alert.

Path: Copilot in the left sidebar.

image

Starting a conversation

  • Click Copilot in the left sidebar.
  • Click a quick-action button for a pre-filled prompt, or type your own question.
  • Press Enter or click Send.
  • Conversations save automatically. Click the plus button to start a new session.
  • The conversations sidebar on the left lists previous sessions. Each has a rename button and a delete button. Click the sidebar toggle button to collapse or expand it.

Quick-action buttons

Analyze recent alerts -- Pre-fills a prompt for a summary and analysis of your most recent alert activity.

Investigate an IP -- Pre-fills a prompt to look up a specific IP against threat intelligence.

Security posture -- Pre-fills a prompt for an overview of your current security status. Useful for management briefings.

Generate report -- Pre-fills a prompt to create a narrative summary suitable for a report or briefing.

Using Copilot from inside an alert

  • Open any Alert Detail.
  • Click Talk with AI at the top of the page.
  • The Copilot panel opens on the right, loaded with context from that specific alert.
  • Use the pre-built prompts or type your own question.
  • Click the toggle to close.

Questions that work well

Specific, context-rich questions get better responses than vague ones:

  • 'What does this alert mean in plain English and how serious is it?'
  • 'Is this IP known malicious and should I block it?'
  • 'This brute force is ongoing -- what should I do right now?'
  • 'Summarize the last 7 days of activity in two paragraphs for a management briefing.'
  • 'What is MITRE T1110 and what does it mean that this alert triggered it?'
  • 'Are there patterns across recent alerts suggesting a coordinated campaign?'
  • 'Is the IP 43.160.253.60 known to be malicious?'
  • 'What should I do if this turns out to be ransomware?'
  • 'What does a Confidence score of 42% mean?'

Copilot and verification: Copilot provides analysis based on available context. For high-stakes decisions, cross-reference its output against the underlying alert data and threat intelligence results in the platform.