Red Canary AI Agents

Red Canary AI Agents is a security operations platform that uses AI-powered agents to automate threat investigation, triage, and analysis tasks. The system employs multiple specialized agents that work across different security domains including identity threat detection, cloud security, email security, and endpoint protection. The platform includes investigation agents that perform alert enrichment, authentication research, reputation analysis, and device compliance checks. Email triage agents evaluate phishing indicators, while threat analysis agents provide summaries and recommendations for containment. User behavior agents analyze login patterns and compare real-time activity against historical baselines to identify anomalies. The AI agents integrate with various security platforms to investigate and triage alerts from sources including CrowdStrike Falcon Identity, Microsoft Entra Identity Protection, Microsoft Cloud App Security, Okta Workforce Identity, Cisco Duo, AWS GuardDuty, Microsoft Defender for Endpoint, SentinelOne, and Microsoft Sentinel. The agents are designed to operate with human oversight, combining AI automation with expert-crafted standard operating procedures. The system provides contextual threat intelligence, generates investigation reports, and offers actionable response plans for containment and remediation. The platform aims to reduce triage and notification time while maintaining high threat detection accuracy.