SOC Jedi.AI

SOC Jedi.AI is an AI-powered Security Operations Center (SOC) automation platform designed to assist L1-L3 analysts with alert investigation, triage, and incident response workflows. The platform operates through a multi-agent architecture, with each agent handling a distinct function: - AI SOC Analyst: Orchestrates all other agents, enriches alerts, runs end-to-end investigations, and produces SOC-grade reports - ML Pre-Scoring Agent: Trains on historical alert data to filter false positives before triage using prior verdicts - Reverse Engineer Agent: Decodes and decompiles binaries, analyzes code logic, detects malicious patterns, and issues malware risk reports - External IT Auditor Agent: Performs continuous asset discovery, simulates attack paths, and produces prioritized remediation reports - Darknet Monitoring Agent: Monitors dark web for corporate domain leaks, correlates and classifies exposures, and provides automation signals The investigation workflow includes the following stages: 1. Data collection from SIEM, SOAR, IRP, EDR, data lakes, and other security tools 2. ML pre-scoring to filter false positives 3. Data markup and enrichment with IOCs, threat feeds, and internal systems 4. Retrospective analysis linking current activity to past incidents 5. Hypothesis modeling using correlated evidence 6. Report generation with verdicts and remediation recommendations Key platform capabilities include alert clustering and aggregation, asset resolution, RAG-based context enrichment, attack chain mapping, and interactive chat-based Q&A on investigation results. Deployment options include on-premises (for full data control and compliance) and SaaS (cloud-based with continuous updates). The platform also targets MSSPs with multi-tenancy and escalation control use cases.