Analyst-added hunt context
Add usernames, hosts, IPs, domains, asset criticality, case details, and free-form analyst notes so generated hunts reflect the real investigation.
ATLAS AI Platform
AI-assisted SOC operations, from hunt idea to query results.
ATLAS AI helps analysts generate threat hunts, add operational context, query the security stack, analyze returned evidence, and turn repeatable workflows into SOAR-ready automation.
Core Workflow
Built around how analysts actually hunt.
ATT&CK Hunt Builder
Select matrix, tactic, and technique to generate hypotheses, query packages, telemetry needs, expected evidence, false positives, and pivots.
Security stack querying
Execute approved generated queries against configured security data platforms and return normalized preview results.
Results analysis
Summarize returned events, highlight entities, explain why findings matter, and recommend next investigative pivots.
Feature Inventory
What ATLAS AI includes.
ATT&CK coverage
Enterprise, Mobile, and ICS ATT&CK data ingestion with matrix, tactic, technique, group, and relationship views.
Attack Path Builder
Build multi-stage adversary paths, generate stage-by-stage hunts, and run approved searches with execution controls.
KEV Intelligence
Ingest CISA KEV, map vulnerabilities to threat behavior, and prioritize exploitation-focused hunting.
Sigma and detection engineering
Ingest Sigma content, map rules to ATT&CK, reuse rule fields and logic in generated hunts, and guide tuning.
Threat Connect
Manage threat intelligence sources that feed dashboard news, researcher references, vendor reports, and government advisories.
Phishing analysis
Analyze suspicious messages, extract observables, enrich reputation, and provide analyst-ready triage guidance.
Connector capability matrix
Show which connectors are configured, configured or live across query, alert, exposure, intel, case, and response workflows.
API Connect for SOAR
Expose key-protected endpoints that let SOAR platforms request hunts and receive generated queries, execution metadata, entities, and results.
Saved hunts and investigation records
Save generated hunts, results, analyst notes, pivots, telemetry requirements, and related Sigma evidence as append-only records.
Enterprise administration
RBAC, MFA, local account management, configuration tabs, structured logs, log export, and environment-aware deployment controls.
Context Matters
The analyst stays in control.
ATLAS AI does not treat hunts as generic prompts. Analysts can add operational context before generation so the output reflects actual users, hosts, source and destination IPs, domains, business criticality, incident notes, and available tooling. That context flows into query generation, evidence expectations, result analysis, pivots, and saved records.
Deploy
Use ATLAS AI as a platform, a lab, or a workflow accelerator.
Start with a focused ATT&CK hunting workflow, then expand into connector execution, SOAR automation, exposure context, and governance.