Security teams automate tasks with Intezer

Security teams automate repetitive tasks with Intezer’s AI agents to streamline workflows and reduce manual effort in operations centers.

Security teams automate tasks with Intezer - automate security
Security teams automate tasks with Intezer

Security teams can now create their own AI agents within the Intezer platform. The company states this update will help automate repetitive tasks that still require manual effort in most security operations centers.

Custom Agents, launched this week, allow organizations to design tailored automation for workflows unique to their environment. The feature expands on Intezer’s existing autonomous agents, which already manage triage, investigation, and response for every alert—escalating fewer than 2% to human analysts.

The company found that over a third of interactions with its AI chat tool involved repeated requests for the same tasks. Custom Agents address this by converting those requests into self-running processes.

How SOCs can use the new feature

Security teams frequently spend hours on routine but essential work, such as writing incident reports, adjusting detection rules, or documenting investigation results. These tasks differ across organizations, making them hard to standardize with generic automation tools.

Related: CTRL+ALT+PWN earns high marks in review

With Custom Agents, teams describe their needs in plain language, set triggers like a closed case or scheduled interval, and specify which tools the agent can access. The agents connect with existing security tools, including SIEMs like Splunk and Microsoft Sentinel, EDR platforms like CrowdStrike and SentinelOne, and identity systems such as Entra ID.

Once active, agents can update cases, add comments, close tickets, or send completed reports—all without human input. Intezer’s CEO, Itai Tevet, explained that the goal is to let teams automate their unique processes while maintaining the platform’s performance standards.

What’s under the hood

The agents operate on Intezer’s existing engine, ensuring smooth integration with its automation framework. Customers already use the platform’s built-in agents for tasks like triage and rule adjustments, but Custom Agents extend this to workflows tailored to each SOC.

A team might set up an agent to generate shift handoff notes at the end of each rotation, pulling data from recent investigations and formatting it into a standard report. Another could adjust detection rules based on triage results, cutting down on false positives over time.

Related: Де вирощують каву

Intezer’s analysis of usage patterns revealed that repetitive tasks make up a large part of a SOC’s daily workload. Their data showed that 34% of AI chat interactions involved identical requests, highlighting the need for automation beyond basic alert handling.

Limits and next steps

While Custom Agents handle many routine tasks, they don’t replace human judgment in complex cases. The platform still escalates only a small fraction of alerts to analysts, keeping most work fully automated—but critical decisions remain with people.

The feature is now available to all Intezer customers. Teams can begin building agents immediately, though some workflows may need adjustments to fit specific security policies or compliance rules.

For now, the focus remains on reducing manual work that slows down SOCs. As threats increase in volume and complexity, tools like these could become essential for security operations—if they prove flexible enough to meet real-world needs.

Leave a Reply