diff --git a/blog-cse/2026-08-03-application.md b/blog-cse/2026-08-03-application.md
new file mode 100644
index 00000000000..1ecdb41bd1b
--- /dev/null
+++ b/blog-cse/2026-08-03-application.md
@@ -0,0 +1,33 @@
+---
+title: August 3rd, 2026 - Application Update
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+ - insights
+ - soc analyst agent
+ - cloud siem
+ - ai
+ - agent
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### SOC Analyst Agent
+
+We're excited to announce that Sumo Logic's SOC Analyst agent, a powerful agentic AI tool designed to improve the speed and accuracy of your Security Operations Center (SOC) team's threat investigations, is now generally available. The agent triages Cloud SIEM insights with evidence-backed verdicts, helping your team cut through false-positive noise and speed up threat resolution. [Learn more](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent).
+
+The SOC Analyst agent provides the following new functionality:
+* AI Investigation tab in Cloud SIEM
+* Insight investigation in Mobot
+
+#### AI Investigation tab
+
+A new **AI Investigation** tab in Cloud SIEM provides an AI-generated analysis of insights that accelerates investigation and troubleshooting by your SOC team.
+
+
+
+#### Insight investigation in Mobot
+
+When you select the **Ask Mobot** button on the new **AI Investigation** tab in Cloud SIEM, the insight's AI-generated information is launched in Sumo Logic Mobot. There you can use Mobot's focused query capabilities to drill down into the insight for greater detail.
+
+
diff --git a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
index 08a8cbbdf12..79d1734d8a6 100644
--- a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
+++ b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
@@ -156,7 +156,7 @@ From the [Heads Up Display](/docs/cse/get-started-with-cloud-siem/cse-heads-up-d
### Overview
The **Overview** tab provides panels that give an overview of the insight:
-* **AI Analysis**. A concise, actionable summary of threat incidents based on triggered signals. It consolidates key details to facilitate quick understanding and response by security teams. The summary is generated by Sumo Logic's Dojo AI Summary Agent, an agentic AI tool. The summary is generated when an insight is created, and is regenerated whenever the insight is modified, keeping it current with added or removed signals. Summaries are not only generated for insights created by the system, but also custom insights created manually by users via the UI.
+* **AI Analysis**. A concise, actionable summary of threat incidents based on triggered signals. It consolidates key details to facilitate quick understanding and response by security teams. The summary is generated by Sumo Logic's [SOC Analyst agent](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent) tool. The summary is generated when an insight is created, and is regenerated whenever the insight is modified, keeping it current with added or removed signals. Summaries are not only generated for insights created by the system, but also custom insights created manually by users via the UI.
:::note
Help us refine the tool by using the thumbs-up or thumbs-down buttons to provide feedback on the effectiveness of the summary presented. Clicking the thumbs-down button gives you the opportunity to provide additional feedback.
:::
diff --git a/docs/cse/get-started-with-cloud-siem/index.md b/docs/cse/get-started-with-cloud-siem/index.md
index 028cd27702a..07adcab4a12 100644
--- a/docs/cse/get-started-with-cloud-siem/index.md
+++ b/docs/cse/get-started-with-cloud-siem/index.md
@@ -50,6 +50,12 @@ This guide helps you get started using Cloud SIEM for threat hunting.
Learn how the insight summary pane uses AI to provide summaries of threat incidents.
+
+
+
})
SOC Analyst Agent
+
Triage insights faster with evidence-backed verdicts from the SOC Analyst agent.
+
+
})
Cloud SIEM Content Catalog
@@ -62,4 +68,4 @@ This guide helps you get started using Cloud SIEM for threat hunting.
Get up and running quickly with Cloud SIEM administrator tasks.
-
\ No newline at end of file
+
diff --git a/docs/cse/get-started-with-cloud-siem/insight-summary.md b/docs/cse/get-started-with-cloud-siem/insight-summary.md
index bdb4a7492bc..b73f9caba8d 100644
--- a/docs/cse/get-started-with-cloud-siem/insight-summary.md
+++ b/docs/cse/get-started-with-cloud-siem/insight-summary.md
@@ -7,7 +7,7 @@ description: The insight Summary pane uses AI to provide summaries of threat inc
import useBaseUrl from '@docusaurus/useBaseUrl';
import Iframe from 'react-iframe';
-The insight summary pane provides a concise, actionable summary of threat incidents based on triggered signals. It consolidates key details to facilitate quick understanding and response by security teams. The summary is generated by Sumo Logic's Dojo AI Summary Agent, an agentic AI tool.
+The insight summary pane provides a concise, actionable summary of threat incidents based on triggered signals. It consolidates key details to facilitate quick understanding and response by security teams. The summary is generated by Sumo Logic's [SOC Analyst agent](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent) tool.
The summary is generated when an insight is created, and is regenerated whenever the insight is modified, keeping it current with added or removed signals. Summaries are not only generated for insights created by the system, but also custom insights created manually by users via the UI.
@@ -17,6 +17,8 @@ The summary is generated when an insight is created, and is regenerated whenever
Help us refine the tool by using the thumbs-up or thumbs-down buttons to provide feedback on the effectiveness of the summary presented. Clicking the thumbs-down button gives you the opportunity to provide additional feedback.
:::
+
#### FAQs about the insight summary
diff --git a/docs/cse/get-started-with-cloud-siem/soc-analyst-agent.md b/docs/cse/get-started-with-cloud-siem/soc-analyst-agent.md
index 0f55da69d54..caf84a9f89d 100644
--- a/docs/cse/get-started-with-cloud-siem/soc-analyst-agent.md
+++ b/docs/cse/get-started-with-cloud-siem/soc-analyst-agent.md
@@ -1,46 +1,37 @@
---
id: soc-analyst-agent
title: SOC Analyst Agent
-sidebar_label: SOC Analyst Agent
-description: Learn how to use Sumo Logic's SOC Analyst Agent to perform investigations of Cloud SIEM insights.
+sidebar_label: SOC Analyst Agent ✨
+description: Use Sumo Logic's SOC Analyst agent to triage Cloud SIEM insights with AI verdicts, investigate threats faster, and reduce false-positive noise for your team.
---
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-
-
-
-Public Preview
-
-:::info
-This feature is in Public Preview. To participate, contact your Sumo Logic account representative.
-:::
+import useBaseUrl from '@docusaurus/useBaseUrl';
-Sumo Logic's SOC Analyst Agent is an agentic AI tool designed to improve the speed and accuracy of your Security Operations Center (SOC) team's threat investigations.
+Sumo Logic's SOC Analyst agent is an agentic AI tool that embeds reasoning and context-awareness directly into Cloud SIEM, helping your Security Operations Center (SOC) team investigate alerts faster, reduce false-positive noise, and respond with confidence. Security teams spend too much time validating false positives and performing repetitive investigative steps — the agent eliminates that noise, standardizes outcomes, and accelerates time to resolution.
-The agent delivers automated verdicts on insights using evidence-backed reasoning to determine whether the insights are malicious, suspicious, or benign. It then provides a concise summary of threat incidents based on triggered signals in the insight. Finally, it presents key findings, including details found in the signals that fired for the insight. All of this results in quicker, more detailed analysis.
+Every verdict is evidence-backed and explainable. The agent shows the evidence it collected, the reasoning it applied, and the conclusion it reached, so you can interrogate any part of its analysis rather than take a black-box result on faith. It determines whether an insight is malicious, suspicious, or benign, provides a concise summary of the threat incident based on triggered signals, and presents key findings from the signals that fired, resulting in quicker, more detailed analysis.
-The SOC Analyst Agent performs two distinct jobs that mirror an analyst’s daily responsibilities:
+The SOC Analyst agent performs two distinct jobs that mirror an analyst’s daily responsibilities:
* **Triage**. Delivers automated verdicts on insights using evidence-backed reasoning to determine whether the insights are malicious, suspicious, or benign.
* **Investigation**. Supports analysts with a hypothesis-driven approach to assess the scope, context, and likely impact of an event.
-The SOC Analyst Agent provides the following functionality:
+The SOC Analyst agent provides the following functionality:
* [AI Investigation tab in Cloud SIEM](#ai-investigation-tab)
* [Insight investigation in Mobot](#investigate-the-insight-in-mobot)
-## Filter for AI verdicts
+## View AI verdicts on insights
-The SOC Analyst Agent runs in the background against all insights that flow into Cloud SIEM. After analysis, it renders a verdict about whether the insight requires investigation.
+The SOC Analyst agent runs in the background against all insights that flow into Cloud SIEM. After analysis, it renders a verdict about whether the insight requires investigation.
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Cloud SIEM > Insights**. You can also click **Go To...** at the top of the screen and select **Insights**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main menu select **Cloud SIEM** and then click **Insights** at the top of the screen.
-1. In the insight list page, note that the **AI Verdict** column shows the results of the AI analysis:
-1. Click **Start typing here to create a filter** near the top of the insights page and select **AI Verdict** to search for insights based on the verdict they are assigned:
+1. In the **Insights** page, note that the **AI Verdict** column shows the results of the AI analysis:
+1. Click **Start typing here to create a filter** near the top of the insights page and select **AI Verdict** to search for insights based on the verdict they are assigned:
* **Malicious**. AI analysis determined that the insight is malicious, and warrants immediate investigation by your SOC team.
* **Suspicious**. AI analysis determined that the insight is suspicious and warrants investigation by your SOC team.
* **Benign**. AI analysis determined that the insight is harmless and is not a candidate for elevation to SOC team investigation.
* **In Progress**. AI analysis is in progress.
* **Inconclusive**. AI analysis could not determine whether the insight needs to be investigated.
- * **Not Investigated**. No AI analysis was performed on the insight because of rate limiting rules. These rules control how many insights can be automatically processed to generate AI verdicts. Insights that have not been investigated display an **Investigate** button at the top of the insight details page. Click this button to manually initiate an AI investigation. For more information about rate limiting and its role in ensuring system stability, see [FAQs for preview](#faqs-for-preview) below.
+ * **Not Investigated**. No AI analysis was performed on the insight due to rate limiting. Click the **Investigate** button at the top of the insight's details page to manually initiate an AI investigation. See [How does investigation rate limiting work?](#how-does-investigation-rate-limiting-work) for details.
1. Clicking anywhere on the row of an insight that has an AI verdict shows a side panel with results of the verdict. This allows you to browse quickly for insights needing more investigation:
1. To investigate an insight further, click the insight's ID. Insights with an AI verdict display an **AI Investigation** tab in the insight details page. Use the information on this tab to dive deeper into the insight.
@@ -50,41 +41,44 @@ The **AI Investigation** tab in the details page of a Cloud SIEM insight is an a
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Cloud SIEM > Insights**. You can also click **Go To...** at the top of the screen and select **Insights**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main menu select **Cloud SIEM** and then click **Insights** at the top of the screen.
1. On the insights list page, click an insight's ID.
-1. The **AI Investigation** tab shows results of AI analysis:
+1. The **AI Investigation** tab shows results of AI analysis:
1. **Severity Verdict**. Details about the insight's severity analysis:
* **Current Severity**. The severity of the insight as set by the cumulative activity score for the insight. For more information, see [About insight severity](/docs/cse/get-started-with-cloud-siem/insight-generation-process/#about-insight-severity).
* **Global Confidence Score**. A level of confidence that the insight is actionable, predicted by Sumo Logic’s Global Intelligence machine learning model. See [What is a Global Confidence score?](/docs/cse/records-signals-entities-insights/global-intelligence-security-insights/#what-is-a-global-confidence-score).
* **AI Verdict**. The AI system's qualitative assessment of the insight.
* **Recommends security level of ___**. AI analysis recommends a new severity level be assigned to this insight. If you agree with the assessment, click **Accept**. The **Current Severity** field changes to the new value.
- 1. **What Happened**. A concise summary of threat incidents based on triggered signals in the insight. Content of this field is generated by Sumo Logic's Summary Agent, an agentic AI tool. The summary consolidates key details to facilitate quick understanding and response by security teams. The summary is generated when an insight is created, and is regenerated whenever the insight is modified, keeping it current with added or removed signals.
+ 1. **What Happened**. A concise summary of threat incidents based on triggered signals in the insight, generated by the SOC Analyst agent. The summary consolidates key details to facilitate quick understanding and response by security teams. The summary is generated when an insight is created, and is regenerated whenever the insight is modified, keeping it current with added or removed signals.
:::tip
Help us refine the tool by using the thumbs-up or thumbs-down buttons to provide feedback on the effectiveness of the summary presented. Clicking the thumbs-down button gives you the opportunity to provide additional feedback.
:::
-
+ 1. **Recommended Actions**. Actions you can take to remediate the incident.
+ 1. Click **Execute Action** to run a [playbook](/docs/platform-services/automation-service/playbooks/) to take the recommended action:
+ 1. Click **View Details** on the confirmation to see details about the playbook automation, and then you should see a confirmation:
+ 1. The playbook execution details are displayed on the [**Automations**](/docs/cse/automation/automations-in-cloud-siem/#view-results-of-an-automation) tab of the insight. Click **View Playbook** on an automation to see the progress of the playbook execution.
+ :::note
+ To be able to run playbooks from **Recommended Actions**, the integrations that the playbooks use must be properly configured. See [Configure Authentication for Automation Integrations](/docs/platform-services/automation-service/configure-authentication-for-integrations/).
+ :::
1. **Key Findings**. The main points uncovered by AI analysis. Details about these findings can be found in the signals that fired for the insight.
-1. Click **Ask Mobot** to send the AI analysis of the insight to [Sumo Logic Mobot](#investigate-the-insight-in-mobot) for further investigation.
-
-### Investigate the insight in Mobot
-
-1. From the insight's details page, click **Ask Mobot** to open the AI investigation in [Sumo Logic Mobot](/docs/search/mobot/).
-1. Details about the AI investigation appear in Mobot. The entire context of the AI investigation is brought into Mobot so you can quickly drill down for more information about the insight. For example, under each step in **Key Findings**, you can click the provided links to see more details.
-1. In **Ask Something...**, type a question about the insight using details provided in the **What Happened** or **Key Findings** sections above. For example, you could ask to see logs about the entities mentioned in the text (that is, hosts, users, IP addresses, file hashes, and so on). You could even ask more general questions, like "Help me investigate this insight".
-1. Click **Search**
. Mobot analyzes your request and fashions a query based on it.
-1. Click **View Results** to see the results of your request in the logs query UI. You can also click the suggestions provided to drill down farther. As you ask questions, Mobot retains the context of your conversation about the insight, allowing you to more easily obtain detail.
+1. Click **Ask Mobot** to continue the investigation conversationally in [Mobot](#investigate-the-insight-in-mobot), with the full context of the AI analysis already loaded.
+
+## Investigate the insight in Mobot
+
+Follow these steps once you're in Mobot:
+
+1. From the insight's **Details** page, click **Ask Mobot** to open the investigation in [Mobot](/docs/search/mobot/), Dojo AI's chat interface.
+1. The full AI investigation appears in Mobot. For example, under each step in **Key Findings**, you can click the provided links to see more details.
+1. In **Ask Something...**, type a question about the insight using details provided in the **What Happened** or **Key Findings** sections above. For example, you could ask to see logs about the entities mentioned in the text (that is, hosts, users, IP addresses, file hashes, and so on). You could even ask more general questions, like `Help me investigate this insight`.
+1. After executing a prompt like the one above, Mobot analyzes your request and fashions a log search query based on it.
+1. Click the log search results card to see the results of your request in the Log Search UI. You can also click the suggestions provided to drill down farther. As you ask questions, Mobot retains the context of your conversation about the insight, allowing you to more easily obtain detail.
1. As you work with the investigation agent, after each step you will be presented with follow-up questions. Type a number corresponding to a follow-up question, or enter your own question.
+At any point during the investigation, click **Open Insight** to return to the insight's **Details** page in Cloud SIEM.
+
### Search for related insights
During a Mobot investigation, you can search for other insights related to the current one. Mobot offers several dimensions to search by, helping you surface lateral context without leaving the investigation.
-Click **Search related insights?** when it appears as a suggested action in Mobot, or ask Mobot directly (for example, "Search for related insights"). Mobot will ask which dimension to explore:
+Click **Search related insights?** when it appears as a suggested action in Mobot, or ask Mobot directly (for example, `Search for related insights`). Mobot will ask which dimension to explore:
* **Same entity**. Other insights involving the same user, IP address, or host.
* **Same attack name**. Other insights with the same attack name.
@@ -94,10 +88,7 @@ Click **Search related insights?** when it appears as a suggested action in Mobo
Select a dimension to proceed, or enter your own search criteria.
-### Start a new investigation
-
-To clear the context and start a new investigation, click **New Conversation** at the top of the screen. To start investigation on another insight, navigate back to Cloud SIEM, select another insight, and click **Ask Mobot**.
-
+
### Example questions
Following are example questions you could try in the **Ask Something...** field:
@@ -109,65 +100,45 @@ Although these are general questions, they give you an idea of the wide variety
### Generate dashboards
-To generate dashboards based on the context of your investigation, simply ask Mobot. For example, in the **Ask Something...** field you could type `Create a dashboard with the results of this investigation`. The agent will build the dashboard:
+To generate dashboards based on the context of your investigation, simply ask Mobot. For example, in the **Ask Something...** field, you could type `Create a dashboard with the results of this investigation`. The agent will build the dashboard:
Click the provided link to view the dashboard:
-## Add a comment to an insight
-
-You can ask Mobot to add a comment to the current insight. In the **Ask Something...** field, enter a prompt such as `Add a comment that I found a suspicious IP address` and press **Enter**. Mobot posts the comment to the insight's comment section.
-
-Comments are visible to all analysts with access to the insight and can be used to document findings, note investigation status, or flag items for follow-up.
+### Start a new investigation
-## Close an insight
+To start a new investigation, navigate back to Cloud SIEM, select another insight, and click **Ask Mobot**. To clear your current session instead, see [New conversation](/docs/search/mobot/#new-conversation).
-You can also ask Mobot to close the current insight. In the **Ask Something...** field, enter a prompt such as `Close this insight` or `Mark this insight as resolved` and press **Enter**. Mobot closes the insight directly from the investigation area.
+### Share the conversation
-## FAQs
+To share the current investigation with other users, see [Share conversation](/docs/search/mobot).
-
-What is the Sumo Logic SOC Analyst Agent?
+
-The SOC Analyst Agent is part of the [Sumo Logic Dojo AI](/docs/get-started/ai-machine-learning/#dojo-ai). The SOC Analyst Agent is an assistant that applies agentic AI reasoning to triage and investigation tasks. It correlates alerts, weighs patterns against frameworks like MITRE ATT&CK, and renders evidence-backed verdicts, providing analysts an immediate sense of threat impact. When deeper analysis is required, the same agent supports hypothesis-based investigation to map relationships, connect entities, and summarize findings.
-
+## FAQ
-
-What are the benefits of the agent?
+### What is the Sumo Logic SOC Analyst agent?
-Security teams spend too much time validating false positives and performing repetitive investigative steps. By embedding reasoning and context-awareness directly into Cloud SIEM, the SOC Analyst Agent eliminates noise, standardizes outcomes, and accelerates time to resolution.
-
+The SOC Analyst agent is part of the [Sumo Logic Dojo AI](/docs/get-started/ai-machine-learning/#dojo-ai). The SOC Analyst agent is an assistant that applies agentic AI reasoning to triage and investigation tasks. It correlates alerts, weighs patterns against frameworks like MITRE ATT&CK, and renders evidence-backed verdicts, providing analysts an immediate sense of threat impact. When deeper analysis is required, you continue the same investigation conversationally in [Mobot](/docs/search/mobot/), Dojo AI's chat interface, to map relationships, connect entities, and summarize findings.
-
-Will the agent increase scanning or data-processing costs?
+### Will the agent increase scanning or data-processing costs?
No. The agent analyzes existing data already ingested into Cloud SIEM. It performs reasoning on metadata and contextual signals rather than initiating new scans.
-
+### How does the agent differ from Cloud SIEM correlation or automation rules?
-
-How does the agent differ from Cloud SIEM correlation or automation rules?
+Unlike traditional correlation logic, which is static, the SOC Analyst agent applies agentic reasoning. It adapts based on insight context, recent analyst actions, and environmental signals, producing contextual, explainable decisions rather than fixed pattern matches.
-Unlike traditional correlation logic, which is static, the SOC Analyst Agent applies agentic reasoning. It adapts based on insight context, recent analyst actions, and environmental signals, producing contextual, explainable decisions rather than fixed pattern matches.
-
+### What data does the agent rely on to render verdicts?
-
-What data does the agent rely on to render verdicts?
+The agent draws from normalized security data (`sec_record*` indexes and signals), correlated entities, Sumo Logic and customer-provided [threat intelligence](/docs/security/threat-intelligence) feeds, and enrichment data (for example, IP geolocation, user behavior, and asset details).
-The agent draws from normalized security data (`sec_record*` indexes and signals), correlated entities, Sumo Logic’s integrated threat intelligence feeds, and enrichment data (for example, IP geolocation, user behavior, and asset details).
-
-
-
-Can analysts provide feedback or correct AI verdicts?
+### Can analysts provide feedback or correct AI verdicts?
Yes. Analysts can override verdicts and flag feedback within the UI. These actions are logged and reviewed to refine model behavior over time as part of the Dojo AI learning loop.
-
-
-### FAQs for preview
-
-How does investigation rate limiting work?
+### How does investigation rate limiting work?
-To ensure stable performance, the agent performs system-wide rate limiting, which imposes usage controls across the entire SOC Analyst Agent user base to manage capacity. As a result, automatic investigation may skip some insights if investigating them would exceed rate limits. The skipped insights show **Not Investigated** in the **AI Verdicts** column. However, in these instances, you can manually start an investigation of the insight by clicking the **Investigate** button.
+To ensure stable performance, the agent performs system-wide rate limiting, which imposes usage controls across the entire SOC Analyst agent user base to manage capacity. As a result, automatic investigation may skip some insights if investigating them would exceed rate limits. The skipped insights show **Not Investigated** in the **AI Verdicts** column. However, in these instances, you can manually start an investigation of the insight by clicking the **Investigate** button.
The rate limits for your organization are:
* 5 automatic investigations per day.
@@ -176,19 +147,14 @@ The rate limits for your organization are:
Be aware, though, that if you have reached your limit of the total number of insights that you can get AI verdicts for in a certain time period, a message will appear telling you when you can next click the **Investigate** button to manually initiate an AI investigation.
If you have questions about the AI investigation rate limiting for your organization, ask your Sumo Logic representative.
-
-
-Does the agent automatically investigate things that are not entities in Cloud SIEM?
+### Does the agent automatically investigate things that are not entities in Cloud SIEM?
Traditional Cloud SIEM entities are items like users, IP addresses, hosts, and the like. In addition to these, the agent automatically investigates things that are not usually identified as entities in Cloud SIEM, such as related cloud resources, API endpoints, or service accounts relevant to the insight. This intelligent entity prioritization results in faster investigation and reduces time spent manually determining which entities to investigate.
-
-
-Can I converse with the agent in the same way I am used to doing with other AI-enabled tools?
+### Can I converse with the agent in the same way I am used to doing with other AI-enabled tools?
Yes, you can. In your investigation, you are not limited in how you proceed. You can engage the agent in a conversational flow to direct the investigation any way you want. However, the agent has many tools that can help should you need guidance. For example, the agent presents follow-up questions after each step that offer you multiple paths for investigation.
-
## Additional resources
diff --git a/docs/get-started/ai-machine-learning.md b/docs/get-started/ai-machine-learning.md
index fa6a57d0b2c..8706b93a3e8 100644
--- a/docs/get-started/ai-machine-learning.md
+++ b/docs/get-started/ai-machine-learning.md
@@ -14,7 +14,6 @@ keywords:
- mobot
- query agent
- knowledge agent
- - summary agent
- soc analyst agent
---
@@ -50,13 +49,9 @@ Dojo AI is Sumo Logic’s multi-agent AI platform, bringing specialized agents a
* **Query Agent**. Translates natural-language questions into log search queries and helps you refine them step by step to speed data exploration and investigation.
* **Knowledge Agent**. Answers how-to questions about Sumo Logic, from setup to troubleshooting and best practices, sourced directly from our official documentation.
-### Summary Agent
+### SOC Analyst agent
-The [Summary Agent](/docs/cse/get-started-with-cloud-siem/insight-summary/) automatically generates a concise summary of each Cloud SIEM insight, explaining the threat incidents that triggered it. Summaries help security teams quickly understand scope and prioritize response.
-
-### SOC Analyst Agent
-
-The [SOC Analyst Agent](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent/), now in Public Preview, applies agentic reasoning to triage and investigate Cloud SIEM insights. It delivers automated verdicts (malicious, suspicious, or benign) using evidence-backed analysis, and supports hypothesis-driven investigation to map relationships, connect entities, and summarize findings.
+The [SOC Analyst Agent](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent/) applies agentic reasoning to triage and investigate Cloud SIEM insights. It delivers automated verdicts (malicious, suspicious, or benign) using evidence-backed analysis, and supports hypothesis-driven investigation to map relationships, connect entities, and summarize findings.
### MCP server
@@ -107,13 +102,9 @@ Our Sumo Logic AI for Security functionality empowers SOC analysts and threat hu
### Cloud SIEM
-#### Insight summary
-
-The [Summary Agent](/docs/cse/get-started-with-cloud-siem/insight-summary/) generates a synopsis of each insight that describes the threat incidents that triggered it, helping security teams understand incidents faster and accelerate response time.
-
#### SOC Analyst Agent
-The [SOC Analyst Agent](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent/) triages and investigates Cloud SIEM insights using agentic AI reasoning. Available in Public Preview.
+Triage and investigate Cloud SIEM insights faster with the [SOC Analyst Agent](/docs/cse/get-started-with-cloud-siem/soc-analyst-agent/), which applies agentic AI reasoning to analyze alerts and deliver evidence-backed verdicts (malicious, suspicious, or benign). It correlates related activity, maps entity relationships, and summarizes findings, so analysts start with an investigation instead of a raw alert. From there, you can continue digging in [Mobot](/docs/search/mobot) using natural language to explore scope, impact, and supporting evidence.
#### Rules
@@ -144,7 +135,7 @@ Yes. You can opt out of specific AI features at any time by submitting a support
Agent interaction with customer data varies by capability.
-Mobot (including Query Agent and Knowledge Agent) and Summary Agent do **not** process or analyze customer data.
+Mobot (including Query Agent and Knowledge Agent) and SOC Analyst agent do **not** process or analyze customer data.
The SOC Analyst Agent (currently in Public Preview) processes customer data to help review insight data, correlate activity, and assist in triage and investigation as directed by the user.
@@ -225,7 +216,7 @@ Availability of specific AI capabilities may vary by deployment region (includin
Which Dojo AI capabilities are available in FED?
-The current GA versions of Mobot (including Query Agent and Knowledge Agent) and Summary Agent are available in the FED deployment.
+The current GA versions of Mobot (including Query Agent and Knowledge Agent) and SOC Analyst agent are available in the FED deployment.
The SOC Analyst Agent and certain newer Dojo AI capabilities are not currently available in FED. These capabilities depend on underlying model configurations that do not yet meet the requirements of our FED compliance boundary.
diff --git a/sidebars.ts b/sidebars.ts
index 2ba97200e41..a1553c0b7a5 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -2946,6 +2946,7 @@ integrations: [
'cse/get-started-with-cloud-siem/insight-generation-process',
'cse/get-started-with-cloud-siem/about-cse-insight-ui',
'cse/get-started-with-cloud-siem/insight-summary',
+ 'cse/get-started-with-cloud-siem/soc-analyst-agent',
'cse/get-started-with-cloud-siem/cloud-siem-content-catalog',
'cse/get-started-with-cloud-siem/onboarding-checklist-cse',
],
diff --git a/static/img/cse/ask-mobot-buttons.png b/static/img/cse/ask-mobot-buttons.png
index ed80f140840..8cc7d5c04f4 100644
Binary files a/static/img/cse/ask-mobot-buttons.png and b/static/img/cse/ask-mobot-buttons.png differ
diff --git a/static/img/cse/insight-agent-in-mobot.png b/static/img/cse/insight-agent-in-mobot.png
index d88881b05c0..3a3dddc79ed 100644
Binary files a/static/img/cse/insight-agent-in-mobot.png and b/static/img/cse/insight-agent-in-mobot.png differ
diff --git a/static/img/cse/insight-ai-filter.png b/static/img/cse/insight-ai-filter.png
new file mode 100644
index 00000000000..87e6785c802
Binary files /dev/null and b/static/img/cse/insight-ai-filter.png differ
diff --git a/static/img/cse/insight-ai-investigation-tab-new.png b/static/img/cse/insight-ai-investigation-tab-new.png
deleted file mode 100644
index 3097f9db3b4..00000000000
Binary files a/static/img/cse/insight-ai-investigation-tab-new.png and /dev/null differ
diff --git a/static/img/cse/insight-ai-investigation-tab.png b/static/img/cse/insight-ai-investigation-tab.png
index 4bdf7c46900..3097f9db3b4 100644
Binary files a/static/img/cse/insight-ai-investigation-tab.png and b/static/img/cse/insight-ai-investigation-tab.png differ
diff --git a/static/img/cse/insight-ai-verdict-column.png b/static/img/cse/insight-ai-verdict-column.png
index be95693db8d..b34fccda8d4 100644
Binary files a/static/img/cse/insight-ai-verdict-column.png and b/static/img/cse/insight-ai-verdict-column.png differ
diff --git a/static/img/cse/investigation-agent-query.png b/static/img/cse/investigation-agent-query.png
index 3ce55a6dd96..e8b2c5bfb1b 100644
Binary files a/static/img/cse/investigation-agent-query.png and b/static/img/cse/investigation-agent-query.png differ
diff --git a/static/img/cse/investigation-agent-results.png b/static/img/cse/investigation-agent-results.png
index 5e2ca9a2e60..31e586107e4 100644
Binary files a/static/img/cse/investigation-agent-results.png and b/static/img/cse/investigation-agent-results.png differ
diff --git a/static/img/cse/mobot-open-insight-button.png b/static/img/cse/mobot-open-insight-button.png
new file mode 100644
index 00000000000..bcc118f5acf
Binary files /dev/null and b/static/img/cse/mobot-open-insight-button.png differ
diff --git a/static/img/cse/playbook-automation-confirmation.png b/static/img/cse/playbook-automation-confirmation.png
index 93e4607694f..fa758bc8b2d 100644
Binary files a/static/img/cse/playbook-automation-confirmation.png and b/static/img/cse/playbook-automation-confirmation.png differ
diff --git a/static/img/cse/search-button-in-mobot.png b/static/img/cse/search-button-in-mobot.png
deleted file mode 100644
index 9822a9f91cb..00000000000
Binary files a/static/img/cse/search-button-in-mobot.png and /dev/null differ
diff --git a/static/img/cse/soc-analyst-agent-dashboard-generated.png b/static/img/cse/soc-analyst-agent-dashboard-generated.png
index 17f4e8cd01a..c35996864f7 100644
Binary files a/static/img/cse/soc-analyst-agent-dashboard-generated.png and b/static/img/cse/soc-analyst-agent-dashboard-generated.png differ
diff --git a/static/img/cse/soc-analyst-agent-dashboard.png b/static/img/cse/soc-analyst-agent-dashboard.png
index 72fe81b47e6..a1614cc1109 100644
Binary files a/static/img/cse/soc-analyst-agent-dashboard.png and b/static/img/cse/soc-analyst-agent-dashboard.png differ
diff --git a/static/img/cse/soc-analyst-agent-followup-questions.png b/static/img/cse/soc-analyst-agent-followup-questions.png
index 449e078e123..4e0368b348a 100644
Binary files a/static/img/cse/soc-analyst-agent-followup-questions.png and b/static/img/cse/soc-analyst-agent-followup-questions.png differ
diff --git a/static/img/cse/soc-analyst-agent-side-panel.png b/static/img/cse/soc-analyst-agent-side-panel.png
index 8016253a448..31bd2769860 100644
Binary files a/static/img/cse/soc-analyst-agent-side-panel.png and b/static/img/cse/soc-analyst-agent-side-panel.png differ
diff --git a/static/img/cse/soc-analyst-comments-panel.png b/static/img/cse/soc-analyst-comments-panel.png
deleted file mode 100644
index a6a043ba97b..00000000000
Binary files a/static/img/cse/soc-analyst-comments-panel.png and /dev/null differ
diff --git a/static/img/search/mobot/mobot-welcome.png b/static/img/search/mobot/mobot-welcome.png
new file mode 100644
index 00000000000..c56b64c9bbb
Binary files /dev/null and b/static/img/search/mobot/mobot-welcome.png differ