Skip to content

AirMDR AI SOC Platform Cheatsheet

AirMDR AI SOC Platform Cheatsheet

Overview

The AirMDR AI SOC Platform is an agentic AI solution designed to automate over 90% of Tier-1 alert triage, reducing analyst fatigue and operational costs. It is built for the security operations center (SOC) of managed security service providers (MSSPs) and enterprises.

Key Features

  • Agentic AI Triage: Automates the initial analysis of security alerts.
  • Reduced Analyst Fatigue: Frees up security analysts to focus on more complex threats.
  • Cost Reduction: Lowers operational costs by automating repetitive tasks.
  • MSSP and Enterprise Ready: Designed for both managed security providers and in-house security teams.

Getting Started

  1. Sign up for the Free Forever plan: Get started with up to three data sources and 100 alerts per week.
  2. Connect your data sources: Integrate your existing security tools and log sources with the AirMDR platform.
  3. Configure your triage policies: Define the rules and criteria for how the AI agent should handle different types of alerts.
  4. Monitor the results: Track the performance of the AI agent and review the automated triage decisions.

Common Commands

While the AirMDR platform is primarily UI-driven, here are some conceptual commands that represent the actions you would take within the platform:

  • airmdr connect --source <data_source_type> --credentials <api_key>: Connect a new data source.
  • airmdr policy create --name "High-Priority Phishing" --condition "alert.category == 'phishing' and alert.severity == 'high'" --action escalate: Create a new triage policy.
  • airmdr alerts list --status triaged: View the alerts that have been automatically triaged by the AI agent.
  • airmdr dashboard view: Open the main dashboard to view key metrics and performance indicators.

Example Use Case

Scenario: An MSSP wants to automate the initial triage of phishing alerts from their clients.

  1. Connect Data Sources: The MSSP connects their clients' email security gateways and endpoint detection and response (EDR) tools to the AirMDR platform.
  2. Create Triage Policies: They create a policy that automatically escalates high-severity phishing alerts to a senior analyst, while closing out low-severity alerts with a notification.
  3. Monitor and Refine: The MSSP monitors the performance of the AI agent, and refines the triage policies over time to improve accuracy and efficiency.

Additional Resources