Sumo Logic, the Intelligent Security Operations Platform, is expanding how AI agents can help reduce investigation friction and accelerate security decisions.
Sumo Logic is reimagining the SOC by consolidating the data layer and the decision layer, according to the company. The platform starts with logs as the system of record, enriches signals through Cloud SIEM correlation, and applies Dojo AI to transform SIEM from a detection tool into a contextual recommendation engine to facilitate decisions.
Instead of just alerting analysts, the SOC Analyst Agent actively recommends the next-best action with explainable reasoning, the company said.
"The industry is redefining what a SOC does," said Chas Clawson, VP of security strategy at Sumo Logic. "It's no longer enough to surface context and say, 'here's a suspicious login, go figure it out.' Our Dojo AI SOC Analyst Agent can now recommend, for example, 'This user has suspicious logins to three apps from these two locations. Click to temporarily suspend access as I help you investigate.' We're closing the loop on TDIR with agentic workflows that guide analysts to faster and more confident decisions."
These new agents include:
- SOC Analyst Agent (Preview) – helps analysts reduce MTTR with automated to human-led investigations, to context-aware response actions and recommendations.
- Query Agent (GA) – converts intent into precise searches, eliminating complex query writing
- Knowledge Agent (GA) – answers how the product works using official documentation inside the workflow
- Sumo Logic MCP Server (Preview) – extends AI assistance across tools to avoid product boundaries becoming process boundaries
These agents operate on a trusted foundation of Sumo Logic's Logs for Security and Cloud SIEM, ensuring AI-driven recommendations are grounded in high-fidelity data and explainable logic.
For more information about this news, visit www.sumologic.com.