Intezer Unveils Custom AI Agents for SOC Automation
Intezer has launched Custom Agents, allowing security teams to build their own AI agents within the Intezer platform to automate unique security tasks and workflows.

Intezer has introduced a significant new capability called Custom Agents, empowering security operations center (SOC) teams to develop their own artificial intelligence agents directly within the Intezer platform. This enhancement builds upon Intezer's existing strategy, which relies on autonomous agents to perform security tasks with human oversight.
In today's threat landscape, manual alert handling and one-off automation solutions are insufficient to cope with the sheer volume and complexity of cyber threats. Intezer's core platform already employs autonomous agents that work around the clock to triage, investigate, and respond to security alerts. These agents are designed to investigate 100 percent of alerts, escalating fewer than two percent for human review, thereby significantly reducing analyst workload.
The introduction of Custom Agents allows customers to extend this automation further. Security teams can now automate additional investigation steps, generate custom reports, and streamline other recurring SOC routines that are specific to their organization's environment and operational needs. This move aims to provide more tailored and efficient security operations.
Every SOC typically has a set of daily operational procedures, ranging from drafting incident reports and documenting shift handoffs to fine-tuning detection rules and recording investigation findings. An analysis of how teams utilized Intezer's AI chat for these workflows revealed that a substantial portion of conversations involved the repeated execution of the same tasks. Custom Agents are designed to transform these repetitive actions into self-executing agents.
Existing Intezer customers are already leveraging these agents for a variety of critical tasks. These include the automated generation of customized incident reports, providing recommendations for tuning detection rules based on triage verdicts, and proactively hunting for threats within the environment. The platform's flexibility allows for a broad spectrum of applications.
"With Custom Agents, security teams can automate their unique individual and team processes, by building their own AI agents, which run on the same engine that operates their SOC to ensure seamless integration and performance," stated Itai Tevet, CEO of Intezer. "Our autonomous agents have long handled the fundamental work of the SOC. With Custom Agents, we are giving customers the power to automate their own unique workflows, running them precisely how they choose."
Getting started with Custom Agents is designed to be straightforward. SOC teams can create agents using natural language prompts, describing the desired actions and specifying when the agent should run – whether on a schedule, triggered by an event like a closed case, or on demand. Users can also select the tools the agent is permitted to use, ensuring controlled execution.
These agents possess the capability to operate across the entire security stack. They can integrate Intezer's built-in toolset with connected Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and identity management tools, including popular solutions like CrowdStrike, SentinelOne, Splunk, Microsoft Sentinel, and Entra ID. The agents can then take actions such as updating cases, adding comments, closing incidents, and emailing completed reports.