Listen to this Post

Introduction
For years, security vendors have wielded the “thousands of alerts per day” narrative as both a scare tactic and a sales pitch. The implication is clear: your SOC is drowning, and only their solution can throw you a lifeline. But as industry practitioners like Rafał Kitab have consistently demonstrated, these numbers are often wildly inflated—and even when they aren’t, the sheer volume of alerts is a symptom, not the root cause. The real bottleneck in modern security operations isn’t the number of alerts hitting the SIEM; it’s what happens after the alert fires—the triage, investigation, remediation, and feedback loop that consume analyst hours and burn out teams. This is where Agentic SecOps enters the conversation, not as a magic bullet to close alerts faster, but as a fundamental rethinking of how we structure the SOC lifecycle.
Learning Objectives
- Understand why alert count is a vanity metric and how to refocus on lifecycle outcomes
- Learn the four-stage agentic SOC model: triage, investigation, remediation, and feedback
- Master the concept of the “agent harness” and why boundaries must be enforced by the platform, not requested in a prompt
- Explore practical implementation strategies for deploying AI agents with deterministic guardrails
- Identify the prerequisites for AI readiness in SecOps, including detection engineering hygiene
You Should Know
- The Alert Count Mirage: Why Marketing Metrics Mislead
Every vendor leads with the same pitch: thousands of alerts per day, analysts drowning, your SOC is broken. The problem? Most practitioners know the number is inflated. As Rafał Kitab points out, “2,000 alerts/day is huge, not matter which setup. With a properly setup SIEM, alert fatigue is a real thing, and tuning by ‘hand’ can imo hide the subtle signals.”
The critical insight here is that alert volume is a detection engineering problem, not an AI problem. Throwing AI at excessive alert volume is simply burning money. Security budgets typically hover around 1% of revenue, making cost-effectiveness non-1egotiable. Before any organization can responsibly deploy agentic AI, it must first address the fundamentals: tuning detections, reducing false positives, and ensuring data quality.
Detection Engineering Hygiene Checklist:
| Priority | Action | Verification |
|-|–|–|
| 1 | Review and tune high-volume, low-fidelity rules | Alert-to-incident ratio < 10:1 |
| 2 | Deprecate rules with > 95% false positive rate | Track FP rate per rule |
| 3 | Implement alert grouping and deduplication | Reduce noise by 40-60% |
| 4 | Establish feedback loop from investigations to detection engineering | Closed-loop improvement |
Linux Command – SIEM Log Aggregation and Filtering:
Aggregate and count alert patterns from SIEM logs
grep -E "ALERT|SEVERITY" /var/log/siem/.log | \
awk '{print $NF}' | sort | uniq -c | sort -rn | head -20
Identify top alert sources for tuning prioritization
journalctl -u splunkd --since "24 hours ago" | \
grep -o '"signature":"[^"]"' | sort | uniq -c | sort -rn
Windows PowerShell – Event Log Analysis for Tuning:
Analyze top Windows Event IDs generating alerts
Get-WinEvent -LogName Security -MaxEvents 10000 |
Group-Object Id |
Sort-Object Count -Descending |
Select-Object -First 20 Name, Count
Identify accounts triggering excessive failed logon alerts
Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4625} -MaxEvents 5000 |
Group-Object { $_.Properties[bash].Value } |
Sort-Object Count -Descending
The Bottom Line: Before deploying any AI agent, ensure your detection engineering program is mature enough that the alert volume is manageable. AI is an accelerator for investigation, not a fire extinguisher for broken detections.
- The Agent Harness: Boundaries as Architecture, Not Requests
One of the most dangerous misconceptions in agentic AI is the belief that a well-crafted system prompt can keep an agent safe. As Filip Stojkovski puts it bluntly: “A prompt is a request, not a constraint. The boundaries need to be enforced by the platform, not asked nicely in a system prompt.”
This is the core philosophy behind the agent harness—an architectural layer that scopes what each micro-agent can see and do. Instead of turning a single, powerful LLM loose on your environment, the harness breaks functionality into specialized micro-agents with granular permissions, deterministic workflows, and strict behavior rules.
How the Agent Harness Works:
┌─────────────────────────────────────────────────────────────┐ │ AGENT HARNESS │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Triage │ │Investigation│ │ Remediation │ │ │ │ Agent │ │ Agent │ │ Agent │ │ │ ├─────────────┤ ├─────────────┤ ├─────────────┤ │ │ │Scope: │ │Scope: │ │Scope: │ │ │ │- Read alerts│ │- Query SIEM │ │- Isolate │ │ │ │- Classify │ │- Enrich IoCs│ │ endpoints │ │ │ │- Assign │ │- Correlate │ │- Block IPs │ │ │ │ severity │ │ events │ │- Execute │ │ │ │ │ │ │ │ playbooks │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ │ │ Deterministic Guardrails: │ │ • Max actions per invocation: 5 │ │ • Required human approval: High-severity actions │ │ • Audit trail: Full logging of all agent decisions │ │ • Peer agent communication limits: 2 agents max │ └─────────────────────────────────────────────────────────────┘
BlinkOps Agent Builder – No-Code Configuration:
BlinkOps’ no-code Security Agent Builder enables security teams to create specialized AI agents with laser-focused capabilities, integrating with over 30,000 prebuilt integrations. Each agent is designed with intent—a GDPR compliance agent operates differently from a ransomware response specialist. The platform uses a hybrid architecture combining AI reasoning with deterministic workflow execution, ensuring agents adapt to complex scenarios while following exact instructions.
API Security Configuration – Enforcing Agent Boundaries:
Example agent policy configuration (YAML) agent_policy: name: "triage_agent_v1" permissions: - resource: "siem:alerts" actions: ["read", "classify"] - resource: "ticketing:create" actions: ["write"] - resource: "edr:containment" actions: ["request_approval"] rate_limits: max_alerts_per_minute: 60 max_concurrent_investigations: 5 guardrails: require_human_approval: ["edr:containment", "network:block"] max_peer_agents: 2 audit_level: "full"
Cloud Hardening – IAM Boundaries for Agents:
Terraform – Restrict agent service account permissions
resource "aws_iam_policy" "agent_triage_policy" {
name = "agent-triage-policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics"
]
Resource = ""
Condition = {
"StringEquals" = {
"aws:ResourceTag/Environment" = "security-operations"
}
}
},
{
Effect = "Deny"
Action = [
"ec2:TerminateInstances",
"iam:CreateAccessKey"
]
Resource = ""
}
]
})
}
The Bottom Line: Agent safety is not achieved through clever prompting. It requires a platform-level harness with deterministic guardrails, granular permissions, and full auditability. Trust the architecture, not the prompt.
3. The Four-Stage Agentic SOC Lifecycle
Agentic SecOps isn’t about replacing the entire SOC with AI—it’s about augmenting human capacity at specific, well-defined stages of the incident response cycle. The BlinkOps framework identifies four key stages where agentic approaches actually deliver value:
Stage 1: Triage
The frontline of the SOC. Agents autonomously investigate every alert, correlating data across the security stack, applying contextual reasoning, and surfacing only what requires human expertise. This is where the bulk of noise reduction happens—agents determine if an alert is a true positive, a false positive, or requires further investigation.
Stage 2: In-Depth Investigation
For alerts that pass triage, investigation agents dive deeper. They query SIEMs, enrich indicators of compromise (IoCs), correlate events across time and systems, and build a comprehensive threat narrative. The goal is to deliver a complete investigation package to the human analyst, reducing the time spent on manual enrichment from hours to minutes.
Stage 3: Remediation
Once a threat is confirmed, remediation agents execute predefined response actions—isolating endpoints, blocking IPs, rotating credentials, or triggering playbooks. Critically, these actions operate within deterministic guardrails and often require human approval for high-severity actions.
Stage 4: Feedback Loop (Detection Engineering)
The final and most overlooked stage. Investigation outcomes feed back into detection engineering, allowing the system to improve over time. Agents can suggest tuning adjustments, identify weak detections based on alert patterns, and even write draft detection rules. This closes the loop and reduces future alert volume organically.
SIEM Query for Automated Triage:
-- Splunk SPL: Identify alerts requiring immediate triage
index=security sourcetype=alert
| eval severity=case(risk_score>80, "CRITICAL", risk_score>50, "HIGH", 1=1, "MEDIUM")
| where severity IN ("CRITICAL", "HIGH")
| stats count by signature, src_ip, dest_ip, severity
| sort - count
| head 50
EDR API Automation – Remediation Playbook:
Python script for automated endpoint isolation (with approval gate)
import requests
import os
def isolate_endpoint(endpoint_id, api_key, approval_token):
"""
Isolate an endpoint via EDR API with human approval gate.
"""
Check approval token
if not verify_approval(approval_token):
return {"status": "pending_approval", "message": "Human approval required"}
headers = {
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json"
}
payload = {"endpoint_id": endpoint_id, "action": "isolate"}
response = requests.post(
"https://api.edr.example.com/v1/endpoints/isolate",
headers=headers,
json=payload
)
return response.json()
def verify_approval(token):
Check against approval system (e.g., Jira, Slack, Teams)
Returns True if approved, False otherwise
return True Placeholder
The Bottom Line: Agentic AI should be deployed incrementally across the SOC lifecycle, starting with triage and progressively moving toward remediation and feedback. Each stage requires different agent capabilities and different guardrails.
4. Beyond SOAR: Why Traditional Automation Failed
Traditional SOAR (Security Orchestration, Automation, and Response) promised to solve the alert fatigue problem. It didn’t. As the Somerford Associates event page explains: “Traditional SOAR promised to fix this. It moved the bottleneck instead of removing it, trading alert pressure for playbook maintenance and integration debt.”
Why SOAR Falls Short:
| Challenge | SOAR Approach | Problem |
|–|||
| Playbook maintenance | Hard-coded scripts | Brittle, breaks with every tool update |
| Integration | Custom API coding | Integration debt accumulates |
| Adaptability | Fixed logic paths | Cannot handle novel threat patterns |
| Analyst burden | Still requires human to trigger | Moves work, doesn’t eliminate it |
| Scale | Linear scaling with headcount | Costs spiral with volume |
The Agentic Alternative:
Agentic SecOps replaces scripting with natural language for building and running workflows. Instead of hard-coded playbooks, agents use reasoning to adapt to each unique alert while executing actions through deterministic, auditable workflows. The platform combines AI agents with deterministic workflows—AI reasons and adapts, while the actions it executes stay predictable and auditable.
Natural Language Workflow Example:
"When a critical severity alert arrives from CrowdStrike indicating ransomware activity, query Splunk for related authentication events from the same source IP in the last 24 hours. If more than 5 failed logins are detected, isolate the endpoint and create a Jira ticket with the full investigation summary." The platform translates this into: - Agent A (CrowdStrike): Fetch alert details - Agent B (Splunk): Query authentication logs - Agent C (Correlation): Analyze relationship - Agent D (EDR): Isolate endpoint (with approval) - Agent E (Jira): Create ticket with findings
The Bottom Line: Agentic SecOps doesn’t just automate tasks—it automates decisions within a safe, governed framework. This is the fundamental difference from legacy SOAR.
5. AI Readiness: Detection Engineering Comes First
As Rafał Kitab emphasizes, “SOCs 100% should take care of detections / data first, and once that’s solved explore using AI to scale their investigation capabilities.” AI readiness in SecOps is a real thing, and proper detection engineering and tuning are a big part of it.
AI Readiness Assessment:
| Prerequisite | Check | Action if Unmet |
|–|-|–|
| Alert-to-incident conversion rate > 10% | Review SIEM analytics | Tune or deprecate low-fidelity rules |
| False positive rate < 50% per rule | Track rule-level FP metrics | Implement rule-specific tuning |
| Data quality: Complete, normalized logs | Audit log sources | Fix gaps, standardize formatting |
| Defined incident classification schema | Review playbooks | Document and standardize |
| Investigation workflow documented | Process mapping | Create runbooks for common scenarios |
| Feedback loop from IR to detection eng | Assess current process | Implement post-incident review process |
Linux Command – Log Normalization and Quality Check:
Check log completeness across sources
for source in /var/log/{auth,syslog,kern,secure}.log; do
echo "=== $source ==="
wc -l $source
tail -5 $source
done
Identify malformed log entries
grep -v -E "^[A-Za-z]{3}\s+[0-9]{1,2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}" /var/log/syslog | head -20
Windows PowerShell – Detection Rule Effectiveness Audit:
Analyze detection rule effectiveness
$rules = Get-SecurityDetectionRule
foreach ($rule in $rules) {
$alerts = Get-SecurityAlert -RuleId $rule.Id -StartTime (Get-Date).AddDays(-30)
$truePositives = $alerts | Where-Object { $_.Status -eq "TruePositive" }
$fpRate = ($alerts.Count - $truePositives.Count) / $alerts.Count 100
Write-Host "$($rule.Name): $fpRate% FP rate ($($alerts.Count) alerts)"
}
The Bottom Line: AI is not a shortcut for poor detection engineering. Before deploying agentic AI, invest in tuning your detections, reducing false positives, and ensuring your data is clean and normalized.
6. The Peer Agent Ecosystem: Controlled Collaboration
One of the most innovative aspects of modern agentic platforms is the concept of peer agents—AI constructs that can communicate and collaborate. As Gil Barak, CEO of BlinkOps, explains: “Every agent can be told which other agents it’s allowed to talk to, and they can cooperate or even delegate tasks to each other.”
However, this capability comes with risks. Early iterations revealed “unlimited loops where they would call each other non-stop,” necessitating strict guardrails. The solution? Limiting each agent to two to five abilities and one to two peer agent connections.
Example Peer Agent Workflow:
[SIEM Alert] → [Triage Agent] ↓ [Investigation Agent] ←→ [Threat Intel Agent] ↓ [Correlation Agent] ←→ [Asset Context Agent] ↓ [Remediation Agent] → [Approval Gate] → [bash]
The Bottom Line: Peer-to-peer agent collaboration mirrors human workflows, enabling distributed yet coordinated security operations—but only when governed by strict architectural controls.
What Undercode Say
Key Takeaway 1: Alert count is a vanity metric that distracts from the real bottleneck—the post-alert workflow. Organizations must fix their detection engineering before deploying AI.
Key Takeaway 2: Agent safety requires platform-level harnesses with deterministic guardrails, not clever prompting. Boundaries must be enforced by architecture, not requested in natural language.
Analysis:
The convergence of agentic AI and SecOps represents a paradigm shift, but one that demands discipline. The industry has spent years chasing the “thousands of alerts” narrative, selling solutions that treat symptoms rather than causes. Agentic SecOps offers a genuine opportunity to re-architect the SOC—but only if we resist the temptation to use it as a Band-Aid for broken detection programs. The organizations that succeed will be those that invest in detection engineering hygiene first, deploy agents incrementally across the SOC lifecycle, and enforce strict architectural guardrails. Those that don’t will simply automate their noise and burn money faster. The future of SecOps is agentic, but it’s also disciplined, data-driven, and relentlessly focused on outcomes over metrics.
Prediction
+1 Organizations that prioritize detection engineering hygiene before deploying agentic AI will achieve 3-5x ROI compared to those that treat AI as a silver bullet for alert fatigue.
+1 The “agent harness” model will become the industry standard for AI security deployments within 18-24 months, replacing the current ad-hoc approach to LLM safety.
-1 Security vendors will continue to inflate alert count metrics in marketing materials, creating confusion and delaying genuine AI adoption for another 12-18 months.
+1 Detection engineering will emerge as the most critical skill for SOC teams, with AI agents augmenting rather than replacing human detection engineers.
-1 Organizations that deploy agentic AI without first addressing data quality and detection tuning will see increased operational costs and eroded analyst trust in automation.
+1 The integration of feedback loops from agent investigations back into detection engineering will create a virtuous cycle, reducing alert volumes organically over time.
▶️ Related Video (82% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Filipstojkovski The – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


