Everything you need to run SOCPilot.
Concise, security-specific reference for analysts, SOC leads, MSSPs, and security buyers. Every article is written for the SOC team that will actually rely on it.
Getting started
What SOCPilot is, what it isn't, and how to deploy it safely.
1 article
Connecting integrations
SIEM, EDR, identity, cloud and email connectors.
1 article
Alert triage
How alerts are scored, evidenced and routed.
2 articles
Investigations
Cases, timelines, notes, handoffs and decisions.
1 article
Threat Graph
Entities, relationships and blast radius.
1 article
Response approvals
Recommended actions, approvals and the kill switch.
1 article
Incident briefs
Executive and technical write-ups.
1 article
Compliance evidence packs
SOC 2, ISO 27001, PCI, NIST mappings.
1 article
MSSP workspaces
Per-client isolation for managed providers.
1 article
Roles and permissions
Owner, admin, SOC lead, analyst, viewer, auditor.
1 article
Security controls
Read-only mode, retention, secrets, audit.
2 articles
API and webhooks
Keys, scopes, events and delivery history.
1 article
FAQ
Common questions from analysts and buyers.
1 article