Alert triage assistance
EmilyAI extracts key indicators, highlights context from previous alerts, and suggests next investigative steps.
EmilyAI
Our internal SOC assistant, created in 2018 to accelerate triage, correlate intelligence, and enhance analyst decision-making.
A SOC assistant designed for real analysts
EmilyAI was created in 2018 to support our SOC analysts during periods of high alert volume, complex investigations, and cross-referenced threat intelligence work. Since then, she has evolved into a core component of our internal operations, helping to reduce noise, improve triage consistency, and enhance analyst effectiveness across SOC365.
EmilyAI is not a replacement for our analysts — she amplifies them. By automating repetitive tasks and offering context quickly, she allows human analysts to focus on high-value investigative work, threat hunting, and response coordination.
EmilyAI’s role
What EmilyAI does within our SOC
EmilyAI is deeply integrated into our SOC365 workflows, performing tasks that complement human judgement.
Threat intelligence correlation
Cross-references domains, IPs, hashes, URLs, email addresses, and behavioural patterns against our Threat Intelligence platform.
Detection engineering support
Identifies patterns in repeated alerts, supporting engineers in tuning detections, suppressions, or new rules.
Case documentation
Automatically drafts structured case notes consolidating indicators, timelines, enrichments, and analyst actions.
Noise reduction
Flags probable false positives based on contextual similarity and historical analysis, helping analysts focus on real threats.
Investigation augmentation
Provides enrichment, historical lookups, and behavioural observations during live investigations.
Why EmilyAI exists
In 2017 and early 2018, our SOC had reached a point where analysts were spending too much time on tasks that, while necessary, were cognitively repetitive: summarising alerts, pivoting across indicators, searching historical activity, drafting reports, and correlating basic intelligence.
We created EmilyAI to reduce that load and to help the SOC maintain a consistently high standard of investigation, especially during peak activity. EmilyAI was designed from day one to keep analysts in control — she enhances judgement, she does not replace it.
The outcome is faster, more consistent investigation quality, reduced fatigue, and more time available for threat hunting, collaborative investigations, and proactive defence.
How it works
How EmilyAI integrates with SOC365
EmilyAI operates as an internal, non-public component built specifically for our SOC365 workflows.
Internal model, private environment
EmilyAI operates entirely inside our secure internal environment, not as a public chatbot or generic AI tool.
Deep integration with SOC365 telemetry
Access to curated, privacy-controlled alert metadata enables her to provide meaningful context, never raw client data.
TI platform integration
EmilyAI performs automated TI lookups against our threat intelligence holdings, enrichment feeds, and deception telemetry.
Analyst-driven prompts
Analysts determine when and how EmilyAI supports an investigation; she reacts to human direction.
Safety & control layers
EmilyAI cannot take containment actions or make changes in client environments — those actions remain human-led.
Continuous development
EmilyAI evolves alongside our SOC maturity, incorporating new capabilities as threats change.
Why EmilyAI matters
EmilyAI enhances our ability to detect and respond to threats, reduces cognitive fatigue during high-volume alert periods, and accelerates routine investigative tasks. She allows analysts to focus on adversary tradecraft and complex cases, rather than repetitive enrichment steps.
Across SOC365, EmilyAI increases speed, consistency, and capacity — helping ensure that clients receive rapid, high-quality response even during demanding periods.
Outcomes
What EmilyAI enables for clients
EmilyAI is not a marketing feature. She directly improves outcome quality for every organisation protected by Cyber Defence.
Faster investigations
Repeated enrichment and correlation tasks are handled instantly, allowing analysts to move quickly to context and judgement.
Higher detection quality
EmilyAI highlights recurring patterns, anomalies, and contextual clues that inform new detections and rule tuning.
Reduced SOC fatigue
Analysts spend more time on meaningful defensive work, reducing burnout and improving retention.
Improved reporting
Case notes and incident summaries are clearer, more structured, and more consistent across analysts and shifts.
Better threat visibility
EmilyAI runs consistent cross-indicator correlation, ensuring subtle signals are not lost in volume.
A continuously improving SOC
EmilyAI helps surface where engineering changes, new detections, or suppression rules will deliver the most value.
EmilyAI is part of what makes Cyber Defence different
Our combination of human expertise, intelligence, engineering, and automation allows us to defend our clients more effectively. EmilyAI is one part of that philosophy — a practical augmentation of human capability.
To learn more about how we use AI responsibly within our SOC, read about our ethical AI framework