SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Security operations ai incident response workflow cloud alert dashboard
#
SIEM
#
Cloud Security
#
Advanced Persistent Threat Protection

Sumo Logic adds AI remediation tips for SOC analysts

Tue, 24th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Sumo Logic has expanded its SOC Analyst Agent to recommend remediation actions for security teams, adding a response element to its AI-based security operations tools.

The update targets a common problem in security operations centres: analysts may identify suspicious activity but still have to determine the next step manually. The agent now suggests actions during investigations instead of stopping at alerts and context.

The feature is intended to cover more of the threat detection, investigation and response workflow. In practice, an analyst examining a suspicious login or anomalous pattern can receive a recommendation on what to do next, along with the supporting context behind that suggestion.

Security teams are dealing with rising data volumes as cloud use, identity systems and distributed technology estates generate more signals to review. At the same time, many organisations still rely on multiple specialist products, forcing analysts to move between tools to investigate incidents and decide on a response.

Sumo Logic's approach combines logs as a system of record, correlation from its Cloud SIEM product and AI models under its Dojo AI brand. The aim is to move security information and event management software beyond detection and towards recommendation.

"The industry is redefining what a SOC does," said Chas Clawson, VP of Security Strategy at Sumo Logic. "It's no longer enough to surface context and say, 'here's a suspicious login, go figure it out.' Our Dojo AI SOC Analyst Agent can now recommend, for example, 'This user has suspicious logins to three apps from these two locations. Click to temporarily suspend access as I help you investigate.' We're closing the loop on TDIR with agentic workflows that guide analysts to faster and more confident decisions."

Broader toolset

The remediation recommendation feature sits alongside several other AI-driven functions in the company's security portfolio. Its Query Agent is generally available and can turn natural language prompts into searches, while its Knowledge Agent is also generally available to answer product questions within the workflow using official documentation.

Sumo Logic also highlighted its MCP Server, which remains in preview, as a way to extend AI assistance across tools. The goal is to reduce friction when response processes span several products.

The broader pitch centres on reducing the manual work involved in investigations. In many security teams, analysts still spend significant time writing search queries, validating alerts and checking documentation before they can decide on containment or remediation steps.

That burden has become more visible as organisations move more applications, infrastructure and identity management into cloud-based environments. The result is often a larger volume of logs and alerts, but not necessarily clearer decision-making for teams handling live incidents.

Customer view

Sumo Logic also cited customer feedback from Sammons Financial on its AI features in security operations.

"Sumo Logic's Dojo AI is transforming our Security Operations team by enabling natural language log analysis and delivering contextual insights that accelerate investigations," said Scott Steenhoek, Sr. IT Cybersecurity Engineer at Sammons Financial. "The platform reduces noise, improves detection precision, and allows our analysts to focus on response rather than manual query building."

The comments highlight a key area of competition in the cyber security market, where vendors are trying to show that AI can shorten the time between alert generation and action. That is particularly important in security operations, where staffing constraints and alert fatigue remain persistent issues.

Across the market, vendors have increasingly focused on so-called agentic AI systems that do more than summarise or retrieve information. The pitch is that these systems can support or automate multi-step tasks while still leaving final authority with human analysts for higher-risk decisions.

For buyers, however, questions remain around trust, explainability and the quality of the underlying data used to generate recommendations. Sumo Logic says its recommendations are grounded in logs and Cloud SIEM telemetry, and that the reasoning behind actions is explainable to analysts.

Awards noted

Separately, Sumo Logic said it received two Global Infosec Awards from Cyber Defence Magazine in the categories of Next Gen SIEM and Pioneering AI SOC. The awards add external recognition at a time when security software groups are competing to differentiate their products in an increasingly crowded AI market.

The company's message centres on reducing investigation friction inside the SOC. Whether that translates into broader adoption is likely to depend on how far security teams are willing to trust AI-generated recommendations when dealing with active threats and access decisions.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member