SOLUTION UPDATES & NEW FEATURES

Agile Blue continues to evolve its SOC and SIEM platform with updates designed to improve visibility, response tracking, and enforcement of zero-trust principles. These enhancements provide additional insight and control for customers using Agile Blue as part of their managed security services.

Isolate Hosts & Disable Office365 Accounts
This update enhances day to day security operations by improving visibility, response speed, and operational control.

Users now have a central view of host isolation and Office365 account disablement, with real time status and a complete audit history of response actions. This makes it easier to track what actions have been taken, when they occurred, and who initiated them.

The update also streamlines incident response by allowing administrators to initiate containment actions directly from the Response page, even when a device or user is not linked to an active case. This enables faster decision making and quicker threat containment, helping reduce risk and minimise potential impact.

What this means for you:

• Greater transparency into incident response activities
• Improved reporting and post-incident review
• Enhanced audit and compliance support

Zero Trust Rules
This update enhances alert prioritisation by allowing users to apply and designate specific rules as Zero Trust based on what matters most to their organisation.

When a Zero Trust Rule is triggered, the associated case is automatically escalated, ensuring rapid notification and faster response. This helps critical alerts bypass normal triage processes and reach the right teams immediately, whether via email, ticketing systems, or other notification channels.

By giving users control over which alerts demand immediate attention, Zero Trust Rules help reduce alert fatigue, improve response times, and ensure high-priority events are never missed.

What this means for you:

• Reduced attack surface through stricter access controls
• Lower risk of lateral movement during a security breach
• Stronger alignment with zero-trust security frameworks

SentinelOne Integration
Enhanced integration with SentinelOne allows endpoint telemetry to be incorporated into investigations and response workflows, improving threat visibility across endpoints.

What this means for you:

• Faster identification of endpoint-based threats
• More context during investigations and incident response
• Improved coordination between endpoint and SOC activities

Together, these updates enhance the overall effectiveness by supporting faster response times, clearer visibility, and stronger preventative controls.

Other Enhancements

Some of the other improvements to the portal itself you will see include:

• Re-tooled Alert Playbook layout and functionality, allowing for quicker access to critical information and increased customisation.
• Updated Artifacts section on the Case Details page, giving a cleaner view of key case data and allowing for the ability to highlight malicious and potentially malicious artifacts.
• Enhanced Sapphire AI Decisioning escalation email template with new key details, including:
  • Rules list
  • Sapphire AI Verdict
  • Verdict Confidence Score
  • Verdict Explanation
  • Case Summary

🔗 Learn more:
https://help.agileblue.com/track-responsive-actions-with-agileblue
https://help.agileblue.com/zero-trust-rules
https://help.agileblue.com/sentinelone-integration