Security alert investigator

Security alert investigator is an investigation agent for Detection & Response teams. When a new alert is created (or when you mention it on an alert page), it follows your runbooks to gather relevant context from your connected tools and your workspace, then documents the results in a structured investigation page. It correlates evidence across sources, highlights uncertainty, and saves reusable learnings to a memory database, while keeping the final true/false positive decision with the human responder.