Security operations — alerts, investigations, playbooks.
35f
A detection from a security tool.
/api/v1/soc/alerts
list
get
acknowledge
escalate
30f
An analyst-led investigation, optionally rolling up alerts.
/api/v1/soc/investigations
create
update
close
28f
A reusable response runbook.
/api/v1/soc/playbooks
run