AI SOC
Splunk
Agentic Investigation
Investigation Layer
AI in a Splunk SOC: Agentic Investigation Without Rip-and-Replace
AI Engineer
He builds the interface that lets users design agentic workflows inside Arcanna, the place where a complex investigation gets decomposed into a chain of agents, each with the right tools and guardrails. He spends his time where AI engineering meets the operational reality of production SOCs.
Practitioner interviews
INSIDE ARCANNA
3 perspectives on why existing security stacks are breaking, and what trustworthy AI in operations actually requires.
-modified.jpeg)
Darius Iakabos
Technical Solution Architect
“SOAR was built for predictable workflows. SOC reality isn’t predictable.”
Why SOAR’s scaling ceiling isn’t compute — it’s the playbook maintenance burden — and what replaces it.
27 MINWatch
Alina Marcu, PhD
Chief Data Scientist
“AI without governance isn’t intelligence. It’s exposure.”
What a Trust Layer actually does — and why grounded decisions, drift control, and rollback are the price of putting AI in front of operations.
23 MINWatch
Denis Stefan
AI Engineer
“An agentic investigation works when the agent knows what it doesn’t know.”
How agentic investigations actually run end-to-end — structured outputs, decision-model guardrails, and verification at every step.
18 MINWatch
Keep Reading
Agentic Investigations in the SOC: The Architecture That Actually Works
How a complex investigation gets decomposed into a governed chain of agents.
ReadWhat to Look for in AI SOC Platforms: Thresholds, Drift, and Control
The criteria that separate a trustworthy AI SOC from a confident guess.
ReadWhy SOAR Breaks at Scale, and What Actually Replaces It
The ceiling isn't compute, it's the headcount to maintain static automation.
ReadFrom Pilot to Business Case: Evaluating AI Triage Tools
How to turn an AI triage pilot into a decision a CISO can sign off.
ReadWhat Are Decision Models?
The deterministic, per-tenant layer that grounds verdicts in your team's judgment.
Read