Tier 2 investigations span every system, every team, and every policy. Bricklayer coordinates the entire response in one auditable workflow so analysts don't lose context, time, or evidence.
I can perform a Tier 2 investigation using the currently available agents, organizational policies, compliance frameworks, asset intelligence, SIEM telemetry, and incident response workflows.
| # | Task | Agent | Status |
|---|
| Recommendation | Procedure ready | Requires approval | Status | Action |
|---|---|---|---|---|
Isolate host IT-ADMIN-L1 from the network Immediately prevent additional command-and-control communication, lateral movement, or potential data exfiltration. |
Yes | Yes | Not started | |
Activate the Incident Response Team (IRT) Coordinate containment, forensic investigation, eradication, and recovery for the confirmed malicious activity. |
Yes | No | Not started | |
Notify CISO and impacted business stakeholders Communicate confirmed compromise, elevated organizational risk, and potential operational or regulatory implications. |
Yes | No | Not started | |
Formal forensic investigation of the affected system Analyze PowerShell artifacts, user activity, and telemetry to determine scope and whether sensitive data was exposed or exfiltrated. |
Yes | No | Not started | |
Enterprise-wide threat hunting Hunt for related IOCs, encoded PowerShell patterns, malicious infrastructure, and suspicious authentication activity. |
Yes | No | Not started | |
Reset credentials for user it_user Review privileged authentication activity for credential theft, misuse, or unauthorized administrative access. |
Yes | Yes | Not started |
Security Analyst
SPAcme Security Policy SME
Incident Responder
CPAcme Compliance Policy SME
Security Reporter
Hi, I'm your Bricklayer Assistant. I can help you design and execute security workflows such as alert investigations and vulnerability management through conversation.
Everything that made the alert ambiguous
becomes a blocker in the investigation.
Asset context lives in one system, policy in another, compliance somewhere else. Every escalation requires coordination across teams that don't share tools.
By the time you've reassembled the picture,
the incident has already moved.
With Bricklayer, incident investigation is handled by a coordinated workforce of AI agents under your team's command, working with the tools you already use. Your team, now with the experts they've always needed.
Security investigations don't fail for lack of data. They fail for lack of coordination. Here's how Bricklayer turns a conversation into organized, executed, and governed action across your SOC.
Turn natural language into structured security workflows. Designed, adjusted, and ready to execute.
Generate structured reports and audit-ready evidence packages for analyst review and compliance.
Decompose investigations into discrete tasks, each handled by a specialized agent with traceable outputs.
Visually orchestrate agents, procedures, and execution paths inside a governed workspace.
Establish human oversight through governed prompts, structured controls, and reusable procedures.
Incident Investigation customer deployment data is being compiled as part of our 2026 customer review. Reach out for the most current numbers.
Full evidence chain from alert to remediation
Coordinated escalation across IRT, legal, compliance
Hours saved per Tier 2 investigation
100% auditable, repeatable workflows
Most AI SOC platforms automate the work. Agents operate independently. Context resets between steps. And when something goes wrong, there's no clear record of why a decision was made.
Our AI agents go farther. They share context, work as a coordinated team, and provide full visibility for analysts. Bricklayer's agentic cybersecurity platform is a workforce for the AI SOC, operating under human control.
One platform aligned to how your SOC works. Bricklayer unifies the workflows that typically live across disconnected tools. No rework required. Just expansion and opportunity.
