Hunting shouldn't be a side activity. It should run continuously across your environment, with AI agents and analysts working together. Test 5–10x more hypotheses per analyst. Every hunt is documented and repeatable.
I can perform a threat actor hunt and reporting workflow using the currently available threat intelligence agents, Splunk integrations, IOC enrichment sources, and reporting capabilities.
| # | Task | Agent | Status |
|---|
| Recommendation | Procedure ready | Requires approval | Status | Action |
|---|---|---|---|---|
Operationalize generated Splunk SPL detections Deploy detections to continuously monitor for APT28-associated indicators, suspicious authentication activity, and malicious outbound communications. |
Yes | No | Not started | |
Enterprise-wide threat hunting Hunt across the environment for the identified IP addresses, domains, file hashes, and phishing indicators tied to APT28 operations. |
Yes | No | Not started | |
Strengthen access controls and least privilege Reduce exposure to credential theft and lateral movement on sensitive systems and administrative accounts. |
Yes | Yes | Not started | |
Phishing awareness and cybersecurity training Organization-wide training focused on spear-phishing and credential theft tactics commonly used by APT28. |
Yes | No | Not started | |
Expand centralized logging and SIEM correlation Improve visibility into suspicious network traffic and malicious authentication behaviors across the enterprise. |
No | No | Not started | |
Security assessments, vulnerability management, and penetration testing Proactively identify weaknesses exploitable by advanced threat actors through recurring validation exercises. |
No | No | Not started | |
Review incident response and resilience procedures Validate IR playbooks, backup strategies, and post-incident review processes for nation-state and APT scenarios. |
No | No | Not started |
Threat Intelligence Analyst
SPSplunk SME
Security Reporter
Hi, I'm your Bricklayer Assistant. I can help you design and execute security workflows such as alert investigations and vulnerability management through conversation.
Most teams know they should be hunting.
Few can do it consistently.
It takes time and expertise, and it rarely scales.
Hypotheses go untested, coverage is inconsistent,
results are hard to document or repeat.
With Bricklayer, threat hunting is handled by a coordinated workforce of AI agents under your team's command, working with the tools you already use. Your team, now with the experts they've always needed.
Security investigations don't fail for lack of data. They fail for lack of coordination. Here's how Bricklayer turns a conversation into organized, executed, and governed action across your SOC.
Turn natural language into structured security workflows. Designed, adjusted, and ready to execute.
Generate structured reports and audit-ready evidence packages for analyst review and compliance.
Decompose investigations into discrete tasks, each handled by a specialized agent with traceable outputs.
Visually orchestrate agents, procedures, and execution paths inside a governed workspace.
Establish human oversight through governed prompts, structured controls, and reusable procedures.
Threat Hunting customer deployment data is being compiled as part of our 2026 customer review. Reach out for the most current numbers.
5–10x more hypotheses per analyst
Continuous hunt coverage, fully documented
Zero gaps in environment coverage
100% auditable, repeatable workflows
Most AI SOC platforms automate the work. Agents operate independently. Context resets between steps. And when something goes wrong, there's no clear record of why a decision was made.
Our AI agents go farther. They share context, work as a coordinated team, and provide full visibility for analysts. Bricklayer's agentic cybersecurity platform is a workforce for the AI SOC, operating under human control.
One platform aligned to how your SOC works. Bricklayer unifies the workflows that typically live across disconnected tools. No rework required. Just expansion and opportunity.
