This topic provides answers to common questions about the Agentic SOC feature.
Does Agentic SOC support ingesting logs from on-premises services?
Yes.
You can ingest logs from on-premises security services—such as Chaitin WAF and Fortinet firewall—into Agentic SOC. This enables centralized threat management within Security Center. For setup instructions, see Product logs.
Under the subscription model, what happens if I exceed my log ingestion or storage limits?
If your daily log ingestion exceeds your purchased limit, both log ingestion and delivery will stop, regardless of available storage capacity.
If your daily ingestion volume is within limits but storage capacity is exceeded, log ingestion continues, but log delivery is paused to prevent overages.
Agentic SOC automatically halts delivery when usage exceeds purchased limits to avoid unexpected costs.
After enabling Agentic SOC, will the number of alerts decrease?
Yes.
Agentic SOC performs deep correlation analysis on raw alerts, identifies related events, and reconstructs complete attack chains. It then consolidates these into comprehensive security incidents. This significantly reduces alert noise—lowering both the volume and frequency of individual alerts—while improving detection accuracy and response efficiency.