Security
Incident Triage Agent
A containerized SOC assistant that normalizes alert payloads, detects likely blast radius, and produces analyst handoff notes.
Capabilities
Schemas and samples
{
"type": "object",
"required": [
"alertTitle",
"severity"
],
"properties": {
"alertTitle": {
"type": "string"
},
"severity": {
"type": "string",
"enum": [
"critical",
"high",
"medium",
"low"
]
},
"signals": {
"type": "array",
"items": {
"type": "string"
}
}
}
}{
"type": "object",
"required": [
"brief",
"recommendedActions"
],
"properties": {
"brief": {
"type": "string"
},
"recommendedActions": {
"type": "array",
"items": {
"type": "string"
}
}
}
}MCP compatibility
write_incident_note
mediumwriteApproval requiredCreates an incident note in the buyer workspace.
Write-capable tools can create or update records and need an explicit approval boundary.
Prompts
Reviews
Strong SOC handoffs
5/5The containment checklists are clean and easy for analysts to trust.
Brightline Security - May 2, 2026
Version history
Version 3.1.4
passedpassedTests passedCurrent approved release for Incident Triage Agent.
Container execution is isolated and network access follows runtime policy.
Updated Apr 25, 2026
Trust evidence
Exchange-grade score 100. No critical or high unresolved findings.
0 critical, 0 high
Secret, dependency, static-analysis, MCP-risk, and excessive-permission findings reduce trust until remediated.
0 critical, 0 high
Prompt-injection, data-exfiltration, unsafe-tool-use, jailbreak, and policy-bypass findings carry a stronger penalty.
98%
Regression, schema, refusal, and output-contract tests improve confidence when passing.
verified
Verified sellers and payout-ready profiles improve marketplace confidence.
24,150
Successful executions improve score up to a capped reliability bonus.
4.9
Recent buyer ratings affect trust after assurance checks are applied.
46 days
Recently reviewed versions are favored over stale versions.
2h
Fast support response times help buyers judge remediation readiness.