Sumo Logic expands Dojo AI with agentic tools built for modern SOC operations
Updated 09:00 EST / December 01, 2025
Sumo Logic announced new capabilities to its Dojo AI platform that aim directly at the core problems inside security operations centers: rising alert volume, fragmented tools and pressure to move faster without breaking process. The update introduces three pieces that matter for Ops leaders: a SOC Analyst Agent (beta), a Knowledge Agent (available now) and a Model Context Protocol (MCP) server (beta/prototype).
Put simply, this is about fewer manual handoffs, faster triage and clearer context so teams can focus on real threats. As Sumo Logic's leadership put it, security work needs speed, iteration and context - and these releases push in that direction.
What's new
- SOC Analyst Agent (beta): Applies agentic reasoning to triage and investigations. It assigns severity, pulls related activity and presents scope and impact so analysts don't chase dead ends.
- Knowledge Agent (generally available): Provides instant, citable answers to "how do I …" questions in natural language. Ask via Mobot (Dojo AI's conversational interface) and get direct guidance from documentation and product knowledge. This reduces friction and speeds up onboarding.
- MCP Server (beta/prototype): Extends Dojo AI to integrate your own copilots, models and third-party AI systems. Bring your own AI while keeping Sumo Logic's consistency, scale and security controls. For background on the protocol, see the Model Context Protocol.
Why operations teams should care
- Alert fatigue down, signal up: Automated severity verdicts and related-activity collection reduce noise and speed up triage.
- Faster time-to-competency: Knowledge Agent cuts onboarding time and keeps tribal knowledge current without another internal wiki project.
- Consistent process at scale: Agentic workflows enforce repeatable steps and documentation, even across multiple shifts and regions.
- Governance for AI usage: MCP-based integrations let you standardize on approved models and copilots with centralized guardrails.
How this fits your SOC workflow
- Intake: Alerts land with auto-triage and severity suggestions. The agent assembles context (user, host, timeframe, related logs) so analysts see the whole picture faster.
- Investigation: Analysts iterate with Mobot for deeper questions and suggested next steps, backed by citations to logs and docs.
- Runbooks and knowledge: Knowledge Agent answers "how-to" in plain language, pulling from product docs and approved content for consistent execution.
- AI ecosystem: If you already use internal copilots or external models, the MCP Server plugs them in without duct-taped workflows.
Availability and planning
- Now: Knowledge Agent is available within the Sumo Logic platform.
- Beta/prototype: SOC Analyst Agent and MCP Server are available to select customers today, with general availability targeted next year.
Planning a pilot? Start with two or three high-volume alert types, define acceptance criteria (MTTA/MTTR reduction, false-positive rate, handoff time) and set guardrails for model access. Build a feedback loop so analysts can rate responses and improve prompts over time.
Operational questions to ask your team
- Which alerts cause the most rework and would benefit from auto-triage?
- What runbooks are frequently misapplied or skipped - and could be agent-guided?
- What model governance rules do we need for BYO AI via MCP (data boundaries, logging, approvals)?
- How will we measure impact (MTTA/MTTR, analyst satisfaction, onboarding time, escalation rate)?
- What integrations do we need on day one to avoid swivel-chair workflows?
Context and next steps
Dojo AI launched earlier this year to bring agentic AI and log intelligence into security operations. These additions focus on cutting alert noise, accelerating investigations and giving teams a cleaner path to integrate their existing AI investments.
If you're evaluating, start with a short pilot, clear metrics and a single-threaded owner. Keep the scope tight, prove value, then expand to more use cases.
Useful links
Your membership also unlocks:
