AlertTriage

AlertTriage is a web app (with optional desktop agent) that sits between your SIEM/EDR and your SOAR to standardize, score, and route alerts before they become incidents. It focuses on the unglamorous but expensive part of security operations: inconsistent triage decisions, duplicated work, and “tribal knowledge” living in chat threads. The app provides a lightweight rules + AI-assisted enrichment layer that pulls context (asset criticality, identity, recent changes, threat intel hits) and produces a confidence-ranked triage recommendation with clear evidence. It then triggers the right SOAR workflow (or creates a ticket) with normalized fields and a complete audit trail. This is not a full SOAR replacement; it’s a pragmatic pre-SOAR gate that reduces false positives, improves analyst consistency, and makes metrics defensible for leadership and auditors.