Does Agentic SOC support ingesting logs from on-premises services?
Yes. You can ingest logs from on-premises security services—such as Chaitin WAF and Fortinet firewall—into Agentic SOC for centralized threat management within Security Center. For setup instructions, see Product logs.
Under the subscription model, what happens if I exceed my log ingestion or storage limits?
The behavior depends on which limit is exceeded:
Daily ingestion limit exceeded: Both log ingestion and delivery stop, regardless of remaining storage capacity.
Storage capacity exceeded (ingestion within limits): Log ingestion continues, but log delivery is paused to prevent overages.
Agentic SOC automatically halts delivery when usage exceeds your purchased limits to avoid unexpected costs.
After enabling Agentic SOC, will the number of alerts decrease?
Yes. Agentic SOC runs deep correlation analysis on raw alerts, identifies related events, and reconstructs complete attack chains. The result is a smaller set of comprehensive security incidents—each representing a full attack chain rather than individual alerts. This reduces both the volume and frequency of alerts you need to review, while improving detection accuracy and response efficiency.