Using AI agentic workflows in Now Assist for Security Incident Response

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 2 Minuten Lesedauer

    • Use the Security Incident Response AI agentic workflows to complete your tasks autonomously.

    Agentic workflows and their AI agents use role masking to determine which users can access them. Ones installed with Now Assist applications have specific roles that come included with the application. If you select Users with specific roles for user access, you must configure the security controls to include these roles. For the instructions to change the security controls, see Define security controls for an agentic workflow.

    Wichtig:
    Some Now Assist skills, agents, and agentic workflows are turned on by default. The default behavior works as follows:
    New customers
    When you install a Now Assist product, designated skills, agents, or agentic workflows are turned on automatically.
    Existing customers who are upgrading (starting with Australia Patch 4)
    There is no change to skills, agents, or agentic workflows that are currently enabled and customized.

    An AI asset is turned on if:

    • The Now Assist plugin is installed, but the asset was never turned on.
    • An admin has never adjusted roles for the skill.
    An AI asset is not turned on if:
    • The asset was previously turned on, and then turned off again.
    • An admin has adjusted roles for the asset.
    For more information, see Now Assist skills, agents, and agentic workflows on by default.
    Tabelle : 1. Available agentic workflows for AI agents for Security Incident Response
    Agentic workflow name Description Available AI agents
    Close security incident This agentic workflow helps the security analysts to close a security incident using natural language in the Now Assist panel. Security incident wrap-up generator
    Analyze security operations metrics

    This agentic workflow helps a security operations center (SOC) manager analyze their security analysts' performance.

    Metrics are generated for security incident response (SIR) records for case volume, mean time to assign (MTTA), and mean time to resolve (MTTR).
    • Security incident retrieval AI agent
    • Security metrics analysis AI agent
    Security incident resolution This agentic workflow helps the security analysts to identify a security incident resolution path. This workflow also assist the security analysts to close a security incident using natural language in the Now Assist panel.
    • Endpoint Detection and Response AI agent
    • Exchange online integration handling AI agent
    • Observable analysis AI agent
    • Security incident resolution AI agent
    • Security incident wrap up generator AI agent
    • Security incident activities handling AI agent
    Generate SIR Shift Handover Report This agentic workflow adds details of a security incident to the shift handover report. The agent populates the different sections of the shift handover with appropriate content by identifying the relevant details from the security incident. Security incident shift handover AI Agent
    Wichtig:
    By default, all agentic workflows and AI agent records are read-only.
    To modify an agentic workflow, you must first duplicate the agentic workflow, and then proceed with the following steps:
    • Activate the workflow.
    • If required, you can add a trigger to invoke the workflow automatically.

    There might be AI agents installed with the Now Assist application that are not used in agentic workflows. To learn how to see all agents that are available to you, see Find AI agents.