Use-cases overview

Noise-cancellation solutions for your SOC

Discover how Radiant supports any security use case. 
Only real threats are surfaced and escalated to your team.

Triage every alert and
respond to any incident

Whatever hits your SOC, Radiant’s ready.

What would you like to triage?

AI Triage & Response

Account created and deleted in a short period of time

Key Findings

  • Temporary account was created and deleted within a short timeframe.
  • No corresponding provisioning records or legitimate justification found.
  • Account logged into finance-db01 and internal-sharepoint servers prior to deletion.

Attacker Intent

Establish access to sensitive systems while avoiding detection through rapid account cleanup.

Conclusion

Alert is malicious due to rapid account creation and deletion with unauthorized access activity.

AI Triage & Response

SQL injection attempt blocked at application perimeter 

Key Findings

  • URL contained known SQL injection payloads.
  • Target endpoint handles login forms.
  • Repeated attempts from same IP address.

Attacker Intent

Exfiltrate database contents using application-layer injection.

Conclusion

Alert is malicious due to structured SQL injection attempts that bypassed WAF and targeted app that uses a SQL server.

AI Triage & Response

Sensitive data uploaded to unauthorized cloud storage

Key Findings

  • Files contain content like “Confidential” and “PII”.
  • Documents uploaded to personal Google Drive account.
  • Action occurred outside business hours.

Attacker Intent

Potential insider theft or accidental data leakage.

Conclusion

This alert is flagged as malicious due to policy violation involving export of confidential data to a non-whitelisted domain.

AI Triage & Response

Unauthorized firmware upload to industrial control device

Key Findings

  • Firmware checksum did not match approved version.
  • Firmware was installed from workstation that had no prior connection history with device.
  • Device controls industrial HVAC subsystem.

Attacker Intent

Gain access, escalate privileges, and exfiltrate sensitive data.

Conclusion

Alert is malicious due to unauthorized modifications to critical control system firmware, indicative of cyber-physical threat.

AI Triage & Response

Company credentials found in data dump on underground forum

Key Findings

  • Usernames and hashed passwords listed in recent data dump.
  • Forum associated with previous ransomware operators.
  • One of the hashes matches an active user in our AD.

Attacker Intent

Use exposed, recent credentials for initial, unauthorized access.

Conclusion

Alert is flagged malicious as it confirms credential exposure and immediate risk of unauthorized access.

AI Triage & Response

Compromised software update from third-party vendor 

Key Findings

  • Update file hash matched known malware sample.
  • Vendor confirmed breach in development environment.
  • Affected systems include internal developer endpoints.

Attacker Intent

Leverage trusted vendor to infiltrate customer networks.

Conclusion

Alert is malicious due to detection of malware embedded in a trusted vendor’s software update.

AI Triage & Response

Credential phishing attempt detected in employee inbox 

Key Findings

  • Email sender spoofed the company’s IT department.
  • Link to spoofed Office 365 login page.
  • Multiple users reported similar messages.

Attacker Intent

Credential theft for initial access.

Conclusion

Email contains a spoofed login portal and malicious link designed to steal user credentials.

AI Triage & Response

Unusual login patterns detected for privileged identity

Key Findings

  • Login from unrecognized IP.
  • Unusual location for organization and user.
  • MFA challenge bypassed or failed multiple times.

Attacker Intent

Use stolen credentials to access sensitive data or systems.

Conclusion

Alert is malicious due to abnormal access timing and geography for a high-privilege user account.

AI Triage & Response

Unusual PowerShell and nslookup.exe activity detected

Key Findings

  • Multiple PowerShell instances initiated nslookup.exe.
  • Command-line arguments suggest mapping of internal network.
  • Executed by non-admin user.

Attacker Intent

Reconnaissance or lateral movement prep.

Conclusion

Alert classified as malicious due to uncommon execution of reconnaissance tools by user who typically doesn’t engage in administrative activities.

AI Triage & Response

Internal host communicating with known malware C2 IP 

Key Findings

  • Signature match on outbound communication.
  • Domain linked to known malware campaign.
  • Unsigned executable initiating network traffic.

Attacker Intent

Command and control communication to execute attacker objectives.

Conclusion

Alert considered malicious due to confirmed outbound traffic to a known malware command-and-control server originating from an unsigned binary.

AI Triage & Response

Unauthorized IAM privilege escalation detected in AWS account

Key Findings

  • User added new inline policies granting AdministratorAccess.
  • No associated ticket or change approval.
  • Activity occurred from unfamiliar IP address.

Attacker Intent

Gain full administrative control over cloud resources.

Conclusion

Alert is classified as malicious due to a detected attempt to escalate IAM privileges outside of approved change control processes.

AI Triage & Response

Irregular employee access of sensitive files 

Key Findings

  • Accessed financial files unrelated to role.
  • Occurred outside of working hours.
  • Downloaded to personal USB device.

Attacker Intent

Theft of intellectual property or sensitive data.

Conclusion

Alert is malicious due to access outside the employee’s job function and hours, with no similar activity observed among peers in the same role.

They feel safer with Radiant