Use-cases overview
Noise-cancellation solutions for your SOC
Discover how Radiant supports any security use case. Only real threats are surfaced and escalated to your team.

Triage every alert and
respond to any incident
Whatever hits your SOC, Radiant’s ready.
AI Triage & Response
Account created and deleted in a short period of time
Key Findings
- Temporary account was created and deleted within a short timeframe.
- No corresponding provisioning records or legitimate justification found.
- Account logged into finance-db01 and internal-sharepoint servers prior to deletion.
Attacker Intent
Establish access to sensitive systems while avoiding detection through rapid account cleanup.
Conclusion
Alert is malicious due to rapid account creation and deletion with unauthorized access activity.
AI Triage & Response
SQL injection attempt blocked at application perimeter
Key Findings
- URL contained known SQL injection payloads.
- Target endpoint handles login forms.
- Repeated attempts from same IP address.
Attacker Intent
Exfiltrate database contents using application-layer injection.
Conclusion
Alert is malicious due to structured SQL injection attempts that bypassed WAF and targeted app that uses a SQL server.
AI Triage & Response
Sensitive data uploaded to unauthorized cloud storage
Key Findings
- Files contain content like “Confidential” and “PII”.
- Documents uploaded to personal Google Drive account.
- Action occurred outside business hours.
Attacker Intent
Potential insider theft or accidental data leakage.
Conclusion
This alert is flagged as malicious due to policy violation involving export of confidential data to a non-whitelisted domain.
AI Triage & Response
Unauthorized firmware upload to industrial control device
Key Findings
- Firmware checksum did not match approved version.
- Firmware was installed from workstation that had no prior connection history with device.
- Device controls industrial HVAC subsystem.
Attacker Intent
Gain access, escalate privileges, and exfiltrate sensitive data.
Conclusion
Alert is malicious due to unauthorized modifications to critical control system firmware, indicative of cyber-physical threat.
AI Triage & Response
Company credentials found in data dump on underground forum
Key Findings
- Usernames and hashed passwords listed in recent data dump.
- Forum associated with previous ransomware operators.
- One of the hashes matches an active user in our AD.
Attacker Intent
Use exposed, recent credentials for initial, unauthorized access.
Conclusion
Alert is flagged malicious as it confirms credential exposure and immediate risk of unauthorized access.
AI Triage & Response
Compromised software update from third-party vendor
Key Findings
- Update file hash matched known malware sample.
- Vendor confirmed breach in development environment.
- Affected systems include internal developer endpoints.
Attacker Intent
Leverage trusted vendor to infiltrate customer networks.
Conclusion
Alert is malicious due to detection of malware embedded in a trusted vendor’s software update.
AI Triage & Response
Credential phishing attempt detected in employee inbox
Key Findings
- Email sender spoofed the company’s IT department.
- Link to spoofed Office 365 login page.
- Multiple users reported similar messages.
Attacker Intent
Credential theft for initial access.
Conclusion
Email contains a spoofed login portal and malicious link designed to steal user credentials.
AI Triage & Response
Unusual login patterns detected for privileged identity
Key Findings
- Login from unrecognized IP.
- Unusual location for organization and user.
- MFA challenge bypassed or failed multiple times.
Attacker Intent
Use stolen credentials to access sensitive data or systems.
Conclusion
Alert is malicious due to abnormal access timing and geography for a high-privilege user account.
AI Triage & Response
Unusual PowerShell and nslookup.exe activity detected
Key Findings
- Multiple PowerShell instances initiated nslookup.exe.
- Command-line arguments suggest mapping of internal network.
- Executed by non-admin user.
Attacker Intent
Reconnaissance or lateral movement prep.
Conclusion
Alert classified as malicious due to uncommon execution of reconnaissance tools by user who typically doesn’t engage in administrative activities.
AI Triage & Response
Internal host communicating with known malware C2 IP
Key Findings
- Signature match on outbound communication.
- Domain linked to known malware campaign.
- Unsigned executable initiating network traffic.
Attacker Intent
Command and control communication to execute attacker objectives.
Conclusion
Alert considered malicious due to confirmed outbound traffic to a known malware command-and-control server originating from an unsigned binary.
AI Triage & Response
Unauthorized IAM privilege escalation detected in AWS account
Key Findings
- User added new inline policies granting AdministratorAccess.
- No associated ticket or change approval.
- Activity occurred from unfamiliar IP address.
Attacker Intent
Gain full administrative control over cloud resources.
Conclusion
Alert is classified as malicious due to a detected attempt to escalate IAM privileges outside of approved change control processes.
AI Triage & Response
Irregular employee access of sensitive files
Key Findings
- Accessed financial files unrelated to role.
- Occurred outside of working hours.
- Downloaded to personal USB device.
Attacker Intent
Theft of intellectual property or sensitive data.
Conclusion
Alert is malicious due to access outside the employee’s job function and hours, with no similar activity observed among peers in the same role.