Determine\u00a0which analysis technique(s) to use with their data to support or refute their hunting hypothesis.<\/li>\n<\/ul>\nThis deep dive is essential for crafting effective hunt hypotheses and plans, but it can be a bottleneck, leading to fatigue and overload even before the hunt begins.<\/p>\n
The Solution: An Intelligent, Agentic Assistant<\/h2>\n The PEAK Threat Hunting Assistant is a\u00a0game-changer\u00a0for those struggling to find the time to properly research and plan their hunts. Leveraging intelligent agentic AI, it acts as your personal research analyst, gathering and synthesizing vast amounts of information to provide you with a tailored, actionable hunt plan in minutes rather than hours or days. This\u00a0isn\u2019t\u00a0just automation;\u00a0it\u2019s about\u00a0intelligent\u00a0assistance\u00a0that works\u00a0with<\/em>\u00a0the human hunter.<\/p>\n\n
Specifically, the PEAK Assistant uses teams of agents to\u00a0assist\u00a0with the following tasks:<\/p>\n
\nInternet-based public research on threat actors, tactics, and techniques<\/li>\n Private research through your own security data to incorporate your organization\u2019s prior experiences with the subject of your hunt<\/li>\n Hypothesis generation and refinement<\/li>\n Scoping via the PEAK\u00a0ABLE table<\/li>\n Automated discovery of relevant SIEM data<\/li>\n Generation of a customized step-by-step hunting plan, with sample queries and interpretation guidance built in<\/li>\n<\/ul>\nHow it Works: Agentic AI with Human-in-the-Loop Control<\/h2>\n At its core, the PEAK Assistant is an agentic AI system created by threat hunters for threat hunters.\u00a0It goes beyond simple Large Language Model (LLM) calls and is designed around teams of cooperating agents capable of goal-directed reasoning, tool use, and automated feedback loops.<\/p>\n
A key design principle is\u00a0human-in-the-loop feedback<\/strong>. You can \u201cchat\u201d with the PEAK Assistant at any point to guide its research, clarify findings, or incorporate requirements unique to your organization. This\u00a0ensures\u00a0the output is always relevant and aligned with your specific hunting\u00a0objectives\u00a0and environment.<\/p>\nFlexibility: The Key to AI Success<\/h2>\n At Cisco Foundation AI, we believe flexibility and user choice is one of the keys to successful AI deployment, and this is especially true for cybersecurity applications. The PEAK Assistant is designed to provide the\u00a0maximum\u00a0amount of flexibility when it comes to both model choice and data access.<\/p>\n
Bring Your Own Models (BYOM)<\/h2>\n Our \u201cbring-your-own-models\u201d approach means users can integrate their preferred LLMs, including Cisco Foundation AI\u2019s own open-source, security-focused\u00a0Foundation-Sec-8b-Instruct<\/strong>\u00a0model.\u00a0This flexibility allows for fine-grained control.\u00a0You can easily switch from one LLM (or one provider) to another at any time, using the same model for all agentic tasks.<\/p>\nYou can even mix and match models from multiple providers, assigning specific LLMs for different tasks or data types. For example, some agents may\u00a0benefit\u00a0from more intense thought, though it may be slower and more expensive.\u00a0Selecting a reasoning model for these specific tasks might make a lot of sense.<\/p>\n
With our BYOM approach, you are free to choose\u00a0whichever\u00a0combination of models gives you the best results, meets your AI usage policies, and fits your budget.<\/p>\n
User-Provided MCP Servers<\/h2>\n The PEAK Assistant is built for data flexibility, too. Rather than code support for specific data sources and SIEMs, it relies on user-configured MCP (Model Context Protocol) servers for data operations:<\/p>\n
\nInternet Research:<\/strong>\u202fQueries public sources for the latest threat intelligence. You provide the MCP server for internet search, ensuring you control the external data access.<\/li>\nLocal Security Data:<\/strong>\u202fCrucially, the PEAK Assistant can access your internal data sources like incident tickets, hunting wikis, and private threat intelligence databases. To prevent sensitive data leakage, the PEAK Assistant uses a separate team of agents for local data access. You provide the MCP access to these local sources,\u00a0maintaining\u00a0strict data governance.<\/li>\nSIEM Data Discovery and Searches:<\/strong>\u202fThis is where the PEAK Assistant truly shines in tailoring the hunt to\u202fyour<\/em>\u202fenvironment. It can query your existing SIEM to automatically\u00a0identify\u00a0relevant data sources and fields. This is invaluable for navigating unfamiliar environments, such as during a merger or acquisition, or for an MSSP onboarding a new customer. While you can provide \u201chints\u201d with prior knowledge, the PEAK Assistant can discover these details itself.<\/li>\n<\/ol>\nComprehensive and Actionable Output<\/h2>\n The PEAK Assistant\u00a0doesn\u2019t\u00a0just dump raw data. It intelligently processes and presents the gathered information in structured, easy-to-digest reports:<\/p>\n
\nInternet Research Summary Report:<\/strong>\u202fThis detailed report explains the\u00a0threat\u00a0actor or technique (in plain language), why\u00a0it\u2019s\u00a0used, how it works, what log sources are relevant for hunting it, and details of any published detections or\u00a0previous\u00a0hunts.<\/li>\nLocal Data Research Report:<\/strong>\u202fA separate report compiles insights from your internal data, highlighting\u00a0previous\u00a0interactions with threat actors, past incidents involving specific techniques, or relevant internal threat intelligence. This\u00a0ensures\u00a0all available knowledge is\u00a0leveraged\u00a0without compromising data security.<\/li>\nCustom Hunt Plan:<\/strong>\u202fThe culmination of the PEAK Assistant\u2019s work is a custom hunt plan, meticulously tailored to your hypothesis, your available data, and your computing environment. This plan includes step-by-step directions with real SIEM queries and clear guidance on how to interpret the outputs of each step.<\/li>\n<\/ul>\nEmpowering Threat Hunters of All Levels<\/h2>\n The PEAK Threat Hunting Assistant is designed for threat hunters at every stage of their career. It serves as a powerful force multiplier:<\/p>\n
\nElevates New Hunters:<\/strong>\u202fBy providing comprehensive research and structured hunt plans, it significantly improves the quality and depth of output, while teaching good hunt\u00a0preparation by example.<\/li>\nAccelerates Experienced Hunters:<\/strong>\u202fFor seasoned practitioners, it drastically reduces the time spent on mundane research, allowing them to focus on complex analysis and strategic decision-making.<\/li>\n<\/ul>\nThis tool ensures that every hunt starts with comprehensive, informed intelligence, transforming the often-tedious preparation into a strategic advantage.<\/p>\n
Get Started Today<\/h2>\n The PEAK Threat Hunting Assistant\u00a0leverages\u00a0agentic AI, empowering threat hunters of all levels to conduct high-quality, human-guided research quickly and easily. It transforms the often tedious \u201cPrepare\u201d phase into a strategic advantage, ensuring every hunt starts with a comprehensive, informed plan tailored for your exact needs.<\/p>\n
We invite you to give\u00a0The PEAK Threat Hunting Assistant<\/strong>\u00a0a try and experience the future of hunt preparation. Your feedback is invaluable as we continue to evolve this powerful tool.<\/p>\nWe\u2019d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.<\/em><\/p>\nCisco Security Social Media<\/mark><\/strong><\/p>\nLinkedInX<\/a><\/p>\n<\/p><\/div>\n
![\"Retail](\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\")
<\/a><\/p>![\"PEAK](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/01\/peak-blog-image.webp\")