Organizations can have dozens of layers of security controls. All of those controls create a deluge of events, which human analysts then need to triage. The alerts never stop, and 'alert fatigue' can be a real problem. SOAR, SIEM, and even XDR can help some, but in the end their output is being processed by an L1 analyst. What if we could take a step in the direction of an autonomous SOC ' one where machines performed the tedious and repetitive L1 triage freeing up L1 analysts to work on the more interesting and challenging work of L2/L3 analysis? It's a win for those analysts and a win for their organization. We'll take a look into Mandiant's Automated Defense, part of the Mandiant Advantage Platform. We'll also share a demo of how an analyst starts with an automated triage report of a fully scoped attack and finishes by validating security control effectiveness against other tactics that actor is known to used base on threat intelligence.