Zia Agent Studio. Your SOC, your agents.

Security workflows are not one-size-fits-all. With Zia Agents, you can deploy prebuilt agents or build your own from scratch, in plain language, without code. Once live, every agent is callable from Ask Zia, the built-in conversational interface, and operates only within the boundaries you define.

Advanced threat detection in Log360
  • Start faster with prebuilt agents
  • Build your own agent
  • Agents that span your stack
  • Inside Zia Agent Studio
  •  

Start faster with prebuilt agents

A growing library of agents built for common workflows. Deploy from the Zia Agent Store in a few clicks and start using them immediately through Ask Zia.

User Activity Review Agent

Compiles every logon, file access, application access, and triggered alert for a specified user into a single summary. Built for pre-termination reviews, compliance audits, and active investigations.

Alert Correlation Agent

Reviews alerts across a time window, identifies shared entities (hosts, users, IPs), and sequences them into a probable attack chain with MITRE ATT&CK stage labels. Surfaces connections that look unrelated on the surface.

Building an agent

Build your own agent

Need something specific to your environment? Describe what you need in plain language and Zia Agent Studio generates the agent for you. Or build from scratch with full control over every setting.

Building an agent

Here is what building an agent looks like in practice, using a GDPR compliance workflow as the example.

  • Connect the tools it needs

    You select five prebuilt Log360 API tools: logs360_getCompliance, logs360_simpleSearch, logs360_getReports, logs360_getAlerts, and logs360_getCompliancePolicy. The agent draws on these to pull the data it needs. Nothing outside this set is accessible to it.

  • Upload the knowledge base

    You add your organization policies, reference materials, users list, and critical devices list. This is the context the agent uses when reasoning through a compliance check, ensuring outputs reflect your environment rather than generic assumptions.

  • Set the guardrails and deploy

    Do: ensure no PII is exposed in outputs, flag missing or unclear information.

    Don't: infer or fabricate compliance details, deviate from the required structure. Once deployed, the agent is live in Log360.

Building an agent

Agents that span your stack

Security investigations rarely live in one product. Agents can reach across your security stack, pulling context from each to deliver one unified answer.

Take device risk analysis. You type: "Analyze risk for device [DeviceName]." An agent can query ServiceDesk Plus for the device's business impact and asset owner, check Endpoint Central for known vulnerabilities, review Log360 for detections and UEBA risk signals, and consult Site24x7 for device anomalies. The result is a consolidated risk summary with suspicious indicators flagged, across four products, in minutes.

The same pattern extends across your security operations. Agents can investigate a potentially compromised user by correlating logon anomalies, their assigned assets, and device health. They can assess exposure to a specific IoC or TTP by scanning logs, mapping vulnerabilities, and evaluating business impact. When a new CVE advisory drops, an agent can be run to identify which assets are affected, prioritize by business impact, and check for signs of active exploitation.

Agents that span your stack

Inside Zia Agent Studio

Every agent you build or deploy runs on the same platform layer. Here is how it holds together.

  • Knowledge base

    Then you give it context: A knowledge base lets the agent draw on your SOC SOPs, internal runbooks, compliance policies, or any reference material when reasoning through a task. This is what separates a generic AI response from one that understands your environment.

  • Guardrails

    Before it goes live, you set the rules. Guardrails define what the agent should always do and what it should never do. Bias checks and toxicity filters are built in. In a SOC environment where agents touch sensitive logs and alerts, those boundaries hold regardless of how a session unfolds.

  • Observability

    Once deployed, every session is fully observable. You can review the agent's reasoning step by step: queries made, tools called, decisions taken. The full trace is there for compliance reviews without any extra effort.

  • Native and external LLM

    And the model behind the agent is your choice. Zoho's hosted models, ChatGPT, and more are supported. Different agents in your environment can run on different models depending on the complexity of the job.

Inside Zia Agent Studio

Get started with AI-powered security operations

Start with a free trial of Log360 Cloud and explore Ask Zia, prebuilt security agents, and MCP integration. Or talk to our team to see how AI agents fit into your security operations.