{"id":55428,"date":"2026-04-08T07:00:00","date_gmt":"2026-04-08T13:00:00","guid":{"rendered":"https:\/\/swimlane.com\/?post_type=sw_resource&#038;p=55428"},"modified":"2026-04-06T09:31:37","modified_gmt":"2026-04-06T15:31:37","slug":"orchestrer-des-enquetes-avec-lia","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/","title":{"rendered":"Guide pour orchestrer des enqu\u00eates de bout en bout avec l&#039;IA"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"A Guide to Orchestrating End-to-End Investigations with AI\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead-300x178.webp 300w, https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead-1024x609.webp 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead-768x457.webp 768w, https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead-18x12.webp 18w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2026-04-08T07:00:00-06:00\">Avr 8, 2026<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color has-large-font-size\">A Guide to Orchestrating End-to-End Investigations with AI<\/h1>\n\n\n<div class=\"bs-div bs-div-4c0c357bf69b7e1367afb30b9d59be1945441399 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/fr\/author\/Jason-Robbins\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/Jason-Robbins.webp\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tJason Robbins\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">6 <\/span> Minute Read\n<\/div>\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\"><\/div>\n<\/div>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n<\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('A%20Guide%20to%20Orchestrating%20End-to-End%20Investigations%20with%20AI').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Forchestrating-investigations-with-ai%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Guide%20to%20Orchestraing%20End-to-End%20Investigations%20with%20AI&url=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Forchestrating-investigations-with-ai%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Forchestrating-investigations-with-ai%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Forchestrating-investigations-with-ai%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2 class=\"wp-block-heading\" id=\"h-a-guide-to-orchestrating-end-to-end-investigations-with-ai\" style=\"font-size:34px\">A Guide to Orchestrating End-to-End Investigations with AI<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"bs-div bs-div-70fd4ce381ac7d61b6d19e47ead5cac084f1d797 bs-div---default bs-div--blog-inner-light\"><div class=\"bs-div__inner     \">\n<p>This blog post is the third in a four-part series on Swimlane\u2019s fleet of expert AI agents and focuses on the Hero AI Investigation Agent. This agent eliminates the costly problem of context switching, which consumes significant analyst time as they pivot among multiple tools to gather context. Acting as the &#8220;brain&#8221; of the AI SOC, the Investigation Agent synthesizes high-fidelity intelligence from other agents and evaluates it against customer-defined runbooks and institutional knowledge to produce a complete, prioritized, NIST-aligned, four-phase response plan.<\/p>\n<\/div><\/div>\n\n\n\n<p>If you&#8217;ve been following this series, we&#8217;ve covered two agents in Swimlane&#8217;s <a href=\"https:\/\/swimlane.com\/swimlane-turbine\/\">Hero AI <\/a>fleet so far: the <a href=\"https:\/\/swimlane.com\/blog\/mitre-ai-agent\/\">MITRE ATT&amp;CK &amp; D3FEND Agent<\/a> that standardizes how you describe attacks and defenses, and the <a href=\"https:\/\/swimlane.com\/blog\/threat-intelligence-ai-agent\/\">Threat Intelligence Agent<\/a> that synthesizes multi-source intel into a single, explainable assessment.&nbsp;<\/p>\n\n\n\n<p>Both of those agents solve real problems, but they&#8217;re inputs. They produce context. What happens next, given that context, is where investigations either fly or fall apart.<\/p>\n\n\n\n<p>This is where the <a href=\"https:\/\/turbine-marketplace.swimlane.com\/en-US\/apps\/661527\/investigation-agent\" target=\"_blank\" rel=\"noreferrer noopener\">Investigation Agent<\/a> comes in, and honestly, it&#8217;s the one I&#8217;m most excited to dig into, because it&#8217;s where the fleet concept stops being theoretical and starts producing end-to-end outcomes.&nbsp;<\/p>\n\n\n\n<p>It&#8217;s also where progressive trust gets real. When an agent is enriching indicators or mapping ATT&amp;CK techniques, the blast radius of a mistake is small. When an agent is building an investigation plan, generating a timeline, and recommending containment actions, that&#8217;s a different conversation entirely.&nbsp;<\/p>\n\n\n\n<p>The bar is higher, the stakes are higher, and the trust has to be earned differently.<\/p>\n\n\n\n<p>But here&#8217;s the thing: this is also the agent that unlocks the outcome every SOC leader actually wants, confidently auto-closing the obvious stuff so your team can focus on what matters.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-context-switching-tax\">The Context-Switching Tax<\/h2>\n\n\n\n<p>Before we get into how the <a href=\"https:\/\/swimlane.com\/platform\/ai\/\">Hero AI <\/a>Investigation Agent works, let&#8217;s talk about the problem it solves, because I think it&#8217;s one of the most underappreciated productivity killers in security operations.<\/p>\n\n\n\n<p>When an alert fires and an analyst starts investigating, they&#8217;re not just doing one thing.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>They&#8217;re pulling alert context from the SIEM. They&#8217;re checking the threat intelligence (TI) platform for indicator reputation.&nbsp;<\/li>\n\n\n\n<li>They&#8217;re looking at historical tickets to see whether this host or user has appeared before.&nbsp;<\/li>\n\n\n\n<li>They&#8217;re cross-referencing the MITRE framework to understand the attack pattern.&nbsp;<\/li>\n\n\n\n<li>They&#8217;re consulting the runbook to see what the documented response procedure looks like.<\/li>\n\n\n\n<li>They&#8217;re writing notes as they go. And then they&#8217;re making a recommendation, escalate, contain, close, based on all of that work.<\/li>\n<\/ul>\n\n\n\n<p>Each of those steps lives in a different tool, tab, or workflow. The analyst is the integration layer, and the cost of that integration is context switching. Every time they pivot between tools, they lose momentum. They have to re-orient, re-read, re-contextualize.&nbsp;<\/p>\n\n\n\n<p>Switching can eat 20-40% of productive time, and in my experience running SOC teams, that&#8217;s conservative for investigation work.<\/p>\n\n\n\n<p>The Investigation Agent eliminates that tax by doing what a senior analyst does, but from a single interface, without the cognitive overhead of tool-hopping.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-the-investigation-agent-works\">How the Investigation Agent Works<\/h2>\n\n\n\n<p>The Investigation Agent acts as the &#8220;brain&#8221; of the <a href=\"https:\/\/swimlane.com\/product\/ai-soc\/\">AI SOC<\/a>, and that framing actually makes sense when you see how it operates. It doesn&#8217;t work in isolation; it ingests the high-fidelity outputs from the other three agents in the fleet and synthesizes them into a complete investigation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-investigation-amp-response-agent-workflow\">Investigation &amp; Response Agent Workflow<\/h3>\n\n\n\n<p>The agent starts by pulling in all available case inputs, including the raw alert data, enrichment, and context. It layers in the TI Agent&#8217;s unified cross-source analysis, the MITRE agent&#8217;s technique and countermeasure mappings, and the Verdict Agent&#8217;s preliminary assessment.&nbsp;<\/p>\n\n\n\n<p>That&#8217;s the intelligence foundation.<\/p>\n\n\n\n<p>Then it does something that most automation tools don&#8217;t: it evaluates all of that against your customer-defined runbooks and knowledge base articles. This is where your institutional knowledge comes into play: the documented procedures, lessons learned from past incidents, and the tribal knowledge your team has (hopefully) captured over time.&nbsp;<\/p>\n\n\n\n<p>The agent uses the NIST Incident Response Framework as its backbone, providing the output with a structure universally understood across security teams.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-investigation-agent-results-four-phase-response-plan\">Investigation Agent Results: Four-Phase Response Plan<\/h3>\n\n\n\n<p>The result is a prioritized response plan organized into four phases:&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Containment:<\/strong> stop the threat from spreading.<\/li>\n\n\n\n<li><strong>Eradication: <\/strong>remove the root cause<\/li>\n\n\n\n<li><strong>Recovery:<\/strong> restore normal operations<\/li>\n\n\n\n<li><strong>Hardening:<\/strong> prevent recurrence<\/li>\n<\/ol>\n\n\n\n<p>Each recommendation is actionable, not a vague &#8220;consider investigating further,&#8221; but specific next steps that an analyst can execute or, when the trust is earned, that the platform can execute autonomously.<\/p>\n\n\n\n<p>Along the way, the agent generates investigation summaries, timelines, and recommended actions through a single unified interface. No tab-switching, no manual correlation, no rebuilding context every time you switch tools. The analyst gets a complete picture and a clear plan.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-this-is-where-ai-soc-benchmarking-gets-real\">This is Where AI SOC Benchmarking Gets Real<\/h2>\n\n\n\n<p>Okay, this is the part I really want to spend time on, because it&#8217;s the most important concept in this entire series, and the Investigation Agent is where it becomes tangible.<\/p>\n\n\n\n<p>I&#8217;ve been saying throughout these posts that AI in the SOC doesn&#8217;t need to be perfect to be useful. It needs to achieve human-level or better outcomes, with sufficient explainability so an analyst can validate the reasoning. The way you prove that isn&#8217;t with vendor demos or marketing claims, it&#8217;s with benchmarking against your own analysts on your own data.<\/p>\n\n\n\n<p>Swimlane did exactly this with their internal SOC. They took roughly 35,000 human investigations, real cases, real decisions, and real analyst notes and used that dataset to benchmark, verify, and tune the agents&#8217; outputs. That&#8217;s not a lab exercise. That&#8217;s comparing what the AI would have recommended against what experienced analysts actually did, on a case-by-case basis at scale.<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-f1f5c3aba557ea3389808eceb433d72d6d35b628\"><style>.bs-pro-button-p-btn-f1f5c3aba557ea3389808eceb433d72d6d35b628 .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/blog\/how-swimlane-cut-mttr-in-half\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Swimlane AI SOC Case Study<\/a><\/span>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tips-for-ai-soc-teams\">Tips for AI SOC Teams<\/h2>\n\n\n\n<p>This is the methodology I push every time I work with a team on AI adoption.<\/p>\n\n\n\n<p>Start with your raw material. You need historical tickets and the analyst notes that capture <em>why<\/em> something was closed, escalated, or labeled benign. The &#8220;why&#8221; is the critical part, not just the disposition, but the reasoning chain.&nbsp;<\/p>\n\n\n\n<p>If your analysts are closing tickets with one-word notes, you&#8217;ve got a documentation problem to solve before you&#8217;ve got an AI problem to solve. If you already have knowledge bases and runbooks, great, the Investigation Agent can evaluate cases against them. If you don&#8217;t, you can use AI to generate them from old cases.&nbsp;<\/p>\n\n\n\n<p>I&#8217;ve had good results using Claude Sonnet for this: feed it a batch of historical tickets with analyst notes, and have it extract the patterns, decision criteria, and response procedures into structured KB articles. Treat that as your starting knowledge base and refine from there.<\/p>\n\n\n\n<p>Then you iterate. Run the Investigation Agent alongside your analysts. Compare its investigation plans, timelines, and recommended actions with what your team independently produces. Track where it agrees, where it diverges, and why.&nbsp;<\/p>\n\n\n\n<p>Look for patterns. Is the agent consistently more thorough on enrichment but occasionally missing context that an experienced analyst would catch? Is it recommending containment actions that your team agrees with 95% of the time?<\/p>\n\n\n\n<p>That benchmarking process is how the agent earns the right to more autonomy. It&#8217;s not a day-one switch. It&#8217;s progressive trust.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-building-your-ai-knowledge-foundation\">Building Your AI Knowledge Foundation<\/h2>\n\n\n\n<p>I want to close with something practical, because this is where I see most organizations stall. They want the auto-close outcome, but they skip the knowledge foundation that makes it possible.<\/p>\n\n\n\n<p>The Investigation Agent is only as good as the runbooks and KB articles it uses to evaluate cases. If your institutional knowledge lives exclusively in the heads of your senior analysts, and let&#8217;s be honest, in most SOCs it does, then the agent doesn&#8217;t have the context it needs to make good recommendations.&nbsp;<\/p>\n\n\n\n<p>You&#8217;ll get generic investigation plans instead of ones tailored to how your team actually handles specific case types.<\/p>\n\n\n\n<p>The fix is simpler than most people think. Pull your last 6-12 months of closed tickets. Focus on the ones with decent analyst notes (even if they&#8217;re inconsistent, that&#8217;s normal). Use AI to extract common patterns: which alert types generated these cases, which enrichment steps were taken, what the typical decision criteria were, and what actions were recommended.&nbsp;<\/p>\n\n\n\n<p>Structure that into KB articles and runbooks. You don&#8217;t need perfection; you need a starting point that the agents can reference and that your team can refine over time.<\/p>\n\n\n\n<p>I&#8217;ve done this across multiple environments, and the results are remarkably consistent. Within a few weeks of seeding the knowledge base and running the fleet in shadow mode, you start seeing the agents produce investigation plans that match what your analysts would have done.&nbsp;<\/p>\n\n\n\n<p>Within a couple of months of benchmarking, you&#8217;re identifying your first auto-close candidates. Within a quarter, you&#8217;re confidently closing a meaningful percentage of Tier 1 cases autonomously and your analysts are spending their time on the investigations that actually need human judgment.<\/p>\n\n\n\n<p>That&#8217;s the AI SOC. Not a magic model that replaces your team on day one. A fleet of purpose-built agents that each do one thing well, feed into each other, and collectively earn the right to carry more weight over time. The Investigation Agent is where all of that comes together, and it&#8217;s where the ROI gets real.<\/p>\n\n\n\n<p>In the final post of this series, I&#8217;ll cover the Verdict Agent, the one that actually makes the call. If the Investigation Agent is the brain, the Verdict Agent is the decision-maker. Stay tuned.<\/p>\n\n\n\n<div class=\"bs-div bs-div-780504ec595335944e97a5b9e1877653f3fe2723 bs-div---default\"><div class=\"bs-div__inner     \">\n<div class=\"bs-div bs-div-f616be2b6523708210818c9c01bf502b59a63177 bs-div---default bs-div--blog-inner-download-guide\"><style>.bs-div.bs-div-f616be2b6523708210818c9c01bf502b59a63177 {background-image: url(https:\/\/swimlane.com\/wp-content\/uploads\/2022\/10\/download-report.png); background-position: center center;\n    background-size: cover;} <\/style><div class=\"bs-div__inner d-flex flex-wrap justify-content-center  flex-md-row-reverse align-items-md-center justify-content-md-between flex-md-nowrap  \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/OG-Demo-Page.png' class='img-fluid'   alt='Get a live demo of Swimlane turbine' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n\n<div class=\"bs-div bs-div-773aef0a3852274bc6b23f7985e05efd194e399e bs-div---default\"><div class=\"bs-div__inner     \">\n<h3 class=\"wp-block-heading\" id=\"h-ready-to-benchmark-your-soc-against-ai\">Ready to Benchmark Your SOC Against AI?<\/h3>\n\n\n\n<p>Your analysts shouldn&#8217;t be the integration layer between six tools on every investigation. Swimlane&#8217;s Hero AI Investigation Agent builds complete, NIST-aligned investigation plans from a single interface, then helps you benchmark, build trust, and start auto-closing the cases that don&#8217;t need human hands.<\/p>\n\n\n\n<span class=\"bs-pro-button bs-pro-button---default bs-pro-button--primary-with-arrow-small bs-pro-button-p-btn-1bb85e19d4a2b512fb5b8458c3d3db3ad053d680\"><style>.bs-pro-button-p-btn-1bb85e19d4a2b512fb5b8458c3d3db3ad053d680 .bs-pro-button__container {background-color: #abb8c3; color: #000000;}<\/style><a href=\"https:\/\/swimlane.com\/demo\/\" target=\"\" rel=\"noopener noreferrer\" class=\"bs-pro-button__container\">Request a Demo<\/a><\/span>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-cd27e20855753a6cd0caa29e7fcd895b139516d3 bs-div---default bs-div--blog-inner-light\"><div class=\"bs-div__inner     \">\n<h4 class=\"wp-block-heading\" id=\"h-tl-dr-the-hero-ai-investigation-agent\" style=\"font-size:26px\">TL;DR: The Hero AI Investigation Agent<\/h4>\n\n\n\n<p>This agent acts as the brain of the AI SOC, but its effectiveness depends entirely on your existing knowledge foundation. Security leaders must stop letting institutional knowledge live exclusively with senior analysts, as this is the primary reason organizations stall on auto-close.&nbsp;<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><strong>To fix this:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mandate extracting the last 6\u201312 months of closed tickets, including analyst notes.<\/li>\n\n\n\n<li>Use AI to identify and extract common patterns:\n<ul class=\"wp-block-list\">\n<li>Alert types<\/li>\n\n\n\n<li>Decision criteria<\/li>\n\n\n\n<li>Recommended actions<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Structure these insights into a foundational knowledge base required by the agent.<\/li>\n\n\n\n<li>Apply a progressive trust framework to operationalize this knowledge.<\/li>\n\n\n\n<li>Within a quarter, enable confident auto-closure of a meaningful percentage of Tier 1 cases, autonomously, making the Investigation Agent\u2019s ROI tangible and freeing your team to focus on complex human-judgment work.<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p><br><\/p>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-fd8632a22b144e6798bea2d36e7aab62982f63eb bs-div---default bs-div--related-posts bs-div--right-sticky-related-posts\"><div class=\"bs-div__inner     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/fr\/tag\/ai\/'><span class='tag-content'>AI<\/span><\/a><a href='https:\/\/swimlane.com\/fr\/tag\/platform\/'><span class='tag-content'>platform<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-related-posts\" style=\"font-size:26px\">Related Posts<\/h3>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69de0659bdc86 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/how-swimlane-cut-mttr-in-half\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__title\">\n        <h5>Inside Our AI SOC: How Swimlane Cut MTTR in Half<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69de0659bedae bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/8-questions-ai-vendors\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__title\">\n        <h5>8 Must-Ask Questions for AI Security Vendors\u00a0<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69de0659bfdb7 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/resources\/reports\/tag-ai-secops-automation\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class='bs-post__image'>\n                            <figure class='figure'>\n                                <img src='https:\/\/swimlane.com\/wp-content\/uploads\/TAG-Cyber-Tech-Report.webp' class='img-fluid' alt='' title='TAG-Cyber-Tech-Report'   \/>\n                                <figcaption class='figure-caption'><\/figcaption>\n                            <\/figure>\n                        <\/div><div class=\"bs-post__details\">    <div class=\"bs-post__title\">\n        <h5>TAG Cyber Tech Report: Using AI for SecOps Automation<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12   bs-column-601afe1d46256d3b13b7ac6679644286e4c6669e bs-column---default     \"><\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":100,"featured_media":55436,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":55438,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[202,250],"resource-type":[67],"resource-topic":[215],"resource-industry":[],"blog-category":[77],"class_list":["post-55428","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-ai","tag-platform","resource-type-blogs","resource-topic-ai","blog-category-platform"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Guide to Orchestraing End-to-End Investigations with AI<\/title>\n<meta name=\"description\" content=\"Stop context-switching. The Hero AI Investigation Agent uses institutional knowledge to orchestrate investigations &amp; confidently auto-close Tier 1 cases.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/fr\/blog\/orchestrer-des-enquetes-avec-lia\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Guide to Orchestraing End-to-End Investigations with AI\" \/>\n<meta property=\"og:description\" content=\"Stop context-switching. The Hero AI Investigation Agent uses institutional knowledge to orchestrate investigations &amp; confidently auto-close Tier 1 cases.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/fr\/blog\/orchestrer-des-enquetes-avec-lia\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_SocialTile_Text.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Guide to Orchestraing End-to-End Investigations with AI\" \/>\n<meta name=\"twitter:description\" content=\"Stop context-switching. The Hero AI Investigation Agent uses institutional knowledge to orchestrate investigations &amp; confidently auto-close Tier 1 cases.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_SocialTile_Text.webp\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/\",\"url\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/\",\"name\":\"Guide to Orchestraing End-to-End Investigations with AI\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp\",\"datePublished\":\"2026-04-08T13:00:00+00:00\",\"description\":\"Stop context-switching. The Hero AI Investigation Agent uses institutional knowledge to orchestrate investigations & confidently auto-close Tier 1 cases.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp\",\"width\":1120,\"height\":666,\"caption\":\"A Guide to Orchestrating End-to-End Investigations with AI\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Guide to Orchestrating End-to-End Investigations with AI\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/fr\/#website\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Guide pour orchestrer des enqu\u00eates de bout en bout avec l&#039;IA","description":"Cessez de changer constamment de contexte. L&#039;agent d&#039;enqu\u00eate IA Hero utilise les connaissances institutionnelles pour orchestrer les enqu\u00eates et cl\u00f4turer automatiquement et en toute confiance les dossiers de niveau 1.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/fr\/blog\/orchestrer-des-enquetes-avec-lia\/","og_locale":"fr_FR","og_type":"article","og_title":"Guide to Orchestraing End-to-End Investigations with AI","og_description":"Stop context-switching. The Hero AI Investigation Agent uses institutional knowledge to orchestrate investigations & confidently auto-close Tier 1 cases.","og_url":"https:\/\/swimlane.com\/fr\/blog\/orchestrer-des-enquetes-avec-lia\/","og_site_name":"AI Security Automation","og_image":[{"width":1200,"height":630,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_SocialTile_Text.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_title":"Guide to Orchestraing End-to-End Investigations with AI","twitter_description":"Stop context-switching. The Hero AI Investigation Agent uses institutional knowledge to orchestrate investigations & confidently auto-close Tier 1 cases.","twitter_image":"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_SocialTile_Text.webp","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/","url":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/","name":"Guide pour orchestrer des enqu\u00eates de bout en bout avec l&#039;IA","isPartOf":{"@id":"https:\/\/swimlane.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp","datePublished":"2026-04-08T13:00:00+00:00","description":"Cessez de changer constamment de contexte. L&#039;agent d&#039;enqu\u00eate IA Hero utilise les connaissances institutionnelles pour orchestrer les enqu\u00eates et cl\u00f4turer automatiquement et en toute confiance les dossiers de niveau 1.","breadcrumb":{"@id":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/A-Guide-to-Orchestrating-End-to-End-Investigations-with-AI_Masthead.webp","width":1120,"height":666,"caption":"A Guide to Orchestrating End-to-End Investigations with AI"},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/fr\/blog\/orchestrating-investigations-with-ai\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"A Guide to Orchestrating End-to-End Investigations with AI"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/fr\/#website","url":"https:\/\/swimlane.com\/fr\/","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","description":"Automatisation par IA agentique pour chaque fonction de s\u00e9curit\u00e9","publisher":{"@id":"https:\/\/swimlane.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/fr\/#organization","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","url":"https:\/\/swimlane.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/55428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/users\/100"}],"version-history":[{"count":4,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/55428\/revisions"}],"predecessor-version":[{"id":55539,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/55428\/revisions\/55539"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media\/55436"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media?parent=55428"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/tags?post=55428"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-type?post=55428"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-topic?post=55428"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-industry?post=55428"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/blog-category?post=55428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}