# Platform Overview

Radiant is an AI-powered Security Operations Center (SOC) platform designed to automate alert triage, investigation, and response across your entire security stack. Unlike traditional SIEM or point-based AI solutions, Radiant covers 100% of alert types—including complex, multi-signal threats that other platforms cannot handle—and surfaces only verified, high-fidelity incidents to your analysts.

The platform sits as an intelligent layer between your existing security tooling and your analysts, ingesting signals from across your environment, running automated investigations, and escalating only real threats with full context and recommended response steps attached.

## Core architecture

Radiant is built around three tightly integrated components that replace the fragmented workflows common in legacy SOC environments:

{% stepper %}
{% step %}

### Agentic AI triage

Radiant deploys AI triage and research agents that dynamically build and execute investigation logic for every incoming alert. Agents analyze raw signals, correlate data across your integrated tools, and determine whether an alert represents a genuine threat—without requiring pre-built playbooks or rule tuning.
{% endstep %}

{% step %}

### Integrated response

Radiant includes a built-in case management layer that lets analysts execute response actions directly from an escalated incident, without switching tools or building separate response playbooks.
{% endstep %}

{% step %}

### Log management

Radiant includes a built-in security data lake that stores, indexes, and makes all your security logs queryable—without the per-GB ingestion pricing or data retention limits typical of legacy SIEM tools.
{% endstep %}
{% endstepper %}

## How Radiant fits into your stack

Radiant is designed to operate alongside your existing tools. It does not require you to replace your SIEM, SOAR, or MDR. The typical deployment model works as follows:

* Your SIEM, EDR, identity, and network tools continue to generate alerts as normal.
* Radiant ingests those alerts in real time via API integrations and begins automated investigation.
* The AI triage engine investigates, enriches, and correlates each alert against data from your integrated sources.
* Confirmed threats are escalated as Cases with a complete investigation summary and tailored response steps.
* Analysts review escalated Cases, execute response actions (manually or automated), and close the incident.
* False positives are automatically dismissed with documented reasoning, maintaining a full audit trail.

## Integrations

Radiant connects to your existing security stack through 100+ plug-and-play API integrations across EDR, SIEM, IAM, WAF, email, cloud, DLP, network, OT/IoT, and ticketing tools. No custom connectors or professional services engagements are required to get started.\
\
If a required integration is not listed in the integrations catalog, Radiant can custom-build it within approximately two weeks. See [Integrations](https://radiantsecurity.ai/integrations/) for the full catalog, or contact your customer success manager to request a new connector.

## Who uses Radiant

Radiant is used by in-house SOC teams and MSSPs that need to scale detection and response without scaling headcount proportionally. It is particularly well suited to environments where:

* Alert volume exceeds the team's capacity to investigate manually.
* Multiple point tools create fragmented investigation and response workflows.
* SIEM ingestion costs are limiting data coverage or log retention.
* Analyst capacity is consumed by false positive triage rather than confirmed threat response.