AI Search and AI Incident Response
My role: Vision and Execution, Team Leadership, UI & UX Design, Design Systems | Industry: Cybersecurity, SaaS
Background
Spotter is the search platform within Securonix that security analysts rely on for searching logs, queries, and indicators of compromise (IOCs), commonly referred to as ‘threat hunting.’ Currently, the only resource available for writing queries is a cheat sheet, with the assumption that all users are proficient in crafting these complex queries.
Before
To search users had to understand the syntax or refer to the cheat sheet examples. Although there was autocomplete and predictive suggestions there was a learning curve.
Solution
Empower any user to search in natural language using AI in Spotter, eliminating the guesswork and friction associated with writing queries. This enhancement also boosts search accuracy, delivering faster time to value for customers.
Wireframes and User Journeys
The team and I started with a few ideations and user flows. Quick iterative ideas to collaborate with Product Management, Engineering and the Data Science teams.
Obstacles
With any product development, we encountered a few obstacles; Product Requirements changed. The team and I had the product ready for engineering to take up development. However, some Product requirements were not fully documented and we had to take in to account of the Anthropic pricing of token usage for the “freemium” version of the product. We made a quick pivot and updated the user journey to reflect the new user flow and made concessions with engineering in order to make the fast approaching deadline.
Product User Journey - MVP and Overall Product Vision
Final Delivery
We discovered AI Search reduced our users search time by 25% and uncovered insights 1x faster.
AI Incident Response
Further extending the EON platform, the design team and I successfully integrated our AI generative module into additional areas of the SaaS platform. From the outset, we focused on driving the UX and product vision, as demonstrated in the Incident Response section of the platform.
In this area, users are provided with actionable next-step remediations for violations and threats, significantly accelerating analysts’ workflows and reducing the number of false positives.