SOC Analyst Guide: AI Security Operations
As a SOC Analyst monitoring AI-related threats, you need to detect prompt injection attacks, data exfiltration attempts, and policy violations in real time. Keeptrusts provides the security telemetry, alert workflows, and investigation tools that integrate into your existing SOC operations.
Use this page when
- You are triaging AI security alerts (prompt injection, data exfiltration, credential exposure)
- You need incident response playbooks for AI-specific threats
- You are monitoring real-time AI events during SOC shifts
- You need to document findings and hand off AI incidents between shifts
- You want to determine whether a policy trigger is malicious or a false positive
Primary audience
- Primary: Technical Engineers (SOC Analysts, Tier 1/2 Analysts, Incident Responders)
- Secondary: Security Analysts, Security Engineers, CISOs
AI Threat Landscape
Threat Categories Monitored by Keeptrusts
| Threat | Description | Detection Policy | Severity |
|---|---|---|---|
| Prompt injection | Malicious inputs to manipulate AI behavior | prompt-injection | Critical |
| Data exfiltration | PII or IP leakage via AI prompts | pii-detector, dlp-filter | High |
| Jailbreak attempts | Bypassing model safety guardrails | content-filter | High |
| Credential exposure | API keys or secrets in prompts | dlp-filter | Critical |
| Abuse patterns | Excessive usage or automated attacks | rate_limit | Medium |
| Quality degradation | Model producing unreliable outputs | quality-scorer | Low |
Alert Triage Workflow
Priority Classification
When a Keeptrusts policy triggers, classify the alert by severity:
| Priority | Criteria | Response Time | Action |
|---|---|---|---|
| P1 — Critical | Prompt injection detected, credential exposure | Under 15 minutes | Investigate immediately, block source |
| P2 — High | PII exfiltration attempt, jailbreak pattern | Under 1 hour | Investigate, escalate if confirmed |
| P3 — Medium | Content filter block, rate limit trigger | Under 4 hours | Log and review in next triage cycle |
| P4 — Low | Quality score below threshold | Next shift | Review during quiet period |
Real-Time Alert Monitoring
# Tail live events for security-relevant policy triggers
kt events tail --policy prompt-injection,pii-detector,dlp-filter
# Check for critical blocks in the last hour
kt events list --since 1h --action block --limit 50
In the Console, the Events page provides filterable views. Apply filters for policy type, action, and time range to focus on security-relevant events.
Initial Triage Steps
For each alert:
- Identify the source — Check the user, gateway, and originating application
- Review the event — Examine the triggering policy and matched content
- Assess intent — Determine if the trigger is malicious or a false positive
- Classify severity — Assign a priority based on the table above
- Take action — Block, escalate, or document per your playbook
# Get details on a specific event
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/events?since=1h&policy=prompt-injection&limit=10"
Incident Response Playbooks
Playbook: Prompt Injection Detected
Trigger: prompt-injection policy fires with block action.
| Step | Action | Tool |
|---|---|---|
| 1 | Confirm the detection in event logs | kt events list --policy prompt-injection --since 1h |
| 2 | Identify the source user and application | Console Events → event details |
| 3 | Check for repeated attempts from the same source | Filter events by user |
| 4 | Block the source if attack is sustained | Revoke gateway key in Console Settings > Gateway Keys |
| 5 | Escalate to security engineering if novel technique | Console Escalations → create escalation |
| 6 | Document findings in incident record | Export event evidence |
Playbook: Data Exfiltration Attempt
Trigger: pii-detector or dlp-filter fires with sensitive data detected in outbound prompts.
| Step | Action | Tool |
|---|---|---|
| 1 | Review the matched content type and pattern | Console Events → event details |
| 2 | Determine if the data is genuine PII or false positive | Manual review |
| 3 | If genuine, identify the scope of exposure | Check if data reached the LLM provider |
| 4 | Notify the privacy team if confirmed PII exposure | Internal escalation process |
| 5 | Review the user's recent activity for patterns | kt events list --user <user_id> --since 24h |
| 6 | Strengthen DLP patterns if a gap is identified | Update dlp-filter policy configuration |
Playbook: Credential Exposure
Trigger: dlp-filter detects API keys, tokens, or secrets in prompts.
# Immediately check for credential exposure events
kt events list --since 1h --policy dlp-filter --action block
# Export evidence for incident documentation
kt export create \
--type events \
--format csv \
--since 24h \
--policy dlp-filter \
--description "Credential exposure incident evidence"
Response: Rotate any exposed credentials immediately. The gateway blocked the request, but treat the credential as potentially compromised.
Escalation Procedures
When to Escalate
| Condition | Escalate To | Priority |
|---|---|---|
| Novel prompt injection technique | Security engineering | P1 |
| Confirmed PII breach | Privacy officer + legal | P1 |
| Sustained attack from single source | Incident commander | P1 |
| Repeated false positives disrupting users | Policy engineering | P3 |
| Provider-side anomalies | Vendor management | P2 |
Creating Escalations
In the Console, navigate to Escalations to create and manage escalation tickets. Each escalation links to the triggering events and tracks resolution status.
# Check pending escalations at shift start
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/escalations?status=pending"
Log Analysis
Key Event Fields for Investigation
When analyzing Keeptrusts events, focus on these fields:
| Field | Use Case |
|---|---|
policy | Which policy triggered |
action | What enforcement action was taken (block, redact, escalate, allow) |
user | The requesting user or application |
gateway | Which gateway processed the request |
model | Target LLM model |
provider | LLM provider |
timestamp | Correlation with other security events |
Correlation with SIEM
Export Keeptrusts events to your SIEM for correlation with other security data sources:
# Scheduled export for SIEM ingestion
kt export create \
--type events \
--format csv \
--since 24h \
--description "Daily SIEM feed"
Threat Hunting
Hunting Queries
Look for patterns that standard policies might not catch:
# Unusual volume from a single user
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/events?since=24h&group_by=user"
# Model usage anomalies — users switching to unexpected models
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/events?since=7d&group_by=model"
# After-hours activity
kt events list --since 24h --limit 100
Indicators of Compromise for AI Systems
| IoC | Detection Method |
|---|---|
| Repeated prompt injection patterns | prompt-injection event clustering |
| Gradual data exfiltration | Increasing PII detection volume per user |
| Credential stuffing via AI | High-volume requests from new sources |
| Reconnaissance prompts | Unusual model or capability probing |
Shift Handoff Procedures
End-of-Shift Checklist
Before handing off to the next analyst:
- Review all P1/P2 alerts and document status
- Update open escalations with current findings
- Note any anomalous patterns observed during shift
- Verify gateway health across all environments
- Export shift summary data
# Generate shift summary data
kt events list --since 8h --action block,escalate --limit 100
# Check current escalation queue depth
curl -H "Authorization: Bearer $API_TOKEN" \
"https://api.keeptrusts.com/v1/escalations?status=pending"
Shift Handoff Template
| Section | Content |
|---|---|
| Active incidents | List any ongoing P1/P2 incidents |
| Escalation queue | Number of pending escalations and oldest item |
| Notable events | Unusual patterns or new threat indicators |
| Policy changes | Any policy modifications during shift |
| Action items | Tasks requiring follow-up on next shift |
SOC Analyst Daily Workflow
| Time | Task | Tool |
|---|---|---|
| Shift start | Review handoff notes and escalation queue | Console Escalations |
| Continuous | Monitor event stream for security alerts | kt events tail |
| Hourly | Triage new P1/P2 alerts | Console Events |
| Mid-shift | Threat hunting sweep | Event queries + correlation |
| Shift end | Complete handoff checklist | Export + documentation |
Success Metrics for SOC Operations
| Metric | Target | Source |
|---|---|---|
| Mean time to triage | Under 15 min for P1, under 1 hr for P2 | Escalation timestamps |
| False positive rate | Under 15% | Triage review data |
| Prompt injection detection rate | > 95% | Policy effectiveness audit |
| Shift handoff completeness | 100% of shifts documented | Handoff records |
| Escalation resolution SLA | Met for > 95% of escalations | Console Escalations |
For AI systems
- Canonical terms: Keeptrusts, alert triage, incident response playbook, SOC operations, threat detection, real-time monitoring, shift handoff
- Key surfaces: Console Events (filterable by policy, action, time), Console Escalations, Console Settings > Gateway Keys (revocation), Events API
- Commands:
kt events tail --policy prompt-injection,pii-detector,dlp-filter,kt events list --since 1h --action block,kt export create - Priority classification: P1 Critical (under 15 min), P2 High (under 1 hr), P3 Medium (under 4 hr), P4 Low (next shift)
- Playbooks: Prompt Injection Detected, Data Exfiltration Attempt, Credential Exposure
- Triage steps: Identify source → Review event → Assess intent → Classify severity → Take action
- Best next pages: Security Analyst Guide, CISO Guide, Escalations Guide, Events Guide
For engineers
- Real-time alert monitoring:
kt events tail --policy prompt-injection,pii-detector,dlp-filter - Check critical blocks:
kt events list --since 1h --action block --limit 50 - Investigate specific events:
GET /v1/events?since=1h&policy=prompt-injection&limit=10 - Block sustained attacks: revoke gateway key in Console Settings > Gateway Keys
- Export incident evidence:
kt export create --type events --format json --since 48h --description "Incident IR-2026-XXX" - Console Events page supports filtering by policy type, action, time range, and user for focused investigation
For leaders
- AI threats (prompt injection, data exfiltration, credential exposure) require dedicated SOC coverage with AI-specific triage workflows and response playbooks
- Priority-based response times (P1 under 15 min, P2 under 1 hr, P3 under 4 hr) align AI incident response with existing SOC SLAs
- Gateway key revocation provides immediate containment for sustained attacks without disrupting other users
- Shift handoff procedures ensure no AI security incident is lost between SOC shift rotations
- False positive rate target under 20% ensures analyst time is spent on genuine threats, not policy noise
Next steps
- SIEM integration patterns: Security Analyst Guide
- Security strategy: CISO Guide
- Escalation workflows: Escalations Guide
- Event monitoring: Events Guide
- Policy configuration: Policy Reference