Each agent is purpose-built for Microsoft Security Copilot. Click through for the full product page, deployment requirements, and SCU pricing.
Lockbase EXposure Agent — executive exposure intelligence across the Microsoft security stack
Synthesize XSPM exposure, Defender vulnerability management, Entra identity risk, and behavioral signals into ranked, executive-ready exposure briefings — without manual correlation.
Learn more
Lockbase Open XDR — Cross-EDR Investigation Coach for Microsoft Security Copilot
Investigate alerts in CrowdStrike Falcon and Microsoft Defender for Endpoint side by side, inside Security Copilot.
Learn more
LockBase is publishing additional agents across SOAR, identity, and detection engineering. Check back soon — or contact us to be notified.
Get on the listLOX Agent ships against CrowdStrike + Defender out of the box. If your environment runs different EDRs, different data feeds, or has Sentinel playbooks and datalake pipelines that need first-class hand-off, we'll customize an agent purpose-built for your SOC.
We rebuild the active-EDR side of LOX against the platform you actually run — CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity, Palo Alto Cortex XDR, Carbon Black, or anything with an alerts API.
Bring your own telemetry: a SIEM you already pay for, a custom datalake, a threat-intel feed, identity logs, network sensors. We map it into the agent's investigation graph so every finding cites its source.
Automate agent triage straight from Sentinel incidents using the Logic Apps connector for Security Copilot agents — fire a full investigation as a step inside any playbook. Then tap into Sentinel's MCP plugin to search deeper data sets directly inside your Sentinel datalake.