Gurucul launches Sme AI to improve threat detection and response capabilities

Gurucul has launched its new generative AI capability called Sme (Subject Matter Expert) to accelerate threat detection, supercharge security investigations and automate responses.

Sme AI empowers Security Operations Center (SOC) analysts with powerful insights into a rich, correlated dataset across identity, security, network, enterprise and cloud platforms. It will improve SOC team efficiency and help counter the ongoing challenges of limited resources and skill sets, overwhelming alert fatigue, false positives and mis- or unprioritized alerts.

“Gurucul was founded more than a decade ago on the idea that the application of ML and AI on large data was an enabler for cybersecurity. The recent widespread acceptance and use of Generative AI validates our continued investment and innovation in ML and AI,” said Saryu Nayyar, CEO at Gurucul.

“Sme AI is purpose-built to support analysts in their day-to-day activities and help them detect, investigate and respond to threats so they can stay ahead of adversaries. While attackers are using AI and manipulating common frameworks to build malware, the security community needs to invest and leverage purpose-built AI to fight this battle more effectively,” Nayyar continued.

Gurucul Sme AI improves threat detection and response capabilities:


  • Provides proactive suggestions for detections and threat hunting queries. This increases threat hunting efficacy, reduces mean time to detection (MTTD), uncovers unknown threats and indicators, and quickly adapts to changing/dynamic/new datasets at a speed impossible for humans to manage alone.
  • Creates new threat content based on recent trends, learnings across customers and industry verticals to dynamically build detection rules, models, queries, reports and more.
  • Trained not only for cyber threat detection but also insider threat and ITDR, identity and access-based incidents including account compromise, AD/LDAP attacks, etc.


  • Auto-triages alerts based on historical triage patterns, investigation notes, types of detection, relevance, attack trends, etc. This helps analysts prioritize the investigation of the riskiest alerts, empowers users and speeds up investigations by moving away from multiple screens, clicks, queries and streamlining other interactions with the platform.
  • Leverages contextually aware and enriched data for efficient investigations.


  • Automates key incident response activities with ease including creating custom reports, taking bulk actions, and multi-step workflows.
  • Supports natural language-based, free-form search to simplify and accelerate typical tasks and reporting.
  • Provides auto-response based on historical response actions to significantly reduce manual steps for critical alerts.
  • Recommends new SOAR playbooks based on the alerts and response action trends.

“This feature is the most recent example of how Gurucul is upholding our guiding principles of improving the user experience and fostering better collaboration,” says Nilesh Dherange, CTO at Gurucul. “We are constantly working to improve the reliability of our Sme AI by augmenting it with traditional ML techniques, scoping down attributes, workflows, and more.”

The launch of Sme AI comes quickly after the launch of the Gurucul Security Analytics and Operations platform, Powered by Snowflake, that will enable customers to seamlessly run Gurucul’s Next-Gen SIEM, Open XDR, UEBA and Identity Analytics solutions on the Snowflake Data Cloud. The platform allows data, services and applications to be optimally deployed between the Snowflake Data Cloud and Gurucul’s cloud-native infrastructure.

In April 2023, Gurucul announced an extension of the capabilities of its Security Analytics and Operations Platform to help organizations cost-effectively secure their increasingly complex cloud architectures, reach deeper insights faster, and enrich enterprise-wide visibility.

The latest innovations provide 500 days of searchable data, robust purpose-built security use cases, coverage for identity-based threat detection and response (ITDR), and unified observability for any cloud environment.

Don't miss