# 04\_AR2 Agentic AI

**Autonomous Response and Reasoning**

BluSapphire AR² is an agentic AI that acts as a tireless, 24/7 AI analyst for your security team. It autonomously investigates threats, reasons about their nature and impact, and takes decisive action to contain them in minutes—100x faster than a human team. AR² frees your human analysts from the drudgery of manual investigation and allows them to focus on strategic initiatives.

<figure><img src="/files/VmNIt6u3FYzv5tYvgZUU" alt=""><figcaption></figcaption></figure>

## Key Capabilities

* **Autonomous Investigation:** When a threat is detected, AR² instantly begins a comprehensive investigation, gathering context from various sources, analyzing logs, and querying endpoints.
* **AI-Powered Reasoning:** AR² uses a sophisticated reasoning engine to understand the full scope of an attack, identify the root cause, and determine the appropriate response.
* **Decisive Action:** Based on its investigation, AR² can take a wide range of actions to contain the threat, such as isolating a host, disabling a user account, or blocking an IP address.
* **Human-in-the-Loop:** While AR² can operate fully autonomously, it also supports a human-in-the-loop model, allowing your team to review and approve actions before they are taken.
* **Continuous Learning:** AR² learns from every investigation, constantly improving its ability to detect and respond to new threats.

## How It Works

{% stepper %}
{% step %}

### Trigger

AR² is triggered by a high-fidelity signal from the SIEMless™ engine.
{% endstep %}

{% step %}

### Investigate

The AI agent begins its investigation, querying data sources and running automated playbooks.
{% endstep %}

{% step %}

### Reason

AR² analyzes the collected data to understand the attack and formulate a response plan.
{% endstep %}

{% step %}

### Act

AR² executes the response plan, taking action to contain the threat and notifying the security team.
{% endstep %}

{% step %}

### Report

AR² generates a detailed report of the investigation and response actions, providing a full audit trail.
{% endstep %}
{% endstepper %}

## Benefits

* **Sub-4-Minute Response:** Reduce your mean time to respond (MTTR) from hours or days to under four minutes.
* **100x Faster Than a Human SOC:** Automate the work of a team of analysts and operate at machine speed.
* **Eliminate Analyst Burnout:** Free your team from the repetitive and stressful work of manual alert triage and investigation.
* **24/7 Coverage:** Ensure that threats are being investigated and contained around the clock, even when your team is offline.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.blusapphire.io/release-6.0/04_ar2-agentic-ai.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.