English as a SecOps Language - Agentic SecOps Workspace demo

The AI SOC pitch has settled into a narrow groove. Almost every vendor in the conversation is selling the same thing in different packaging: a faster way to triage alerts. Ken Westin, a senior solutions engineer at LimaCharlie, spent this session pulling at the assumption underneath that pitch. Alert triage is real work, but for a service provider running hundreds or thousands of tenants, it is a sliver of the job. The work that actually eats margin sits everywhere else: deploying sensors, onboarding cloud environments, tuning noisy detections, standing up new tenants, turning fresh threat intelligence into coverage. If AI can only click faster in the queue, it has been pointed at the smallest part of the problem.

What makes a different answer possible is not a model. It is a surface. LimaCharlie has been API-first since its origins, to the point that some customers never open the UI and interact with the platform purely through the API. Westin describes the product as a box of Legos: the EDR agent, log ingestion from cloud, SaaS, and on-prem sources, a full year of searchable retention, incident response through tools like Velociraptor, automation through playbooks, all assembled rather than bought as a fixed shape. The detail that matters for AI is that none of those capabilities live behind a wall the API cannot reach. So when an agent connects through the MCP server, what Westin calls a switchboard for AI tools to talk to other services, it inherits nearly everything the API can do. The translation step that used to require a human, turning intent into the right calls in the right tenant, can now happen in plain language.

The unit of work is an objective, not a console

The clearest evidence for this is how mundane the demonstrations sound when you describe them in plain language, and how much manual labor each one quietly replaces. Westin runs Claude Code directly inside the LimaCharlie UI, where a session connects to the MCP server and loads its skills automatically. From there he asks the kinds of questions a manager actually has: which orgs do I have access to, how many sensors are in a given org, what versions are running. He asks the agent to analyze detections and produce MITRE ATT&CK coverage, output it as HTML, and recommend detections that would close the gaps. None of that is novel as a capability. What is novel is that nobody had to write a script or click through a console per tenant to get it.

The role of skills is what makes the agent decisive rather than chatty. Skills give Claude Code specific context about what individual API calls do, so when Westin asks it to run a query or deploy a sensor, it understands how to proceed without stopping to ask a string of clarifying questions. The skills live in a public repo, which means a provider can read them, extend them, or write their own. That open posture is the difference between an agent that does what a vendor anticipated and one that does what your operation actually needs.

Where the margin actually leaks

The terminal demos are where the argument gets sharp, because they move into the work providers do not bill well for. In VS Code, Claude Code reaches both the MCP server and command-line tools like the AWS CLI and GitHub. Westin asks it to create an installation key and deploy an EDR sensor to an AWS EC2 instance. He never specifies EC2, and the agent infers it from the single instance present, runs the AWS queries, generates the configuration and scripts, and completes the deployment, which he then verifies in LimaCharlie by confirming telemetry is flowing. He scales the same idea to onboarding a customer across AWS, Azure, GCP, and Digital Ocean at once: skills discover the available data sources, deploy sensors, and connect each environment, provided the operator holds the right permissions. By hand, that is a few hours of work. Here it runs in roughly sixteen minutes.

Westin is careful not to oversell the autonomy, and the caveat is worth more than the speed claim. A large organization, he says, probably wants a more stepped approach, deploying off EC2 instances first, bringing in CloudTrail, and letting the agent prompt more often before it acts. The fast path is for smaller environments. That distinction is what separates a credible operational tool from a demo. The same workspace can run wide open or on a short leash, and the operator decides which.

The remaining examples extend the pattern into recurring delivery. Westin stands up a new tenant called Bob's Plumbing, deploys the free community Sigma rules, and enables the Git sync extension so the detection rules and the tenant's full configuration land in a GitHub repository, a setup that can be replicated to spin up further organizations consistently. For false positives, Claude Code analyzes the detection logic and the alerts firing against it, identifies three rules worth changing, and recommends suppression rules, a job Westin notes can run on a schedule to keep tuning detection efficiency without anyone watching. And when a new incident breaks, the agent reads a public article, recognizes the indicators of compromise, builds lookups for them, and writes new detection rules, so a provider can sweep historical telemetry and catch the indicators going forward from one prompt.

Pulled together, these are not six features. They are one claim demonstrated six ways. The bottleneck in a managed security operation was never the analyst's clicking speed. It was that every operational task (deployment, onboarding, reproducibility, tuning, intel) demanded a human translate intent into the right API calls in the right tenant. Expose the whole platform to an agent, give it skills that know what those calls mean, and the translation step largely disappears. For an MSSP or MDR, that is where the economics live, because the tedious work that spans the entire operation is exactly the work that does not scale with headcount. English becomes the interface to the parts of the job a chatbot bolted onto an alert queue was never going to touch.