In the dojo, not every role is about throwing punches. Some roles are about awareness, the unmistakable voice that tells the fighter when to move, where the strike is coming from, and why the opponent matters. That’s the role of the Summary Agent in Sumo Logic Dojo AI.
Unlike a traditional agent, it doesn’t launch queries or carry out actions on its own. Its purpose is to narrate, not act. In doing so, it becomes the foundation for every other decision in the dojo.
What the Summary Agent really does
At its core, the Summary Agent is a storyteller. It takes the fragments of an incident, including the signals, the metadata, and the entities involved, and turns them into a summary. Instead of vague titles like “Execution: Suspicious Behavior,” analysts get a clear explanation of what happened, who was involved, and why it matters.
That shift from label to narrative brings clarity to security teams and helps you get your work done faster. It transforms a blinking red light into a plot you can follow. A tier-1 analyst no longer needs to puzzle over cryptic tags or escalate simply because the picture is incomplete. Senior analysts aren’t buried under noise. SOC leaders also gain a team with a sharper focus and fewer bottlenecks.
From fragments to stories everyone can share
The real breakthrough isn’t just individual clarity. Each summary creates a shared narrative the whole team can use. Whether you’re a SOC analyst deciding if an incident deserves escalation, an observability engineer reviewing system stability, or a manager preparing a report, everyone works from the same language and story, eliminating misinterpretation.
This is helpful for multiple audiences beyond the analyst reading it. That single story can be passed to an incident responder, a cloud engineer, or an executive.
Built with guardrails
Behind the curtain, the Summary Agent runs on models provided by Amazon Bedrock. Privacy and security were non-negotiable: no customer data is ever used to train the models, strict tenant isolation is enforced, and temporary caches that support processing expire automatically.
Analysts don’t have to configure anything or go through training to benefit. The summaries are simply there, appearing alongside every new Insight. Feedback loops let users rate summaries and suggest improvements, but those refinements never risk customer data. The voice of the Summary Agent is consistent, safe, and designed to be trusted.
Proving it in the field
The Summary Agent was tested with several customers during a beta. Within weeks, more than 80% of enrolled customers were actively using it, collectively assessing over 1,700 summaries, with some customers reviewing more than 140 each.
The results speak for themselves. With nearly three out of four positive in-app ratings, customers gained value from the Summary Agent. Analysts pointed to clarity and readability as the most immediate benefits. Managers recognized how summaries smoothed handoffs between people and teams. Instead of each analyst writing notes, everyone looked at the same concise explanation, accelerating collaboration across the SOC and observability.
By the end of the beta, triage times were down by more than 30%, and unnecessary escalations had eased significantly.
Why clarity belongs in the Dojo
Dojo AI is about resilience and conserving energy for real threats. But resilience starts with clarity. The Summary Agent delivers that clarity in a form that isn’t trapped with one person, but shared across the whole organization.
Where other vendors summarize alerts, often one by one, producing fragments of explanation that still need to be stitched together later, the Summary Agent is unique. It summarizes at the Insight level, where signals are already correlated and contextualized, then expresses that as a narrative that can be passed around the team.
It reduces noise, then creates a story that multiple people across SOC and observability can trust and act on.
Explore Dojo AI. Schedule a demo.
