Overview
The article introduces Scruff, an AI teammate developed by Notion's security team, which automates the triaging and investigation of security alerts, saving over 6 hours per week. Built using Notion's Custom Agents and MCP integrations, Scruff enhances efficiency and consistency in security operations.
What You'll Learn
1
How to build an AI teammate for security investigations using Notion
2
Why automating alert triage can improve team efficiency
3
When to leverage Custom Agents for specialized workflows
Prerequisites & Requirements
- Understanding of security alert processes and workflows
- Familiarity with Notion's platform and its capabilities(optional)
Key Questions Answered
How does Scruff improve the investigation of security alerts?
Scruff automates the triaging and investigation of security alerts, allowing analysts to make decisions in moments instead of spending hours on manual research. It integrates with external security tools, enriches alerts with preliminary analysis, and ensures consistent investigation quality across the team.
What are the measurable benefits of using Scruff?
Scruff has led to a 6+ hour weekly time savings for the DART team, an 84% reduction in median time to investigate false positive alerts, and a 93% faster median time to resolution for those alerts. This automation enhances overall team efficiency and satisfaction.
What components were used to build Scruff?
Scruff was built using Notion's Custom Agents, an Alerts Database for structured alert management, a Runbooks Database for investigation procedures, and MCP integrations for accessing external data sources. These components enable Scruff to function effectively within the security workflow.
Why is Scruff considered a better solution than vendor tools?
Scruff outperformed vendor solutions in integration with existing workflows, customization flexibility, and investigation quality. It allows immediate team adoption since it operates within Notion, eliminating the need for additional training on a separate platform.
Key Statistics & Figures
Weekly hours saved
6+ hours
This statistic reflects the reduction in busy work for the DART team due to Scruff's automation.
Reduction in median time to investigate false positive alerts
84%
This improvement highlights Scruff's efficiency in handling alerts compared to previous manual processes.
Faster median time to resolution for false positive alerts
93%
This statistic demonstrates how quickly the team can resolve alerts with Scruff's assistance.
Increase in job satisfaction scores
30%
This increase occurred in the quarter following Scruff's deployment, indicating improved team morale.
Reduction in security analyst burnout indicators
25%
This reduction suggests that automating routine tasks has positively impacted analyst well-being.
Technologies & Tools
Some links below are affiliate links. We may earn a commission if you make a purchase.
Platform
Notion
Used to build Scruff and manage security workflows.
AI Tool
Custom Agents
Enable the creation of specialized AI teammates for automated workflows.
Data Integration
Mcp Integrations
Allow Scruff to pull data from external security tools and systems.
Key Actionable Insights
1Implementing AI tools like Scruff can significantly reduce the time spent on repetitive tasks in security operations.By automating the triage and investigation processes, teams can focus on strategic tasks such as improving security posture and developing new detection rules.
2Utilizing Notion's Custom Agents can enhance workflow efficiency tailored to specific team needs.This approach allows teams to build solutions that fit seamlessly into their existing processes, ensuring better integration and user experience.
3Regularly updating and refining AI tools based on team feedback can lead to continuous improvement.As teams evolve, so do their needs; maintaining flexibility in AI tools ensures they remain relevant and effective.
Common Pitfalls
1
Failing to integrate AI tools into existing workflows can lead to inefficiencies and user resistance.
When new tools require significant changes to established processes, team members may be reluctant to adopt them, leading to underutilization.
2
Overlooking the importance of continuous updates and improvements to AI systems.
Without regular feedback and updates, AI tools can become outdated and less effective, failing to meet evolving team needs.
Related Concepts
AI Integration In Security Operations
Automation In Incident Response
Custom Workflows In Notion