Skip to content

Welcome to XTM One

XTM One is Filigran's AI-native threat-informed defense platform for the XTM Suite. It brings together AI assistants, agentic workflows, reusable resources, and operational automation in one layer that can be used as a standalone product or from inside other XTM Suite products such as OpenCTI and OpenAEV.

In practice, XTM One is the place where AI becomes useful in daily work: asking questions, summarizing content, guiding investigations, triggering repeatable actions, reusing trusted knowledge, and following what the platform did on your behalf.

What XTM One is for

Use XTM One to:

  • access AI assistants built for cyber, intelligence, operations, and business workflows
  • ask for summaries, explanations, extractions, recommendations, and guided next steps
  • launch or monitor automated work handled by agents, assignments, and flows
  • reuse shared resources such as knowledge bases, prompts, skills, MCP servers, tools, variables, and integrations
  • review execution history, outputs, statuses, and results before taking action
  • use a common AI layer across the wider XTM Suite with shared authentication and platform services

Who it is for

XTM One is designed for business users, analysts, and operators. You do not need to be an AI specialist to use it.

It is useful for teams that work with:

  • OpenCTI
  • OpenAEV
  • cyber threat intelligence
  • investigations and analysis
  • reporting and summarization
  • operational triage and follow-up
  • security operations
  • threat-informed defense
  • email and messaging workflows
  • support or operational queues

What you will typically do

You will usually spend your time in a few places:

  • the Dashboard to see an overview
  • Chat to ask for help or start a conversation with an AI assistant
  • Agents to view and use configured assistants
  • History to check what happened and what was completed
  • Profile to update personal settings

Typical end-user activities include:

  • asking an assistant to explain, summarize, or transform content
  • using a prepared agent for a repeatable use case instead of writing long prompts manually
  • reviewing a run that was triggered automatically from a schedule, event, or external system
  • working with shared knowledge, prompts, skills, and tools created by your organization
  • using XTM One features from inside OpenCTI or OpenAEV when AI is embedded there

Access levels

What you can do in XTM One depends on your license and your role.

  • You may only see and use the shared platform capabilities.
  • You may be able to use the pre-packaged AI assistants.
  • You may be able to create and manage your own AI agents, flows, skills, tools, and integrations.

This guide will explain those differences only when they matter for a task.

Key words in this guide

You will see a few recurring terms throughout this documentation:

  • Agent: an AI assistant configured for a specific use case, role, or workflow
  • Assignment: an automation rule that tells an agent when to run and what to do
  • Flow: a coordinated multi-agent workflow or operating sequence
  • Knowledge Base: searchable internal knowledge used to ground answers and actions
  • Prompt and Skill: reusable instructions that shape how agents behave
  • Tool or MCP Server: capabilities that let agents query, fetch, or act outside the chat itself
  • Integration: a connection to another system such as messaging, email, or external platforms

The main app uses a left sidebar for navigation.

The key sections are:

  • Dashboard
  • Agentic Flow
  • Chat
  • Agents
  • History
  • Knowledge
  • Prompts
  • Skills
  • MCP Servers
  • Tools
  • Variables
  • Integrations

If you are an administrator, you will also see:

  • Intents
  • Users
  • Groups
  • Objects
  • Logs
  • Settings

Some deployments may include additional administration modules, but these are the standard XTM One sections.

Top-right actions

The top bar may include quick actions for:

  • manual triggers
  • AI Catalog
  • notifications
  • your profile
  • settings, if you are an administrator
  • sign out

AI Catalog

XTM One also includes a catalog view for published items. It is used to browse shared content such as:

  • agents
  • skills
  • prompts
  • MCP servers
  • tools

XTM One in other XTM Suite products

Depending on your deployment, you may also use XTM One from inside another Filigran product such as OpenCTI or OpenAEV.

In those cases, XTM One appears as an embedded AI capability inside the product where you already work, rather than as a separate destination.

That means the same XTM One concepts can show up in different forms:

  • an assistant panel or AI action inside OpenCTI
  • embedded workflows, summaries, or contextual help inside OpenAEV
  • shared resources and automations that are managed centrally in XTM One but used from another product

What this guide covers next

The next chapter explains how to get started.

After that, the guide moves into a Foundations section so you can understand the XTM One model before reading the screen-by-screen chapters.

The guide also includes a dedicated section for XTM One in XTM Suite Products for teams who mainly experience XTM One from inside OpenCTI or OpenAEV.