During this 👻spooktacular👻 season, the Salem team has been conjuring up some hex-citing new capabilities for our users. Salem v1.4.6 unveils the "Continue Investigation" workflow, empowering alert detectives and security professionals to delve into the depths of their most intriguing system alerts. As an integral part of this workflow, we are thrilled to announce the release of the "Ask Salem" feature, allowing users to harness the power of a large language model (LLM) of their choice within the Salem framework. This groundbreaking feature enables users to rapidly augment Salem's knowledge base and refine its capabilities to meet their specific needs.
With the combined might of Salem's investigative prowess and the boundless potential of LLMs, users can now embark on more comprehensive and insightful investigations, uncovering hidden threats and gaining a deeper understanding of their security posture. So, prepare to be spellbound as you witness the power of Salem's latest enchantments.
✨ New
"Continue the Investigation" Workflow
Salem's new "Continue Investigation" workflow replaces the "Add Context" feature set, making Salem a more effective sidekick to security analysts by generating and proposing questions that are most likely to impact incident assessment. The "Continue Investigation" workflow continues Salem's tradition of working in tandem with our security analyst heroes to learn and apply their expertise to future alerts.
"Ask Salem" Feature Release
Everyone needs a little help sometimes, so we're excited to announce the release of the "Ask Salem" feature set! Users can now request a nudge in the right direction when answering Salem context questions and receive a recommended answer to the question.
➕ Improved
- Improved design and functionality of the alert question menu, allowing users the ability to access the "Alert Context Manager" menu
- Reanalyzing alerts - users now trigger a reanalysis of alerts every time new information is created. Users can then track the progress of the analysis by monitoring the alert's status
- Alert processing logs - support Salem's health reporting and identifying where alerts are failing during the processing pipeline
🔧 Fixed
- Alert status based on the minimum action context labels
- Deduplicating the action object within alert details, led to redundant information and poor performance