Nov 14, '23: Stuff the turkey or stuff cyber alerts with context... Why not both?

Salem v1.5.1

🦃 Gobble, gobble, gobble! Before we stuff ourselves on cranberry sauce and pecan pie, the Salem team is gobbling up cyber alerts and stuffing them full of context. We're excited to announce the release of our new "Context Manager" feature, which lets users add any context labels they want to security alerts to get the most accurate threat predictions. Does your alert need a dash of "authentication"? Go for it! Want a smattering of "expected action"? Smatter away! Users now have the control to characterize alerts however they like, and the best part is Salem will continue to learn from every user interaction.

So during this season of gratitude, raise a glass of cranberry juice and give thanks to your cyber security team! They're working hard to keep you safe from all the would-be hackers out there. And with Salem's "Context Manager" feature, they're now even better equipped to protect your cyber systems.

✨ New

"Context Manager" Menu

The Context Manager menu is designed to enhance Salem's question-generation and context-creation capabilities, giving users the freedom to characterize alerts however they choose. Users can now bypass questions and insert context labels directly into an alert, which allows them to quickly and effectively manage context labels for quicker threat determinations.

Importantly, Salem's questions are still available to guide your investigation with targeted questions that help you and your team determine which questions and labels have the greatest likelihood of impacting the threat likelihood of an alert.

Check out Salem and Context Manager in action below as it catches Tom Hanks stealing company data in his email exchange with Meg Ryan. You've got mail? No, you've got data exfiltration.

➕ Improved

  • Restructured backend for LLM configurations, providing flexibility to integrate with most customer-provided LLMs

  • Updated the AskSalem LLM prompt to respond within a predefined set of options

  • Users can now provide "additional instructions" to the AskSalem prompts by editing the ActionConf via the Admin menu

  • Added Salem version number to the footer of the Admin menu

  • Updated the "LLM not configured" card to improve readability and provide next steps to users to configure their LLM with Salem

🔧 Fixed

  • Removed duplicate prediction values from alert payloads

  • langchain package update to address published vulnerabilities

  • Added LLM ActionDefinition and ActionConf default stubs

Last updated