Sept 19, '23: Context building via true positive/false positive workflow

We've been hard at work improving Salem's context building through the true positive/false positive workflow, integrating Salem's webhook actions with external systems, and laying the foundation for future LLM features.

✨ New

True positive/false positive Context Building

Users can now generate context by selecting True Positive or False Positive on an alert's report card. After classifying an alert and selecting a key field for why the selection was made, if a user selects a single context label, they will be prompted to provide more information about how they knew that was the case and how Salem can learn to do the same in the future.

The user can teach Salem how to create context labels on alert details by providing a logical operation, identifying a data system where that information exists, or simply telling Salem to remember the association for the future.

➕ Improved

• Removed the "do you have time for a question" workflow

• Hardened authentication to improve Salem's security from man-in-the-middle attacks

🔧 Fixed

• Fixed the webhook action workflow - see more details in the ActionDefinition page on using this workflow

• Fixed Microsoft Graph API webhook action to include optional parameters

• Fixed interpretation of alert fields with spaces so they are matched correctly for alias identifiers

• Fixed passing too many context labels to the model, delaying predictions

⚙️ In the Works

• Developing architecture to integrate BYOL (bring your own llama 🦙) functionality for customers