Salem Cyber Doc Site
  • 🏠Documentation Home
  • ✨Initiation Guides
    • Quickstart: Deploy Salem
    • Admin Guide
    • Installing Teams App
    • Feature Overview
  • ✨General Guides
    • Managing Alerts
    • Managing Questions
    • Threat Notification Management
    • Uploading Files
    • Logical Operations
  • ✨Configurations Specification
    • Configuration Home
    • Action Conf
      • "match" ActionConfs
      • "webhook" ActionConfs
      • "llm" ActionConfs
    • Action Definition
      • Azure Log Analytics
      • Microsoft Graph API
      • Splunk Search
      • Bring Your Own LLM
    • Parsing Conf
      • Summary Details
    • Report Conf
    • LLM Configuration
  • 💾Changelog
    • Dec 5th '24: Get cracking on your holiday shopping list
    • July 18th, ’24: Beat the heat and the hackers
    • Apr 17th, '24: Alert showers make analysts sour... no longer with Salem!
    • Mar 5, '24: They're after me (and your) secure systems! We're na-tur-ally suspicious
    • Jan 31, '24: New year, new me... and a new way to extract data from your alerts
    • Dec 21, '23: Jingle bells, WannaCry smells, your escalated alert just laid an egg
    • Nov 14, '23: Stuff the turkey or stuff cyber alerts with context... Why not both?
    • Oct 25, '23: Llama, llama on the wall which alert is scariest of them all
    • Sept 19, '23: Context building via true positive/false positive workflow
    • Sept 1, '23: Alert report UI, webhook actions, and question upgrades
Powered by GitBook
On this page
  • Configuration Home
  • Action Conf
  • Action Definitions
  • Parsing Conf
  • Report Conf
  1. Configurations Specification

Configuration Home

Configuration Home

Salem configuration files control how Salem will process and analyze alerts. Configuration entities ("configs") include instructions for alert parsing, context extraction, incident reporting, and other key Salem functions.

Action Conf

ActionConfs are low-level action classes that dictate how information retrieved from external systems is applied or adjusts requests to user specification.

Action Definitions

Action Definitions are high-level action classes that are referenced by Action and Reporting actions. These Definitions describe how Salem connects to third-party systems for context and reporting actions. Many ActionConfs may reference a single ActionDefinition for connection/authentication to external systems.

Parsing Conf

Parsing Conf defines how Salem will process and extract information from new alerts. Parsing can be defined on default (all alerts), source, and alert scopes, allowing fine control over the parsing of alerts using different data structures.

Report Conf

Report Conf controls how Salem sends notifications regarding alert analysis. Salem is pre-configured to send incident notifications to chat. Notifications can also be sent to third-party systems.

PreviousLogical OperationsNextAction Conf

Last updated 3 months ago

✨