Question Framework

Salem can be trained by answering questions about alerts. There are various way to train Salem and in turn Salem's ability to predict threats or false positives accurately improve over time.

Onboarding Questions

These questions are general questions

Follow the instructions mentioned here to answer onboarding questions.

Context Questions

Context questions are specific questions related to an alert. Answering these questions helps to provide relevant context to that particular alert. The rules that are created from this process can then be applied to future alerts.

To access alert specific context questions, 1. navigate to an specific alert incident report page 2. Click "Continue Investigation". To learn more about contextualization, see Continue investigation

Analyst/Admin Questions

Both admin and analyst menus have buttons to click called "Questions". Admin questions are specifically for users who have admin level access and analyst question are for users who have analyst level access.