Salem Settings (App Configuration)

Visit App Configuration in the Azure portal to update their values. To access App Configuration, follow the instructions below.

How to Access App Configuration

  1. Search App Configuration in your Azure Portal search.

  2. Select the desired configuration for the Resource Group.

  3. On the left menu bar, expand Operations and click on Configuration Explorer

  4. You will be presented with a table of items which you can update desired values for.

  1. To edit the value for any key, click on the ... then Edit. Enter the value in the text box and click Apply

Setting Description

Setting
Default Value
Description

BLOCK_REPORT

5

The maximum number of threat escalations Salem can make within an given hour.

THREAT_SCORE

90

Thread score above this value with be marked as true positive.

THREAT_SCORE_LOWER

70

Report

FP_SCORE

35

Threat score below this value will be marked as false positive.

MIN_CONTEXT

4

A minimum context count must be assigned to the alert before the threat score can be calculated.

THREAT_VISIBILITY_DELAY_FACTOR

3600

(Optional) For debugging purposes, how many seconds will be considered as a day for bulk threat alerts

CACHED_RESULT_LOOKBACK

3

For webhook queries, this checks how far back in days should newer webhook queries should look in the cached results.

WEBHOOK_POLL_INTERVAL

15

Determines how many days back the system should look when retrieving newer webhook queries from cached results.

WEBHOOK_TIMEOUT

900

Determines the amount of time to wait for a webhook call to respond before timing out.

ITR_LIMIT

3

Number of iterations to allow context updates to cascade into further matches. This determines how many times the system will attempt to refine matches in subsequent iterations. A higher value will result in increased processing time.

RELATED_ALERT_LOOKBACK

3

Number to days to lookback when searching for related alerts

PreviousConfigure Salem LLM IntegrationNextTest Network Connectivity

Last updated