Managing Alerts

Use Salem to review recent cyber alerts, identify priority alerts, and provide context to aid Salem in its investigations.

Jump here to see more about how to connect alert data sources to Salem

Salem may forward you alerts it thinks are worth your review. Additionally, you can ask Salem to show you alerts that it is analyzing by first sending Salem a message such as "Hey Salem.: "

When a new cyber alert is provided to Salem, it uses the information available in the alert to understand what kind of threat is being represented. It will then use what it's learned to start adding additional context. As new context is made available, Salem will update its predicted likelihood of whether this alert represents a threat. Salem will ask questions to help it find paths to additional context. By answering Salem's questions, you help it perform better future investigations.

Periodically, Salem may reach out to you to ask you to answer a question. These questions are based on alerts recently received by Salem. Answering these questions improves Salem's ability to identify likely threats.

You can also choose to answer questions by selecting help Salem learn from the main menu card

You can view alert metrics by asking Salem for the latest alert metrics.

From the metrics card, you'll see the number of questions and answers asked.

From the main card, click "Actions" and then the "Metrics" button.