Context Manager

Salem context manager allows expert users to add specific context for a Salem alert

What is Context Manager?

Context Manager is an advanced capability for users who understand the Salem context model well. It is a convenience feature that allows an analyst to select any context label to apply to a specific Salem alert. Adding any context to a Salem alert will directly influence and change Threat Scoring

Using Context Manager

  1. Context Manager is available within Continue investigation, by selecting the link at the bottom of the Continue Investigation card view.

  2. From the Context Manager card view, you can select any available Salem context label to apply to this alert. Context labels are organized by Key Context Fields.

  3. Once you've entered the context you wish to add, select, "Update Context"

  4. Depending on your selections, Salem may ask you follow-up questions. To learn more about Salem questions, see Salem Learning Pipeline

Removing Context from an alert

Context Manager can only be used to add context to an alert. To manage context already added to an alert, use Audit Context Actions

PreviousContinue investigationNextAudit Context Actions

Last updated