Automated Cyber Alert Investigations
Salem automatically investigates, enriches, contextualizes and scores new cyber alerts from SIEM, EDR, XDR and other cyber tools.
Salem Alert Investigation Overview
Salem was specifically designed to automate cyber investigations. Every alert sent to Salem will be automatically investigated. The investigation process includes the following components:
Parsing
Format and normalize data from the alert. Salem is capable of accepting alerts in any modern alert data format. The parsed alert will be rendered in a JSON format within Salem.
Enrichment
Salem collects new information to add to an alert to help support the investigation. Some enrichment will happen automatically, and other enrichments will be selected by Salem based on what additional information is needed to complete the investigation.
Contextualization
Salem understands the context surrounding activity, accounts, systems, programs and data. Salem strives to know as much as possible about the objects and entities associated with a cyber alert. This helps Salem gain a full picture of what has occurred. Salem leverages both default contextual understanding was well as organizational context learned over the course of prior Salem investigations.
Evaluation
Leveraging the alert investigation context, Salem generates a threat score using a sophisticated AI model that understands the interrelationship between the objects and entities associated with an alert.
Response
At the conclusion of an investigation, Salem directs response actions, including Salem Threat Notifications in chat, and other organization configured response actions.
Last updated