Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Request] Attack Discovery Alert Filtering #363

Open
dhru42 opened this issue Feb 5, 2025 · 0 comments
Open

[Request] Attack Discovery Alert Filtering #363

dhru42 opened this issue Feb 5, 2025 · 0 comments
Assignees
@benironside
Labels
Team: Security

Comments

@dhru42
Copy link

dhru42 commented Feb 5, 2025

Description

What: We're introducing the ability for users to select which alerts are included as context to LLMs via Attack Discovery

Why: Currently users can only select the number of alerts that are sent as context to LLMs (slider between 50-500) where we would send the most recent alerts. Now, users can control which alerts get sent as well as the time window (previously fixed to Last 24hrs). This makes attack discovery usable for past alerts and find coorelations between specific alerts.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.18

Serverless release

TBD

Feature differences

n.a

API docs impact

TBD

Prerequisites, privileges, feature flags

TBD
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@benironside benironside

Labels
Team: Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmikell821 @benironside @dhru42