Hero AI

use this section to learn what hero ai is, which turbine features use it, and where to go for chat, automation building, models, and ai soc workflows hero ai is a top level section in the turbine user guide navigation (site root), alongside quickstart and documentation what is hero ai? hero ai is swimlane’s embedded artificial intelligence layer in turbine it helps security analysts and automation builders work faster by combining natural language interaction , generative ai in playbooks , and specialized agents that understand your tenant data, records, and automation context hero ai is not a separate product you log into it is built into turbine screens you already use the hero ai toolbar panel, playbook and component canvases, playbook actions, and solution workflows such as ai soc docid\ ddizyeiqevgzg8ay0fcc5 for standard deployments, inference uses anthropic claude on amazon bedrock in swimlane’s environment, or amazon bedrock in your organization’s cloud for dedicated or private cloud setups see hero ai models docid\ c1ldfgrmok 7z2nei 28b for defaults and fallbacks account administrators can route inference through custom llm docid\ deoy k3jmcpdm c ikrq4 on turbine cloud or turbine platform hero ai features are typically behind feature flags and require opt in for your tenant to enable hero ai, contact swimlane support after enablement, users with the right permissions see the hero ai icon in the turbine toolbar where hero ai appears open hero ai from the turbine toolbar on most pages ( hero ai companion docid\ crqkfvngpcz wj8xthds7 ) the same panel switches to building mode on playbook and component canvases, runs as a native action in flows, and powers ai soc docid\ ddizyeiqevgzg8ay0fcc5 plans and verdicts in case management for mode names and behavior by screen, see hero ai building modes /#hero ai building modes hero only reads data your user can access and fields marked visible to hero ai — hero ai companion docid\ crqkfvngpcz wj8xthds7 key capabilities capability what you get learn more companion chat docked or full screen chat on most turbine screens; record aware questions hero ai companion docid\ crqkfvngpcz wj8xthds7 text to playbook natural language create and edit of playbook flows on the canvas create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb component building natural language create and edit of components in the component builder create and modify components with hero ai docid\ ikukotgcorzumuwb jdsb run components from chat hero selects and runs published components marked visible to hero ai how hero ai executes components docid\ mgzx3dkiiv vi2mhoynev in flow generative ai prompt driven outputs inside a playbook step hero ai native action docid\ c4ckmt7fhxgjbtlxxooc2 agents specialized agents (playbook generator, component agents, ai soc plan and verdict flows, code agent) playbook generator agent reference docid 3jkvn5yplm u06tfjhiac , hero ai models docid\ c1ldfgrmok 7z2nei 28b prompting guidance patterns for reliable prompts in automation and chat mastering generative ai prompting docid\ jmaizzc xey8ywglq6rvo ai soc end to end soc package with plans, verdicts, and case workflows ai soc solution docid\ ddizyeiqevgzg8ay0fcc5 choose your path i want to… start here chat with hero on any screen hero ai companion docid\ crqkfvngpcz wj8xthds7 build or change a playbook flow with ai (text to playbook) create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb build or change a component on the canvas with ai create and modify components with hero ai docid\ ikukotgcorzumuwb jdsb run a published component from chat how hero ai executes components docid\ mgzx3dkiiv vi2mhoynev use generative ai inside a playbook action hero ai native action docid\ c4ckmt7fhxgjbtlxxooc2 see default models and fallbacks hero ai models docid\ c1ldfgrmok 7z2nei 28b route hero ai through your own llm provider custom llm docid\ deoy k3jmcpdm c ikrq4 monitor token usage hero ai dashboard docid\ fizav7ysvgmwke ms1sqc write better prompts mastering generative ai prompting docid\ jmaizzc xey8ywglq6rvo design components hero can run or build ai friendly component best practices docid 3pknx5vxkqsjlltojro7b use hero ai in ai soc investigations ai soc solution docid\ ddizyeiqevgzg8ay0fcc5 watch hero ai in action hero ai companion demo https //swimlane com/resources/videos/demo hero agentic ai secops companion/ hero ai building modes when the hero ai panel is open, turbine picks a mode from your current screen you do not switch modes from a settings menu where you are hero ai mode what it does most screens (records, reports, lists, and so on) general companion questions about tenant data, records, reports, and cybersecurity topics; can run components marked visible to hero ai playbook open in the canvas editor playbook building mode create or modify flows with the playbook generator agent — create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb component open in the component builder component building mode create or modify the component on the canvas — create and modify components with hero ai docid\ ikukotgcorzumuwb jdsb for mode switching when you navigate, see hero ai companion docid\ crqkfvngpcz wj8xthds7 playbook building mode and component building mode edit automation on the canvas how hero ai executes components docid\ mgzx3dkiiv vi2mhoynev describes running published components from the general companion when visible to hero ai is enabled — not editing the component definition hero ai features feature description hero ai companion docid\ crqkfvngpcz wj8xthds7 agentic ai chat on every page of turbine create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb text to playbook and playbook building mode on the canvas playbook generator agent reference docid 3jkvn5yplm u06tfjhiac what the playbook generator agent supports and its limits create and modify components with hero ai docid\ ikukotgcorzumuwb jdsb component building mode in the component builder how hero ai executes components docid\ mgzx3dkiiv vi2mhoynev run published components from companion chat hero ai native action docid\ c4ckmt7fhxgjbtlxxooc2 no code generative ai in playbook automation hero ai models docid\ c1ldfgrmok 7z2nei 28b default claude models and fallbacks by feature custom llm docid\ deoy k3jmcpdm c ikrq4 route hero ai through litellm or custom bedrock hero ai dashboard docid\ fizav7ysvgmwke ms1sqc token usage under admin panel mastering generative ai prompting docid\ jmaizzc xey8ywglq6rvo prompt patterns for hero ai workflows ai friendly component best practices docid 3pknx5vxkqsjlltojro7b naming, inputs, outputs, and ai soc mapping for components ai soc solution the ai soc solution docid\ ddizyeiqevgzg8ay0fcc5 is swimlane’s end to end security operations package powered by hero ai it combines alert and phishing triage, threat intelligence enrichment, case management, and automation with hero ai investigation plans , verdicts , and analyst workflows in case management ai soc solution documentation lives in the solutions guide ( ai soc solution overview https //app archbee com/docs/aehg843hm je6dheciz4l/ddizyeiqevgzg8ay0fcc5 ) the turbine user guide ai soc solution docid\ pf gsd2bmob0vydaryei summarizes why to start with the solution hero ai in ai soc hero ai capability where it appears in ai soc investigation plans generated from case context and knowledge base articles; analysts run plan steps from case management verdicts generate verdict in the determination phase (malicious, suspicious, benign, unknown) companion and agents same hero ai models as companion and agent workflows; see hero ai models docid\ c1ldfgrmok 7z2nei 28b component selection ai soc selects and maps components from investigation plans; see ai friendly component best practices docid 3pknx5vxkqsjlltojro7b ingestion builder ai ingestion workspace uses hero ai–assisted turbine schema mapping for new alert sources choose your path (ai soc) i want to… start here overview of the solution and package ai soc solution docid\ ddizyeiqevgzg8ay0fcc5 install and configure hero ai for ai soc installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j run my first investigation getting started (ai soc) docid\ p7qjquayekczhpxeppwcp understand how hero ai produces verdicts understanding verdict generation docid\ bnyc263ysl2bmajhbaiob follow investigation plan workflows investigation plan workflow docid\ bde8p71mmp2lbymuzuooi learn case layout and ai analysis widget ai soc applications docid\ uosuzrpsl6hfe9d6br5az design components for plan and verdict flows ai friendly component best practices docid 3pknx5vxkqsjlltojro7b additional hero ai capabilities in solutions and marketplace content clear summarization and recommended actions in the case and incident management application https //docs swimlane com/solutions/configure custom case and incident management data mappingscrafted ai prompts — templates for hero ai in daily workflows https //docs swimlane com/solutions/crafted ai prompts artificial intelligence data privacy and security swimlane does not collect or store sensitive customer data in centralized storage locations only metadata about model usage and performance is retained centrally customer data processed by ai or machine learning (ml) models is stored exclusively in the customer’s dedicated database instance, which is logically separated from other customer instances prompts and context required for a response are sent to models hosted on swimlane's aws bedrock instance and are not used to train or fine tune models customers must opt in to use hero ai in their instance of turbine individual risk assessments are conducted on all ai and llm projects before deployment next steps new to hero ai chat → hero ai companion docid\ crqkfvngpcz wj8xthds7 building automation with ai → create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb hero ai in security operations → ai soc solution docid\ ddizyeiqevgzg8ay0fcc5 manual playbook creation → how to create a playbook docid 0 kvg5p4lthw75itmpuwp