Hero AI Companion

hero ai companion the hero ai companion is swimlane’s agentic ai chat experience in turbine use it to ask questions about records, reports, and cybersecurity topics in natural language the companion uses one panel across turbine on most screens you get the general companion ; on a playbook or component canvas you get playbook building mode or component building mode instead see hero ai modes and context /#hero ai modes and context or the hero ai docid\ swz8uetvmvoojwgm xnk overview the hero ai companion is behind a feature flag and must be enabled to enable this feature, contact swimlane support once enabled, the hero ai icon appears at the top right corner of the screen choose your path i want to… go to open and use the chat panel open the hero ai companion /#open the hero ai companion clear the current chat without closing the panel reset conversation history /#reset conversation history control what data hero can read configure hero ai visibility settings /#configure hero ai visibility settings understand companion vs building modes hero ai modes and context /#hero ai modes and context build or change playbook flows with ai create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb see what the playbook generator agent can do playbook generator agent reference docid 3jkvn5yplm u06tfjhiac build or change a component on the canvas with ai create and modify components with hero ai docid\ ikukotgcorzumuwb jdsb run a component from chat (not edit the canvas) how hero ai executes components docid\ mgzx3dkiiv vi2mhoynev send feedback on a response thumbs up/down functionality and feedback options /#thumbs updown functionality and feedback options if you are viewing an application record, hero recognizes record context so you can ask about "this case," "this user," or "this host " the general companion can read application records it cannot update playbook or component canvas layouts from the main toolbar chat alone to edit a playbook flow or component on the canvas, use the matching building mode (see below) hero ai modes and context hero ai uses one panel across turbine the mode depends on which screen you are on , not on a separate setting you turn on in the menu where you are hero ai mode what it does most screens (records, reports, components list, and so on) general companion questions about tenant data, records, reports, cybersecurity topics; can run components marked visible to hero ai (see how hero ai executes components docid\ mgzx3dkiiv vi2mhoynev ) playbook open in the canvas editor playbook building mode create or modify flows with the playbook generator agent — create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpb component open in the component builder component building mode create or modify the component on the canvas — create and modify components with hero ai docid\ ikukotgcorzumuwb jdsb how mode changes when you navigate open hero ai from the toolbar on any screen → you start in (or return to) the general companion unless you are already inside a playbook or component canvas editor open a playbook or component in the canvas editor and open hero ai (toolbar, build with hero ai , or start building with hero ai on an empty playbook) → the panel enters playbook building mode or component building mode you should see a banner such as entered playbook building mode or entered component building mode , and a footer label with the same name navigate away from that editor (for example, back to the components list or playbooks list) → canvas context clears and the panel returns to the general companion welcome (for example, hello! how can i help you today? ) you do not need to close and reopen hero ai playbook building mode and component building mode are for editing automation on the canvas how hero ai executes components describes running published components from the general companion when visible to hero ai is enabled — not editing the component definition see the hero ai companion in action in this https //swimlane com/resources/videos/demo hero agentic ai secops companion/ demo video open the hero ai companion click the hero ai icon at the top right of the screen the hero ai panel opens on the right (docked) or full screen, depending on your last layout choice type a question in the input area and send it hero ai companion panel controls the panel header shows hero ai and action icons on the right control icon / location what it does maximize chat / minimize chat expand or collapse icon switches between docked (right side) and full screen layout more options vertical ellipsis (three dots) opens a menu with additional actions end chat x closes the companion panel reset conversation history use reset conversation history when you want a new chat in the same open panel without closing hero ai open the hero ai panel click the more options menu (vertical ellipsis) in the panel header click reset conversation history hero clears the visible messages and starts a new conversation any in flight request is canceled so it does not affect the new chat reset conversation history is not the same as closing the panel end chat ( x ) closes the panel and also clears history when you reopen it reset conversation history clears the thread while the panel stays open on a playbook or component canvas , reset also starts a fresh session for playbook building mode or component building (history and session context are cleared) uses of the hero ai companion efficient record access hero ai reduces manual filtering by letting you ask direct questions about tenant data responses can include links to records or pages so you can open the exact item in the ui record context when you view an application record, hero uses that record as context you can ask questions about the current case, user, host, or other fields on the record conversations and context window the companion keeps context for follow up questions (for example, "give me a shorter answer" or "tell me more about those cases") context is typically limited to the most recent five prompts and responses to manage token use action effect on conversation reset conversation history (menu) clears messages and starts a new thread; panel stays open end chat ( x ) closes the panel; history is cleared refresh the browser page history is cleared leave a playbook or component canvas editor panel can stay open; mode returns to the general companion (building banners clear) navigate to another screen (still in general companion) panel can stay open; chat history usually continues until you reset, close, or refresh large result sets and reports when a response matches many records, hero shows a preview (up to five records) and the total count a link can open a full report in the swimlane ui with the same filters applied you can sort, export, or save that report like any other report view rbac the hero ai companion inherits the rbac settings of the user chatting with hero if a user cannot read an application or field, hero cannot use that application or field in answers hero ai companion windows the companion supports two layouts mode description full screen mode occupies the entire screen; suited to longer sessions docked mode panel on the right side; suited to multitasking and record context use maximize chat or minimize chat in the panel header to switch layouts configure hero ai visibility settings application and field visibility control which data hero can access when answering questions enable visibility on an application or field so hero can use it in answers disable visibility to restrict hero from that data even if the user can read it in the ui configure applications configure whether an application is visible to hero ai from app settings for new applications, visible to hero ai is on by default when the toggle is on, the description field is required so hero understands the application purpose use this pattern for application descriptions the \[application name] (\[application acronym]) application is designed to \[purpose] it contains information about \[data stored] each record in \[acronym] includes \[main fields and formats] this application is commonly used to \[use case] \[terminology specific to this application ] example (case and incident management) the case and incident management (cim) application supports security operations center (soc) operations it stores case records investigated by analysts, including status, priority, severity, users, hosts, assets, observables, and determination analysts often work oldest cases first ( first created ), highest priority (p0 is highest), highest severity ( critical is highest), and open status ( new ) turn on visible to hero ai for an application navigate to applications & applets and open create a new application , or open an existing application app settings in create application or app settings , set visible to hero ai to on (default for new applications) enter a description (required when visibility is on) save the application if visible to hero ai is off for an application, you cannot turn it on for individual fields in that application configure fields configure field visibility from field properties on the form layout by default, fields are not visible to hero ai when you turn visibility on, description is required good field descriptions are one short sentence with meaning and sample values when helpful example the primary cve id of the vulnerability value format cve yyyy xxxxx sample value cve 2019 12345 turn on visible to hero ai for a field in form layout , select the field in field properties , turn on visible to hero ai enter a description (required when visibility is on) visibility logic table application visible to hero ai field visible to hero ai hero ai can use the field on on yes on off no off on no off off no thumbs up/down functionality and feedback options use the thumbs up and thumbs down icons under each reply to send feedback thumbs up – positive feedback click thumbs up when the response answers your question accurately is helpful, clear, or complete matches the expected format or logic thumbs down – negative feedback click thumbs down when the response is partially correct, incorrect, or irrelevant is hard to understand because of formatting does not match the context or logic of your request after thumbs down , a feedback panel appears with options option when to use it partially correct some information is useful but incomplete or has minor issues incorrect answer the response is wrong or does not apply irrelevant the response does not address your prompt poor formatting the answer is hard to read (for example, broken code blocks) you can add notes in additional feedback by default, include last prompt and response is checked so reviewers see full context use case example you ask "can you filter applications created in the last two days?" hero ai replies with sql that uses syntax your environment does not support you click thumbs down , select incorrect answer , add a note (for example, "use date sub() for mysql clarify created at field type "), leave include last prompt and response checked, and click submit see also create and modify playbooks with hero ai docid\ tmmnjglc0e9lipo37kzpbcreate and modify components with hero ai docid\ ikukotgcorzumuwb jdsbhow hero ai executes components docid\ mgzx3dkiiv vi2mhoynevcomponents https //app archbee com/docs/wdlpsa7glls1ghfgxbo9d/c7ipcs5ndr9sgu4z6pjs0hero ai docid\ swz8uetvmvoojwgm xnk — overview of all hero ai features