Hero AI

Hero AI Companion

the hero ai companion allows swimlane turbine users to interact with hero ai, swimlane’s agentic ai secops companion the hero ai companion can answer questions about the private data in the customer’s tenant or cybersecurity topics for example, you may ask, “what cases involve user mary jane in the last two weeks?” or “how should i remediate cryptolocker?" if you are viewing an application record, hero will recognize the context of the case, enabling you to ask questions like “summarize this case for me,” or “what other issues have occurred with this host in the past week?” the hero ai companion is behind a feature flag and must be enabled to enable this feature, contact swimlane support once enabled, the hero ai icon will appear at the top right corner of the application/screen the hero ai companion is able to read application records, butt cannot yet update records or access other swimlane turbine features such as playbooks or components see the hero ai companion in action in https //swimlane com/resources/videos/demo hero agentic ai secops companion/ demo video uses of the hero ai companion the hero ai companion offers robust features to simplify record management and optimize data access, enabling users to work more efficiently and securely efficient record access hero ai eliminates the need for time consuming manual filtering by allowing users to ask direct questions about the data they need the system generates precise links to the desired records or pages, ensuring users can quickly access relevant information without navigating through complex menus or datasets by clicking on these links, users are seamlessly directed to the exact data they require, saving time and minimizing errors record context if you are viewing an application record, hero will understand the context of the current record so you can ask questions about "this case," "this user," or "this host" and hero will understand what you mean conversations the hero ai companion understands conversation context, so you can ask follow up questions such as "can you give me a shorter answer" or "tell me more about those cases " conversations last as long as the window is open and are reset when you close a window to limit token usage and maintain clarity, conversation context is typically limited to the most recent five prompts and responses when a hero ai response includes a large number of matching records, it displays a preview of up to five records along with the total count to help you view all results, hero ai now provides a link that opens a full report in the swimlane ui this report includes all matching records with the same filters applied you can interact with the report as usual — sort, export, or save it — just like any manually created report view this makes it easy to explore complete results without needing to manually recreate the same view rbac the hero ai companion inherits the rbac settings of the user chatting with hero if a user cannot read an application or field then hero will also not be able to view that application or field hero ai companion windows the hero ai companion icon is located at the right top of the screen click on it to open a window where you can ask your questions the hero ai companion offers two window sizes full screen mode expands the window to occupy the entire screen, ideal for tasks requiring detailed focus or extended use docked mode docks the chat window on the right side of the screen, providing a compact view suitable for multitasking, viewing current record context, or when limited screen space is available note once the window is closed, the conversation history is cleared if the user navigates to a different screen, the companion stays open, and the conversation context is preserved however, the history is cleared if the page is refreshed or the companion is closed configure hero ai visibility settings application visibility settings provide precise control over the data hero companion can access entire applications or specific fields can be toggled on or off, controlling which data hero can access to answer questions for example applications and fields that the ai chatbothat hero can access can be configured by enabling the visibility toggle option restricted fields can be kept hidden even if the application itself is accessible configure applications users have the ability to configure whether an application is visible to hero ai through a toggle button available on the app settings page for newly added applications, the visibility toggle should be turned on by default to enable hero access when the toggle is enabled, the description field becomes mandatory, ensuring that hero understands the purpose of the application a good description is important in helping hero correctly answer questions about the application and its fields you can use the following template to create a good application description that will best help hero answer questions about the application the \[ application name ] (\[ application acronym ]) application is designed to \[state the purpose] it contains information about \[describe the data or records stored in the application] each record in \[application acronym] includes \[list the main data fields and their formats] this application is commonly used to \[describe a use case] \[conventions or terminology for this application that are not a part of general knowledge] an example from the case and incident management application from the docid\ gofetk5tnxwtx8iyfbfev the case and incident management (cim ) application is needed for security operations center (soc) it is designed as a single storage for the records, usually called cases, investigated by the soc analysts records in cim application store the data related to active or ongoing case management tasks, such as resolving incidents, tracking case statuses, automating incident workflows, managing incidents related to specific users/usernames, hosts/hostnames, it assets, ip addresses, emails, severity levels, priorities and observables, case classification and determination analysts typically want to work on the oldest cases (based on first created) with the highest priority (p0 is the highest), the highest severity (critical is the highest), and that are open (status is new) to turn on the visible to hero ai toggle navigate to application & applets > create a new application in create application window, the visible to hero ai is by default toggled on note description field is mandatory in new application > app settings > toggle on visible to hero ai the description field is mandatory if you toggle on the visible to hero ai note if the "visible to hero ai" toggle is turned off for an application, it cannot be turned on for fields for that application configure fields users can configure the visibility of individual fields to hero ai using a toggle button available on the field properties page this new toggle allows for granular control, ensuring that sensitive fields remain hidden if required by default, fields are set to not be visible to hero when the hero ai toggle is enabled, the description field becomes mandatory, requiring users to provide relevant information about the field for better context good field descriptions are short, preferably one sentence and include the meaning and sample values for the field an example of a field description for a vulnerability id field the primary cve id of the vulnerability value format cve yyyy xxxxx sample value cve 2019 12345 to turn on the visible to hero ai toggle drag and drop the required field in the form layout click on the field in field properties window, toggle on the visible to hero ai note by default the visible to hero ai toggle is off the description field is mandatory by strategically using these toggles, organizations can help hero give better answers by only accessing essential fields controlling which applications and fields are available to hero also helps organizations align hero ai's functionality with their policies and data governance standards visibility logic table the visibility logic table explains how the combination of application visibility toggle and field visibility toggle determines hero ai's access to specific data application visibility toggle field visibility toggle resulting hero ai visibility explanation enabled enabled enabled both the application and specific field are turned on, allowing hero ai full access to the data enabled disabled disabled the application is visible, but the specific field is restricted, preventing hero ai from accessing that field's data disabled enabled disabled the application itself is restricted, so even if the field is marked as visible, hero ai cannot access any data from the application disabled disabled disabled both the application and the specific field are restricted, ensuring no access for hero ai thumbs up/down functionality and feedback options hero ai allows users to provide quick and meaningful feedback on ai generated responses using the thumbs up and thumbs down icons displayed beneath each reply these tools help continuously improve the accuracy, clarity, and usefulness of responses within the platform thumbs up – positive feedback click the thumbs up icon of the response accurately answers your question is helpful, clear, or complete matches the expected format or logic this positive feedback reinforces good results and helps the ai learn what works best for users thumbs down – negative feedback click the thumbs down icon of the response is partially correct, incorrect, or irrelevant is difficult to understand due to formatting doesn’t match the context or logic of your request after clicking thumbs down, a feedback panel appears where you can specify what went wrong using one or more of the following options feedback options partially correct the response includes some useful or accurate information but is incomplete or contains minor issues incorrect answer the response is wrong or doesn’t apply to your question irrelevant the response doesn’t address your prompt or goes off topic poor formatting the answer is hard to read, poorly structured, or not formatted according to expectations (e g , broken code blocks or missing syntax) you can also enter specific notes in the “additional feedback” field to give more context for example “this sql syntax doesn't work in mysql it should use date sub() instead of interval ” include last prompt and response by default, the feedback panel includes a checkbox labeled “include last prompt and response ” when checked, this ensures your original question and the ai’s response are submitted together with your feedback this gives reviewers the full context and improves the quality of future responses use case example scenario you ask " can you filter applications created in the last two days? " hero ai replies with select from qe temp app where created at >= now() interval '2 days'; problem you notice that the syntax is not compatible with your sql environment (for example, mysql) and that the explanation lacks detail about the created at field action you click thumbsdown, select incorrect answer add a note “use date sub() instead clarify created at field type ” you leave include last prompt and response checked and click submit your feedback helps improve the assistant’s understanding of sql dialect differences and promotes clearer explanations in future interactions