Solutions and Applications
AI SOC Solution
AI SOC Ingestion
the ai ingestion application helps you build vendor connectors and alert ingestion pipelines quickly β without writing code or learning jsonata a guided custom widget builds turbine components from an uploaded openapi specification, one per endpoint hero ai then assists in mapping incoming raw alert data β from any source β to a standardized turbine schema object, producing an ingestion component ready to use in downstream ai soc playbooks why use the ai ingestion use the ai ingestion when you want to integrate new alert sources faster , prototype ingestion paths against real vendor apis, and hand standardized turbine schema output to your existing ai soc playbooks without hand building every connector and mapping from scratch what it helps you do quick integration upload an openapi specification and generate turbine components per endpoint so you can connect to vendor apis in a repeatable way prototyping and iteration test api calls, inspect sample payloads, and adjust mappings before you commit to production routing and automation consistent normalization hero ai suggests how raw vendor fields map to turbine schema fields (the turbine schema is the mapping target you work against) so alerts land in a predictable shape for downstream flows reuse across playbooks components you generate can be referenced from multiple playbooks and templates, so you invest once and reuse the following section describes the widget modes and how to run each flow alert ingestion only ai ingestion helps quickly build alerts ingestion pipelines and not email ingestion what the ai ingestion widget does the ai ingestion application provides a single custom widget with two main modes create connector actions as components convert an openapi specification into turbine components, one per endpoint, that you can reuse across playbooks run the ingestion process build a complete alert ingestion component using one of three flows open the ingestion tab; under generate ingestion component/playbook using choose existing components , api specification , or webhook use the toggle at the top of the widget to switch between modes you can run each flow independently package contents component name description application ai ingestion the core application that hosts the ai ingestion widget it has two tabs ingestion (the widget) and audit (fields populated by the widget during execution) hero ai visibility is enabled by default application alert schema store stores cached hero ai generated mappings between incoming raw alert data and the turbine schema for repeatable ingestion component ai soc alerts to turbine schema handles mapping so incoming alerts are converted to turbine schema automatically appended to newly generated ingestion components or webhook ingestion playbooks workspace ai ingestion workspace a dedicated workspace for the ai ingestion application created automatically when you install from the content library workflow (unnamed) an application workflow linked to the ai ingestion application it has no stages configured on import add stages and actions to define what happens after an ingestion record is created report default a default search report that displays records sorted by tracking id template playbooks and entry flows these template playbooks are shipped to help you standardize ingestion patterns playbook bundle name primary flow title sensor or trigger notes ai soc β alert ingestion (webhook) β template ingest webhook alert http webhook trigger; emits on ingest alert ai soc β alert ingestion (cron) β template ingest bulk alerts scheduled cron; ingest alert listed as the emitting sensor ai soc β phishing ingestion (cron) β template scheduled teds email fetch and emit loop cron schedule; emits each email to ingest email ai soc β test email ingestion (webhook) emit test email to email ingestion flow webhook trigger; forwards to ingest email ai soc β test case generator ai soc alert case generator; phishing case generator synthetic case generation for testing pipelines all of these converge on ingest alert to case record (event) or ingest email to case record (event) , which normalize payloads into case management records application fields the ai ingestion application includes the following fields the widget populates these during execution; most are read only the audit tab displays them for review field type required read only visible to hero ai notes api specification uploaded attachment no yes no the api specification file used; populated by the widget asset created/used text no yes no the http asset created or selected during the ingestion setup final ingestion component list no yes no the generated ingestion component(s); populated by the widget name of component(s) generated list no yes no names of the components generated during the process vendor product text no no no identifies the vendor or data source editable tracking id tracking β yes yes auto generated uses the prefix ai (for example, ai 1, ai 2) prerequisites before you use ai ingestion confirm that you have access to the ai ingestion application (installed as part of ai soc) confirm that your turbine instance runs version 26 0 0 or later confirm that hero ai is enabled in your turbine environment the widget's ai assisted features, including turbine schema mapping suggestions and jsonata expression creation, require hero ai to enable hero ai, contact swimlane support obtain the openapi specification (json or yaml) for the vendor tool you want to integrate installation ai ingestion is installed automatically when you install the ai soc solution see docid b7njxu5xnzyrjcngqg5j for how to install ai soc and configure the solution after installation, the ai ingestion workspace and ai ingestion application are available; navigate to workspaces β ai ingestion workspace to open the application