Solutions and Applications
AI SOC Solution
AI SOC Ingestion
the ai ingestion application helps you build vendor connectors and alert ingestion pipelines quickly — without writing code or learning jsonata a guided custom widget builds turbine components from an uploaded openapi specification, one per endpoint hero ai then assists in mapping incoming raw alert data — from any source — to a standardized turbine schema object, producing an ingestion component ready to use in downstream ai soc playbooks why use the ai ingestion ssp security operations teams integrating third party tools into swimlane turbine typically face two challenges connector reliability connectors to third party tools are often untested because swimlane rarely has direct access to a customer's third party environment during development errors are common, and building or editing connectors hasn't been straightforward for customers turbine schema mapping complexity mapping raw vendor alert fields to the turbine schema requires specialized knowledge of canvas, jsonata expressions, and the swimlane proprietary turbine schema this slows down teams that need to get ingestion pipelines running quickly the widget addresses the first challenge by converting openapi specifications into ready to use turbine components automatically — no connector expertise required for turbine schema mapping, hero ai steps in it analyzes raw alert data, suggests field mappings to the turbine schema, and generates the jsonata expression, removing the need for manual schema knowledge the ai ingestion application surfaces both capabilities in a step by step custom widget what the ai ingestion widget does the ai ingestion application provides a single custom widget with two main modes create connector actions as components convert an openapi specification into turbine components, one per endpoint, that you can reuse across playbooks run the ingestion process build a complete alert ingestion component using one of three flows open the ingestion tab; under generate ingestion component/playbook using choose existing components , api specification , or webhook use the toggle at the top of the widget to switch between modes you can run each flow independently package contents true 119,154 85714285714286,387 1428571428571left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type application fields the ai ingestion application includes the following fields the widget populates these during execution; most are read only the audit tab displays them for review true 110,110,110,110,110,111left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type prerequisites before you use ai ingestion confirm that you have access to the ai ingestion application (installed as part of ai soc) confirm that your turbine instance runs version 26 0 0 or later confirm that hero ai is enabled in your turbine environment the widget's ai assisted features, including turbine schema mapping suggestions and jsonata expression creation, require hero ai to enable hero ai, contact swimlane support obtain the openapi specification (json or yaml) for the vendor tool you want to integrate installation ai ingestion is installed automatically when you install the ai soc solution see docid b7njxu5xnzyrjcngqg5j for how to install ai soc and configure the solution after installation, the ai ingestion workspace and ai ingestion application are available; navigate to workspaces → ai ingestion workspace to open the application