Knowledge Base Articles (KB)

knowledge base articles store reusable investigation guidance, runbooks, and procedures hero ai uses linked kb articles when generating investigation plans and when suggesting components, so the content and structure of your articles directly affect plan quality and relevance 1\) open knowledge base articles navigate to application records → kb article search by title or matching value to find articles 2\) core fields true 220,220,221left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type 3\) what kind of information to put in kb articles use kb articles for the following types of content the guidance and context summary fields should clearly state when the article applies and what steps or decisions it covers true 220,220,221left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type guidance should be actionable short context in context summary , then clear steps or criteria in guidance keep language consistent so both analysts and hero ai can use the article reliably 4\) linking and matching value link kb articles to signals for immediate context during triage; analysts and hero ai see linked articles when working the signal matching value controls auto linking when the system matches incoming signals or cases to articles (for example, by alert name or source) align matching value to the alert patterns or identifiers you use so the right articles attach automatically matching value is optional use it when you want automatic linking; leave it blank for general or global articles that analysts attach manually or that hero ai uses from context 5\) why kb articles matter kb articles provide the baseline context hero ai uses to generate investigation plans and to suggest relevant components articles linked to a signal (or matched via matching value ) improve plan quality and reduce irrelevant suggestions standardizing procedures in kb articles leads to consistent responses and faster onboarding; new analysts and automation both rely on the same source of truth if hero ai suggests components in the plan builder that are not in your environment, create global kb articles that describe your customer environment and available tools that gives hero ai context so it suggests relevant components instead of generic marketplace components hero ai may also suggest components that are purpose built for other solutions (for example, the classic soc solution) always review suggested tools to ensure they are appropriate for the step; if not, select a different component from the available tools in the tenant see docid\ cknuxqv85k9lu0ocqv218 analyst tips link relevant kb articles to signals for quick context and better ai generated plans keep matching value aligned to common alert names or patterns so the right articles auto link use scope (global vs organization specific) so articles appear only where they apply review and update guidance and context summary when procedures or tools change so plans stay accurate commonly used fields title , record type , category , scope to classify and target the article context summary and guidance to document when the article applies and the actual procedures status and read only to control visibility and prevent edits matching value to enable auto linking to signals and cases where applicable detailed workflow create or update articles as your standard operating procedures and tooling evolve set scope so the article is global or targeted to the right organizations add matching value where you want automated linking to signals and cases keep guidance and context summary current so investigation plans and analyst actions stay correct use global scope and environment/tool descriptions in kb when you need hero ai to suggest tenant relevant components