WebsiteBlogLogin

AI Action Assistant

Just ask, and the assistant helps you

Note that this feature is only available for certain Tenants. Contact us if you need to use it and don't see it in your Tenant.

Overview

The Action Assistant is an AI-powered chat feature designed to help users configure their Actions within a Pipeline. Any configuration requested through the chat will be automatically applied. This is especially useful for requesting specific use cases, as the AI will automatically apply the necessary fields and settings to achieve the desired result.

To start using it, open the Action configuration and just click this icon at the bottom left corner:

The Action Assistant is only available for a specific set of Actions, but it will soon be expanded to cover more. These are the Actions where you can currently use it:

Examples

Here are some example use cases where we ask for help from the Action Assistant. Check the prompts we use and the resulting configuration in each example picture.

Conditional

Prompt: Please could you identify common windows logs event ids and create a condition for each value?

  • In this example, we request a condition for each of the most common Windows event IDs:

  • In this case, we request conditions for each of the most common FortiGate log IDs:

  • Here, we are filtering events with Success status only:

Group By

Prompt: Group events every 5 minutes by host_ip and count the occurrences.

  • In this example, we need to identify each unique IP address for every 10 minutes:

  • In this case, we need all the unique app name values every 5 seconds, grouped by source ports and IP addresses:

Math Expression

Prompt: Convert the priority field to an integer, convert the source and destination ips to he format, identify the appnames starting with windows

  • In this case, we ask the assistant to transform a series of amounts from bytes to megabytes:

  • Here we are transforming our epoch dates in milliseconds into seconds:

  • In this example, we want to calculate the time difference between a series of from and to dates:

Message Builder

Prompt: Please build me a message in json format with the most important fields.

  • In this example, we ask for the most relevant fields but in key-value format:

  • Here we are requesting the most relevant fields as a message in JSON format:

  • In this case, we want to order all our fields in alphabetical order:

  • Here we want to filter only string-type fields:

Unique

Prompt: Please identify the unique message IDs and codify them in 8 bits.

  • In this example, we want to identify the unique message IDs and codify them in 8 bits.

PreviousAI Pipeline AssistantNextListeners

Last updated

Was this helpful?