Inputs and triggers for Now Assist for Security Incident Response

  • Release version: Xanadu
  • Updated January 9, 2025
  • 1 minute to read

    • You can configure some of the inputs or triggers for a generative AI skill. Inputs or triggers permit you to determine how and when a skill is used.

    Inputs and triggers

    Inputs identify the data used for a skill. Inputs include the table and fields used to generate a security incident summary. A trigger initiates an action. For example, triggers determine when the system generates a summary.

    You can modify inputs and triggers, but you can't modify a skill's data source. The data source contains the tables and fields that the skill relies on.

    Security incident summarization skill

    Inputs for the security incident summarization skill identify the table and fields used when a security incident summary is generated. The following table lists the inputs for the Security Incident summarization skill from the Choose Input page in the Now Assist Admin console.

    Input Description
    Data source Security Incident [sn_si_incident] table.
    Input fields
    • Short description
    • Description
    • State
    • Priority
    • Work notes
    • Additional comments
    Related Input tables
    • Affected CIs - configuration item
    • Affected Users - Users
    • Security Incident Response Task - Short description
    • State - Any state other than Cancelled.
    • Associated Observables - Observable finding is Malicious or Suspicious.

    Resolution notes generation skill

    Inputs for the Resolution notes generation skill identify the table and fields that are used when the resolution notes are generated for a security incident. The following table lists the inputs for the resolution notes generation skill from the Choose Input page in the Now Assist Admin console.

    Input Description
    Data source Security Incident [sn_si_incident] table.
    Input fields
    • Short description
    • Description
    • Work notes
    • Additional comments

    Security incident recommended actions generation skill

    Input Description
    Data source Security Incident [sn_si_incident] table.

    Post incident analysis generation skill

    Input Description
    Data source Security Incident [sn_si_incident] table.

    Correlation insights generation skill

    Your correlation insights for a security incident can contain records from the following tables, but you must have permission to access these tables and records.

    Input Description
    Data source

    Security Incident [sn_si_incident] table.

    Configuration item [cmdb_ci] table.

    Incident [incident] table.

    Change request [change_request] table.

    Problem [problem] table.

    Vulnerable item [sn_vul_vulnerable_item] table.

    Associate observable [sn_ti_observable] table.