Skip to main content
The Tier4 AI Analyst is designed to ingest environment specific knowledge to enhance the quality of output and reduce false positives. Analysts have the ability to add knowledge in multiple ways, outlined below.

Knowledge Page

Analysts can add knowledge to the platform directly on the knowledge page by selecting Add Knowledge. To add a new entry include the indicator value (e.g. hostname, username, filehash), indicator type, and then the knowledge entry. Knowledge entries should be as specific as possible to ensure the AI understands clearly the intent of the analyst. Knowledge entries are limited to 500 characters. If an entry already exists, the analyst has an opportunity to edit the existing entry.

Entities Page

Analysts can also add knowledge directly in the entities page. To enter knowledge, select Add Knowledge from the ellipsis dropdown just below the summary. In this workflow, the indicator and indicator type will be automatically filled.

Case Level

Analysts can add knowledge through the case by selecting one of the relevant indicators included in the case. The only indicators available are those extracted directly from the alert. Descriptions are also limited to 500 characters.