[docs] Add documentation for Detection remediation with Ariane (#3668)

docs/usage/atomic.md

@@ -11,22 +11,7 @@ The presented list allows you to easily see global scores of all your recent ato
 ![Example of Atomic testing](assets/atomic_list.png)
 
 ## Search the list
-
-You can search the list using the name or one the filters. Here are the available filters for this list.
-
-![Atomic testing filters list](assets/atomic_list_filter_attributes.png)
-
-Once you choose the attribute you want to apply a filter on, you can choose the operator.
-
-![Atomic testing filters operators](assets/atomic_list_filter_operator.png)
-
-Then you have the list of values for the attributes you choose.
-
-![Atomic testing filters attributes values](assets/atomic_list_filter_elements.png)
-
-Here is the list once you apply the filter.
-
-![Atomic testing filters values](assets/atomic_list_filter_result.png)
+- [Injects: Search and Filters](inject-result-list.md/#executed-injects-search-and-filters)
 
 ## Create an Atomic testing
 
@@ -62,48 +47,8 @@ Details of an Atomic testing is composed of three parts:
 ![Atomic testing Overview with Results](assets/atomic_details_overview.png)
 ![Atomic testing Overview with Results](assets/atomic_details_tooltip.png)
 
-### Overview
-
-The first screen displayed when you click on a specific Atomic testing from the list is a breakdown of your security
-posture against this test.
-
-As for Simulation and Scenario, Results are broken down into:
-
-- Prevention: the ability of your security posture to prevent the inject
-- Detection: the ability of your security posture to detect the inject
-- Human response: the ability of your security teams to react as intented facing the inject
-- Vulnerability: the ability of your security posture to detect common vulnerabilities and exposures (CVEs)
-
-At the top, big metrics summarize how all targets performed. On the left, a list of targets lets you quickly check
-results for each one. When you select a target, the right side shows a timeline of the test and its results, including
-execution logs.
-
-![Atomic testing Overview with Results](assets/atomic_testing_overview.png)
-![Atomic testing Overview with Results](assets/atomic_testing_overview_expectations.png)
-
-### Findings
-
-The Findings screen displays what was detected during the inject, based on the output parser in the payload. You can
-filter findings by name, type, creation date, target, value, or tag.
-
-![Atomic testing Overview with Results](assets/atomic_testing_findings.png)
-
-### Execution details
-
-This screen shows the full trace of the inject’s execution, including logs and status information.
-
-![Execution trace of a successfull atomic testing](assets/atomic_testing_execution_details.png)
-
-### Payload info
-
-This screen is available for technical injects only. You can see the details of the payload related to the test.
-
-![Payload info of atomic testing](assets/atomic_testing_payload_info.png)
-
-### Remediations (EE)
-
-This screen is available for technical injects only. It displays remediation content related to the executed payload,
-specifically focused on detection logic. You will see one Remediation tab per collector available in the platform.
-
-![Detection Remediations-no-present](assets/atomic_testing_detection_remediation_no_present.png)
-![Detection Remediations](assets/atomic_testing_detection_remediation.png)
+- [Overview](inject-result.md/#overview)
+- [Findings](inject-result.md/#findings)
+- [Inject execution details](inject-result.md/#execution-details)
+- [Payload info](inject-result.md/#payload-info)
+- [Remediation](inject-result.md/#remediations-ee)

docs/usage/inject-result-list.md

@@ -0,0 +1,17 @@
+## Executed Injects: Search and Filters
+
+You can search the list using the name or using one of the filters. Here are the available filters for this list.
+
+![Atomic testing filters list](assets/atomic_list_filter_attributes.png)
+
+Once you choose the attribute you want to apply a filter on, you can choose the operator.
+
+![Atomic testing filters operators](assets/atomic_list_filter_operator.png)
+
+Then you have the list of values for the attributes you choose.
+
+![Atomic testing filters attributes values](assets/atomic_list_filter_elements.png)
+
+Here is the list once you apply the filter.
+
+![Atomic testing filters values](assets/atomic_list_filter_result.png)

docs/usage/inject-result.md

@@ -0,0 +1,65 @@
+# Inject result
+
+### Overview
+
+The first screen displayed when you click on a specific inject executed (Atomic testing or Simulation)  is a breakdown of your security
+posture against this test.
+
+Results are broken down into:
+
+- Prevention: the ability of your security posture to prevent the inject
+- Detection: the ability of your security posture to detect the inject
+- Human response: the ability of your security teams to react as intented facing the inject
+- Vulnerability: the ability of your security posture to detect common vulnerabilities and exposures (CVEs)
+
+At the top, big metrics summarize how all targets performed. On the left, a list of targets lets you quickly check
+results for each one. When you select a target, the right side shows a timeline of the test and its results, including
+execution logs.
+
+![Atomic testing Overview with Results](assets/atomic_testing_overview.png)
+![Atomic testing Overview with Results](assets/atomic_testing_overview_expectations.png)
+
+### Findings
+
+The Findings screen displays what was detected during the inject, based on the output parser in the payload. You can
+filter findings by name, type, creation date, target, value, or tag.
+
+![Atomic testing Overview with Results](assets/atomic_testing_findings.png)
+
+### Execution details
+
+This screen shows the full trace of the inject’s execution, including logs and status information.
+
+![Execution trace of a successfull atomic testing](assets/atomic_testing_execution_details.png)
+
+### Payload info
+
+This screen is available for technical injects only. You can see the details of the payload related to the test.
+
+![Payload info of atomic testing](assets/atomic_testing_payload_info.png)
+
+### Remediations (EE)
+
+This screen is available for technical injects only. It displays remediation content related to the executed payload,
+specifically focused on detection logic. You will see one Remediation tab per collector available in the platform.
+
+Ariane can generate AI‑based rules from an executed inject with the following:
+
+- Payload types: Command, DnsResolution
+- Collectors: Splunk, CrowdStrike
+
+Remediation statuses:
+- No remediation:
+  ![Detection Remediations-no-present](assets/atomic_testing_detection_remediation_no_present.png)
+
+- No remediation and Ariane not available:
+  ![Detection Remediations-no-present-ariane-not-available](assets/atomic_testing_detection_remediation_no_present_use_ariane_not_available.png)
+
+- Remediation written by a human:
+  ![Detection Remediations-human](assets/atomic_testing_detection_remediation_human.png)
+
+- Remediation generate with Ariane
+  ![Detection Remediations-ariane](assets/atomic_testing_detection_remediation_use_ariane.png)
+
+- Remediation outdated
+  ![Detection Remediations-outdated](assets/atomic_testing_detection_remediation_outdated.png)

docs/usage/payloads/payloads.md

@@ -73,10 +73,37 @@ To create a new payload, follow these steps:
    ![Payload output parser view](assets/payload-output-parser-view.png)
 
 5. In the **Remediation** tab (optional and EE):  
-   This section allows payload creators to manually define detection rules to identify payloads that were not
+   This section allows payload creators to define detection rules to identify payloads that were not
    blocked or detected by existing security systems (such as EDRs, SIEMs, etc.).  
    A dedicated Remediation tab is available for each collector integrated into the platform.
-   ![Payload remediation view](assets/payload-detection-remediation-view.png)
+
+    5.1 Use Ariane, allows payload creators to generate rules using AI, for payload of type Command or DnsResolution and for the collector Splunk or Crowdstrike
+
+![Payload remediation view](assets/payload-detection-remediation-view.png)
+
+### Status of detection remediation rules
+
+| Status                                                                     | Description                                                                                                              |
+|----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
+| <span style="color: #00f1bd"> Rules written by Human</span>                | The rules has been writen by an human                                                                                    |
+| <span style="color: #9575cd"> Rules generated by AI </span>                | The rules has been generated by AI                                                                                       |
+| <span style="color: #ffa726"> Payload changed since rule was edited</span> | The payload has been edited since last AI rules generation **[(relevant fields)](#Fields-used-for-AI-rules-generation)** |
+
+### Fields used for AI rules generation
+
+| Fields                               | Tab      |
+|--------------------------------------|----------|
+| Name                                 | General  |
+| Description                          | General  |
+| Attack patterns                      | General  |
+| Type                                 | Commands |
+| Architecture                         | Commands |
+| Platforms                            | Commands |
+| Attack command - Executors (Command) | Commands |
+| Attack command - Content (Command)   | Commands |
+| Arguments                            | Commands |
+| Hostname (DnsResolution)             | Commands |
+
 
 Once completed, your new payload will appear in the payload list.
 

mkdocs.yml

@@ -138,6 +138,8 @@ nav:
       - Injects:
         - Overview: usage/inject-overview.md
         - Inject types: usage/inject-types.md
+        - Search and Filter: usage/inject-result-list.md
+        - Inject result: usage/inject-result.md
       - Targets: usage/targets.md
       - Expectations: usage/expectations.md
       - Findings: usage/findings.md