Skip to content

docs: add human-in-the-loop feedback tutorial#183

Merged
maximelb merged 3 commits intomasterfrom
docs/human-in-the-loop-feedback-tutorial
Apr 11, 2026
Merged

docs: add human-in-the-loop feedback tutorial#183
maximelb merged 3 commits intomasterfrom
docs/human-in-the-loop-feedback-tutorial

Conversation

@maximelb
Copy link
Copy Markdown
Contributor

@maximelb maximelb commented Apr 11, 2026

Summary

  • Adds an end-to-end tutorial showing D&R rules, ext-feedback, and playbooks working together
  • Scenario: credential dumping tool detected, SOC analyst approves/denies host isolation via Slack, playbook executes the decision
  • Covers feedback channel setup, D&R rule with suppression and timeout, Python playbook with branching logic, and CLI testing instructions

Test plan

  • Verify mkdocs builds without errors
  • Check all internal links resolve (feedback docs, playbook docs, slack output, git-sync, velociraptor, dumper)
  • Review D&R rule YAML syntax against existing examples
  • Review playbook code against ext-playbook SDK

🤖 Generated with Claude Code

maximelb and others added 3 commits April 11, 2026 10:29
@maximelb @claude
docs: add human-in-the-loop response automation tutorial
78ce8a9 
End-to-end guide showing how D&R rules, ext-feedback, and playbooks
work together for human-approved host isolation on credential tool
detection.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@maximelb @claude
docs: use full IaC format for feedback channel example
e9f92c6 
Include version, hives hierarchy, and usr_mtd so the snippet is
directly copy-pasteable into a git-sync repo.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@maximelb @claude
docs: use v4 SDK API in playbook examples
b246341 
Switch from v5 SDK (limacharlie.sdk.sensor) to v4 SDK
(limacharlie.Sensor): isolate() -> isolateNetwork(), import path
updated.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@maximelb maximelb requested a review from steveatlc April 11, 2026 17:52
@maximelb maximelb added the to-code-review Used to tag PRs that are force-pushed and will need to be reviewed after the fact. label Apr 11, 2026
@maximelb maximelb marked this pull request as ready for review April 11, 2026 17:52
@maximelb maximelb merged commit 83bed28 into master Apr 11, 2026
2 checks passed
@maximelb maximelb deleted the docs/human-in-the-loop-feedback-tutorial branch April 11, 2026 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steveatlc steveatlc Awaiting requested review from steveatlc

Assignees

No one assigned

Labels

to-code-review Used to tag PRs that are force-pushed and will need to be reviewed after the fact.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maximelb