01
1. Receive and parse the finding
- The webhook payload includes finding_id, severity, attack_technique, owasp_category, detection_gap, and defense_recommendation. The detection_gap field is your primary triage signal — it describes what the defender failed to catch.
- Severity maps to urgency: Critical and High represent bypass paths exploitable now. Medium findings are partial coverage gaps. Low and Info are informational.
- Cross-reference owasp_category (e.g. LLM01, LLM06) with /docs/concepts/owasp-llm-coverage to understand what the category covers and which assets it touches in your stack.
02
2. Classify and escalate
- Critical / High: open a P1/P2 incident. Attach the evidence pack (SHA-256 signed) to the ticket. Assign to the team that owns the affected LLM endpoint.
- Use detection_gap + attack_technique to route: prompt injection findings → prompt-engineering owner; data exfiltration → guardrail owner; auth bypass → API gateway owner.
- If remediation.verified=true (replay confirmed the patch closes the bypass), include prompt_patch in the ticket as the proposed fix. Unverified patches flag as 'needs human review'.
03
3. Ship the detection rule
- Download the Sigma rule from the run page or GET /v1/runs/{run_id}/sigma. Each rule is scoped to the specific attack pattern — not a broad signature.
- Import to your SIEM using sigma-cli or your platform's native import. Map the log source to your LLM request log index.
- Track rule status from starter to tuned to verified. Only promote to verified after monitoring for false positives in production for at least 7 days.