AI Rule Generation
Overview
Ascend's AI Rule Generation feature allows you to create smart rules using natural language descriptions. Instead of manually configuring JSON rule definitions, you can describe what you want in plain English, and the AI will generate the appropriate rule configuration.
This feature uses enterprise-grade LLM technology with SOC 2 compliant processing to ensure your rule descriptions and generated configurations remain secure.
Key Features
- Natural Language Input: Describe rules in plain English
- Automatic Risk Assessment: AI determines appropriate risk levels
- Condition Generation: Automatically creates evaluation conditions
- Security Context: Rules include compliance framework annotations
- Confidence Scoring: Each generated rule includes a confidence score
- Audit Trail: All AI-generated rules are tagged for compliance tracking
How It Works
Generation Pipeline
Natural Language Description
|
v
+------------------------+
| Input Validation |
| - Sanitize input |
| - Extract key terms |
+------------------------+
|
v
+------------------------+
| LLM Processing |
| - Security context |
| - Risk analysis |
| - Rule generation |
+------------------------+
|
v
+------------------------+
| Post-Processing |
| - Validate structure |
| - Add compliance tags |
| - Calculate confidence |
+------------------------+
|
v
Generated Smart Rule
Risk Level Determination
The AI analyzes your description and automatically assigns risk levels based on:
| Action Keywords | Assigned Risk | Rationale |
|---|---|---|
delete, remove, destroy | Critical | Data loss potential |
execute, run, command | High | System modification |
access, read, query | Medium | Data exposure |
log, monitor, track | Low | Observation only |
Configuration
API Endpoint
POST /api/smart-rules/generate
Request Body
{
"agent_id": "optional-agent-id",
"action_type": "optional-action-type",
"description": "Natural language description of the rule"
}
Response
{
"id": "ESR-AGENT-ACTION_TYPE",
"agent_id": "code-assistant",
"action_type": "file_access",
"description": "Block unauthorized file access attempts",
"condition": "agent_id == 'code-assistant' AND action_type == 'file_access'",
"action": "security_assessment",
"risk_level": "HIGH",
"recommendation": "Immediate security review required. Consider blocking until approved.",
"compliance_framework": "SOC 2 Type II",
"security_classification": "INTERNAL",
"auto_generated": true,
"requires_approval": true
}
Usage Examples
Example 1: Block Dangerous Operations
Input Description:
"Block any agent from executing system commands without explicit approval from security team"
Generated Rule:
{
"id": "ESR-*-SYSTEM_COMMAND",
"agent_id": "*",
"action_type": "system_command",
"description": "Block any agent from executing system commands without explicit approval",
"condition": "action_type == 'system_command'",
"action": "security_assessment",
"risk_level": "HIGH",
"recommendation": "Immediate security review required. Consider blocking until approved.",
"requires_approval": true
}
Example 2: Monitor Data Access
Input Description:
"Monitor when the analytics-bot accesses customer data and log all activities"
Generated Rule:
{
"id": "ESR-ANALYTICS-BOT-DATA_ACCESS",
"agent_id": "analytics-bot",
"action_type": "data_access",
"description": "Monitor analytics-bot customer data access",
"condition": "agent_id == 'analytics-bot' AND action_type == 'data_access'",
"action": "monitor",
"risk_level": "MEDIUM",
"recommendation": "Enhanced monitoring required. Log all activities."
}
Example 3: Require Approval for Network Calls
Input Description:
"Require manager approval for any API calls to external payment gateways"
Generated Rule:
{
"id": "ESR-*-API_CALL",
"agent_id": "*",
"action_type": "api_call",
"description": "Require approval for external payment gateway API calls",
"condition": "action_type == 'api_call' AND target CONTAINS 'payment'",
"action": "require_approval",
"risk_level": "HIGH",
"recommendation": "Enhanced monitoring required. Requires approval workflow."
}
API Call Example
curl -X POST "https://api.ascend.ai/api/smart-rules/generate" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "support-bot",
"action_type": "database_write",
"description": "Flag high-risk database modifications from support bot for review"
}'
Best Practices
Writing Effective Descriptions
-
Be Specific: Include the agent name, action type, and desired outcome
- Good: "Block code-assistant from deleting production config files"
- Vague: "Protect files"
-
Include Risk Context: Mention security implications
- Good: "Require approval for network scans to prevent unauthorized reconnaissance"
- Vague: "Control network stuff"
-
Specify Actions: Clearly state what should happen
- Good: "Alert security team and block execution when privilege escalation is attempted"
- Vague: "Handle privilege issues"
Validation and Review
Always review AI-generated rules before deploying:
- Check Conditions: Ensure the generated condition matches your intent
- Verify Risk Level: Confirm the assigned risk is appropriate
- Test in Staging: Deploy to a test environment first
- Monitor Performance: Track rule effectiveness after deployment
Compliance Notes
All AI-generated rules include:
auto_generated: true- Marks rule as AI-createdcompliance_framework- Associated compliance standardsecurity_classification- Internal classification levelcreated_by: "Enterprise AI Governance System"- Audit attribution
Related
- Smart Rules Overview - Understanding smart rules
- Manual Rule Creation - JSON editor for fine-tuning
- Rule Analytics - Track rule performance
- Policy Engine - Broader policy management