Configuration Guide

Complete guides for configuring Triage Warden.

Initial Setup

After installation, configure Triage Warden in this order:

  1. Environment Variables - Set required environment variables
  2. Connectors - Connect to your security tools
  3. Notifications - Set up alert channels
  4. Playbooks - Create automation workflows
  5. Policies - Define approval and safety rules
  6. SSO Integrations - Configure enterprise identity providers

Quick Configuration

First Run

After starting Triage Warden, log in with the default credentials:

  • Username: admin
  • Password: admin

Important: Change the default password immediately!

Essential Settings

Navigate to Settings and configure:

  1. General

    • Organization name
    • Timezone
    • Operation mode (Assisted → Supervised → Autonomous)

  2. AI/LLM

    • Select provider (Anthropic, OpenAI, or Local)
    • Enter API key
    • Choose model

  3. Connectors (at minimum)

    • Threat intelligence (VirusTotal recommended)
    • Your primary SIEM or alert source

  4. Notifications

    • At least one channel for critical alerts

Configuration Methods

Most settings can be configured through the web dashboard at Settings.

Pros:

  • User-friendly interface
  • Validation feedback
  • Immediate effect

Environment Variables

For deployment configuration and secrets:

# Required
DATABASE_URL=postgres://...
TW_ENCRYPTION_KEY=...

# Optional overrides
TW_LLM_PROVIDER=anthropic
TW_LLM_MODEL=claude-3-sonnet

See Environment Variables Reference for full list.

Configuration Files

For complex configurations:

# config/default.yaml
server:
  bind_address: "0.0.0.0:8080"

guardrails:
  max_actions_per_incident: 10
  blocked_actions: []

Configuration Hierarchy

Configuration is loaded in this order (later overrides earlier):

1. Built-in defaults
         ↓
2. config/default.yaml
         ↓
3. config/{environment}.yaml
         ↓
4. Environment variables
         ↓
5. Database settings (via UI)

Validation

Triage Warden validates configuration at startup:

# Validate without starting
triage-warden serve --validate-only

# Check specific configuration
triage-warden config check

Common Validation Errors

ErrorSolution
Missing TW_ENCRYPTION_KEYSet encryption key environment variable
Invalid DATABASE_URLCheck connection string format
LLM API key requiredSet API key or disable LLM features
Guardrails file not foundCreate config/guardrails.yaml

Backup Configuration

Before making changes, backup current settings:

# Export settings via API
curl -H "Authorization: Bearer $API_KEY" \
  http://localhost:8080/api/settings/export > settings-backup.json

# Restore settings
curl -X POST -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d @settings-backup.json \
  http://localhost:8080/api/settings/import

Next Steps