Model Management#
AttackTrace uses AI models to support alert triage, evidence review, attack-path explanation, and report drafting. Model availability depends on the hosted workspace, enterprise configuration, or private deployment.
AttackTrace is not a standalone model provider and does not sell raw model access.
Adding a personal model#
Path: Settings → Models → Add Model
Personal or custom models are available only when your workspace allows them. They are visible according to the workspace configuration and do not automatically affect other users.
Configuration fields#
| Field | Required | Description |
|---|---|---|
| Name | ✓ | Display name shown in the UI |
| API Base URL | ✓ | Model API endpoint configured for your workspace |
| API Key | Depends on provider | Authentication key (can be left blank for local services like Ollama) |
| Model ID | ✓ | Model identifier passed to the API |
| Description | — | Optional notes |
Using admin-configured shared models#
If your organization's admin has configured shared models in the Hub, they will automatically appear in the model selector after you log in — no additional setup required.
Setting a default model#
In Settings, you can set a model as the default. New conversations will automatically use the default model.
Deleting a model#
Find the model in the model list and click "..." → "Delete". Deletion is irreversible but does not affect existing conversation history.
Provider reference#
Provider availability, endpoint format, and authentication depend on your deployment and agreement. Hosted AttackTrace may use an underlying model provider configured by the platform. Private deployments can use customer-selected providers or local/private models where supported.
!!! tip "Model capability requirements" Models that support Function Calling / Tool Use are recommended to fully utilize MCP tool integrations.