diff --git a/.buildkite/pipelines/fips.yml b/.buildkite/pipelines/fips.yml
index f4a5b3623bbcc..e04a5ecb8f936 100644
--- a/.buildkite/pipelines/fips.yml
+++ b/.buildkite/pipelines/fips.yml
@@ -40,14 +40,15 @@ steps:
       machineType: n2-standard-2
       preemptible: true
 
-  - command: .buildkite/scripts/steps/fips/smoke_test.sh
-    label: 'Pick Smoke Test Group Run Order'
+  - command: .buildkite/scripts/steps/test/pick_test_group_run_order.sh
+    label: 'Pick Test Group Run Order'
     depends_on: build
     timeout_in_minutes: 10
     env:
       FTR_CONFIGS_SCRIPT: '.buildkite/scripts/steps/test/ftr_configs.sh'
       FTR_EXTRA_ARGS: '$FTR_EXTRA_ARGS'
-      LIMIT_CONFIG_TYPE: 'functional'
+      JEST_UNIT_SCRIPT: '.buildkite/scripts/steps/test/jest.sh'
+      JEST_INTEGRATION_SCRIPT: '.buildkite/scripts/steps/test/jest_integration.sh'
     retry:
       automatic:
         - exit_status: '*'
diff --git a/.buildkite/scripts/steps/fips/smoke_test.sh b/.buildkite/scripts/steps/fips/smoke_test.sh
deleted file mode 100755
index 685bb111ff81a..0000000000000
--- a/.buildkite/scripts/steps/fips/smoke_test.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Limit the FTR configs for now to avoid running all the tests. Once we're
-# ready to utilize the full FTR suite in FIPS mode, we can remove this file and
-# call pick_test_group_run_order.sh directly in .buildkite/pipelines/fips.yml.
-configs=(
-  "x-pack/test/reporting_functional/reporting_and_security.config.ts"
-  "x-pack/test/saved_object_api_integration/security_and_spaces/config_trial.ts"
-  "x-pack/test/alerting_api_integration/security_and_spaces/group1/config.ts"
-  "x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts"
-  "x-pack/test/alerting_api_integration/security_and_spaces/group3/config.ts"
-  "x-pack/test/alerting_api_integration/security_and_spaces/group4/config.ts"
-  "x-pack/test/functional/apps/saved_objects_management/config.ts"
-  "x-pack/test/functional/apps/user_profiles/config.ts"
-  "x-pack/test/functional/apps/security/config.ts"
-)
-
-printf -v FTR_CONFIG_PATTERNS '%s,' "${configs[@]}"
-FTR_CONFIG_PATTERNS="${FTR_CONFIG_PATTERNS%,}"
-export FTR_CONFIG_PATTERNS
-
-.buildkite/scripts/steps/test/pick_test_group_run_order.sh
diff --git a/.buildkite/scripts/steps/test/jest_parallel.sh b/.buildkite/scripts/steps/test/jest_parallel.sh
index 2a7cf780f5787..648c3b225141d 100755
--- a/.buildkite/scripts/steps/test/jest_parallel.sh
+++ b/.buildkite/scripts/steps/test/jest_parallel.sh
@@ -60,7 +60,14 @@ while read -r config; do
   # --trace-warnings to debug
   # Node.js process-warning detected:
   # Warning: Closing file descriptor 24 on garbage collection
-  cmd="NODE_OPTIONS=\"--max-old-space-size=12288 --trace-warnings\" node ./scripts/jest --config=\"$config\" $parallelism --coverage=false --passWithNoTests"
+  cmd="NODE_OPTIONS=\"--max-old-space-size=12288 --trace-warnings"
+
+  if [ "${KBN_ENABLE_FIPS:-}" == "true" ]; then
+    cmd=$cmd" --enable-fips --openssl-config=$HOME/nodejs.cnf"
+  fi
+
+  cmd=$cmd"\" node ./scripts/jest --config=\"$config\" $parallelism --coverage=false --passWithNoTests"
+
   echo "actual full command is:"
   echo "$cmd"
   echo ""
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 030f888c3e9ba..268f1d5148d43 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -659,7 +659,7 @@ src/plugins/files @elastic/appex-sharedux
 src/plugins/files_management @elastic/appex-sharedux
 src/plugins/ftr_apis @elastic/kibana-core
 src/plugins/guided_onboarding @elastic/appex-sharedux
-src/plugins/home @elastic/kibana-core
+src/plugins/home @elastic/appex-sharedux
 src/plugins/image_embeddable @elastic/appex-sharedux
 src/plugins/input_control_vis @elastic/kibana-presentation
 src/plugins/inspector @elastic/kibana-presentation
@@ -768,6 +768,7 @@ x-pack/examples/triggers_actions_ui_example @elastic/response-ops
 x-pack/examples/ui_actions_enhanced_examples @elastic/appex-sharedux
 x-pack/packages/ai-infra/inference-common @elastic/appex-ai-infra
 x-pack/packages/ai-infra/product-doc-artifact-builder @elastic/appex-ai-infra
+x-pack/packages/ai-infra/product-doc-common @elastic/appex-ai-infra
 x-pack/packages/index-lifecycle-management/index_lifecycle_management_common_shared @elastic/kibana-management
 x-pack/packages/index-management/index_management_shared_types @elastic/kibana-management
 x-pack/packages/kbn-ai-assistant @elastic/search-kibana
@@ -857,6 +858,8 @@ x-pack/packages/security/role_management_model @elastic/kibana-security
 x-pack/packages/security/ui_components @elastic/kibana-security
 x-pack/performance @elastic/appex-qa
 x-pack/plugins/actions @elastic/response-ops
+x-pack/plugins/ai_infra/llm_tasks @elastic/appex-ai-infra
+x-pack/plugins/ai_infra/product_doc_base @elastic/appex-ai-infra
 x-pack/plugins/aiops @elastic/ml-ui
 x-pack/plugins/alerting @elastic/response-ops
 x-pack/plugins/banners @elastic/appex-sharedux
@@ -1039,9 +1042,21 @@ x-pack/test_serverless/api_integration/test_suites/common/platform_security @ela
 /x-pack/plugins/entity_manager @elastic/obs-entities
 /x-pack/test/api_integration/apis/entity_manager @elastic/obs-entities
 
+
 # Data Discovery
-/test/plugin_functional/plugins/data_search @elastic/kibana-data-discovery
+/test/functional/fixtures/es_archiver/alias @elastic/kibana-data-discovery
+/test/functional/page_objects/context_page.ts @elastic/kibana-data-discovery
+/test/functional/services/data_views.ts @elastic/kibana-data-discovery
+/test/functional/services/saved_objects_finder.ts @elastic/kibana-data-discovery
 /test/plugin_functional/plugins/index_patterns @elastic/kibana-data-discovery
+/test/plugin_functional/plugins/data_search @elastic/kibana-data-discovery
+/test/functional/page_objects/discover_page.ts @elastic/kibana-data-discovery
+/test/functional/fixtures/es_archiver/index_pattern_without_timefield @elastic/kibana-data-discovery
+/test/functional/fixtures/es_archiver/huge_fields @elastic/kibana-data-discovery
+/test/functional/fixtures/es_archiver/date_n* @elastic/kibana-data-discovery
+/test/functional/firefox/discover.config.ts @elastic/kibana-data-discovery
+/test/functional/fixtures/es_archiver/discover @elastic/kibana-data-discovery
+/test/api_integration/apis/saved_queries @elastic/kibana-data-discovery
 /x-pack/test/api_integration/apis/kibana/kql_telemetry @elastic/kibana-data-discovery @elastic/kibana-visualizations
 /x-pack/test_serverless/functional/es_archives/pre_calculated_histogram @elastic/kibana-data-discovery
 /x-pack/test_serverless/functional/es_archives/kibana_sample_data_flights_index_pattern @elastic/kibana-data-discovery
@@ -1096,7 +1111,6 @@ x-pack/test_serverless/api_integration/test_suites/common/platform_security @ela
 src/plugins/discover/public/context_awareness/profile_providers/security @elastic/kibana-data-discovery @elastic/security-threat-hunting-investigations
 
 # Platform Docs
-/x-pack/test/functional/services/sample_data @elastic/platform-docs
 /x-pack/test_serverless/functional/test_suites/security/screenshot_creation/index.ts @elastic/platform-docs
 /x-pack/test_serverless/functional/test_suites/security/config.screenshots.ts @elastic/platform-docs
 /x-pack/test/screenshot_creation @elastic/platform-docs
@@ -2158,6 +2172,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/common/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/common/api/endpoint/ @elastic/security-defend-workflows
+x-pack/plugins/security_solution/server/assistant/tools/defend_insights @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lists_integration/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lib/license/ @elastic/security-defend-workflows
@@ -2169,6 +2184,10 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution_serverless/public/upselling/sections/endpoint_management @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/public/upselling/pages/endpoint_management @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/server/endpoint @elastic/security-defend-workflows
+x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights @elastic/security-defend-workflows
+x-pack/plugins/elastic_assistant/server/__mocks__/defend_insights_schema.mock.ts @elastic/security-defend-workflows
+x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights @elastic/security-defend-workflows
+x-pack/plugins/elastic_assistant/server/routes/defend_insights @elastic/security-defend-workflows
 
 ## Security Solution sub teams - security-telemetry (Data Engineering)
 x-pack/plugins/security_solution/server/usage/ @elastic/security-data-analytics
@@ -2270,6 +2289,10 @@ x-pack/test/profiling_api_integration @elastic/obs-ux-infra_services-team
 x-pack/plugins/observability_solution/observability_shared/public/components/profiling @elastic/obs-ux-infra_services-team
 
 # Shared UX
+/test/api_integration/apis/short_url/**/*.ts @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/200209/files#r1846654156
+/test/functional/page_objects/share_page.ts @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/200209/files#r1846648444
+/test/accessibility/apps/kibana_overview_* @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/200209/files/cab99bce5ac2082fa77222beebe3b61ff836b94b#r1846659920
+/x-pack/test/functional/services/sample_data @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/200142#discussion_r1846512756
 /test/functional/page_objects/files_management.ts @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/200017#discussion_r1840477291
 /test/accessibility/apps/home.ts @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/199771/files#r1840077237
 /test/api_integration/apis/home/*.ts @elastic/appex-sharedux # Assigned per https://github.com/elastic/kibana/pull/199771/files#r1840077065
diff --git a/docs/developer/plugin-list.asciidoc b/docs/developer/plugin-list.asciidoc
index 71ab26400f496..ea31863576115 100644
--- a/docs/developer/plugin-list.asciidoc
+++ b/docs/developer/plugin-list.asciidoc
@@ -690,6 +690,10 @@ the infrastructure monitoring use-case within Kibana.
 using the CURL scripts in the scripts folder.
 
 
+|{kib-repo}blob/{branch}/x-pack/plugins/ai_infra/llm_tasks/README.md[llmTasks]
+|This plugin contains various LLM tasks.
+
+
 |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/logs_data_access/README.md[logsDataAccess]
 |Exposes services to access logs data.
 
@@ -767,6 +771,10 @@ Elastic.
 |This plugin helps users learn how to use the Painless scripting language.
 
 
+|{kib-repo}blob/{branch}/x-pack/plugins/ai_infra/product_doc_base/README.md[productDocBase]
+|This plugin contains the product documentation base service.
+
+
 |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/profiling/README.md[profiling]
 |Universal Profiling provides fleet-wide, whole-system, continuous profiling with zero instrumentation. Get a comprehensive understanding of what lines of code are consuming compute resources throughout your entire fleet by visualizing your data in Kibana using the flamegraph, stacktraces, and top functions views.
 
diff --git a/docs/user/security/audit-logging.asciidoc b/docs/user/security/audit-logging.asciidoc
index 1ac40bcc7764a..ef12f4303c1b4 100644
--- a/docs/user/security/audit-logging.asciidoc
+++ b/docs/user/security/audit-logging.asciidoc
@@ -148,6 +148,9 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | Creating trained model.
 | `failure` | Failed to create trained model.
 
+.1+| `product_documentation_create`
+| `unknown` | User requested to install the product documentation for use in AI Assistants.
+
 3+a|
 ====== Type: change
 
@@ -334,6 +337,9 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | Updating trained model deployment.
 | `failure` | Failed to update trained model deployment.
 
+.1+| `product_documentation_update`
+| `unknown` | User requested to update the product documentation for use in AI Assistants.
+
 3+a|
 ====== Type: deletion
 
@@ -425,6 +431,9 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | Deleting trained model.
 | `failure` | Failed to delete trained model.
 
+.1+| `product_documentation_delete`
+| `unknown` | User requested to delete the product documentation for use in AI Assistants.
+
 3+a|
 ====== Type: access
 
diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml
index 55dd5277d1d93..4b35e4d9c78fc 100644
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@@ -7395,6 +7395,43 @@ paths:
       tags:
         - Security Endpoint Management API
       x-beta: true
+  /api/entity_store/enable:
+    post:
+      operationId: InitEntityStore
+      requestBody:
+        content:
+          application/json; Elastic-Api-Version=2023-10-31:
+            schema:
+              type: object
+              properties:
+                fieldHistoryLength:
+                  default: 10
+                  description: The number of historical values to keep for each field.
+                  type: integer
+                filter:
+                  type: string
+                indexPattern:
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
+        description: Schema for the entity store initialization
+        required: true
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
+                    type: array
+                  succeeded:
+                    type: boolean
+          description: Successful response
+      summary: Initialize the Entity Store
+      tags:
+        - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines:
     get:
       operationId: ListEntityEngines
@@ -7713,6 +7750,27 @@ paths:
       tags:
         - Security Entity Analytics API
       x-beta: true
+  /api/entity_store/status:
+    get:
+      operationId: GetEntityStoreStatus
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
+                    type: array
+                  status:
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus'
+          description: Successful response
+      summary: Get the status of the Entity Store
+      tags:
+        - Security Entity Analytics API
+      x-beta: true
   /api/exception_lists:
     delete:
       description: Delete an exception list using the `id` or `list_id` field.
@@ -45880,6 +45938,14 @@ components:
         - index
         - description
         - category
+    Security_Entity_Analytics_API_StoreStatus:
+      enum:
+        - not_installed
+        - installing
+        - running
+        - stopped
+        - error
+      type: string
     Security_Entity_Analytics_API_TaskManagerUnavailableResponse:
       description: Task manager is unavailable
       type: object
diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml
index b2c3ae00be9d0..94e987510c649 100644
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@@ -10282,6 +10282,42 @@ paths:
       summary: Create or update a protection updates note
       tags:
         - Security Endpoint Management API
+  /api/entity_store/enable:
+    post:
+      operationId: InitEntityStore
+      requestBody:
+        content:
+          application/json; Elastic-Api-Version=2023-10-31:
+            schema:
+              type: object
+              properties:
+                fieldHistoryLength:
+                  default: 10
+                  description: The number of historical values to keep for each field.
+                  type: integer
+                filter:
+                  type: string
+                indexPattern:
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
+        description: Schema for the entity store initialization
+        required: true
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
+                    type: array
+                  succeeded:
+                    type: boolean
+          description: Successful response
+      summary: Initialize the Entity Store
+      tags:
+        - Security Entity Analytics API
   /api/entity_store/engines:
     get:
       operationId: ListEntityEngines
@@ -10591,6 +10627,26 @@ paths:
       summary: List Entity Store Entities
       tags:
         - Security Entity Analytics API
+  /api/entity_store/status:
+    get:
+      operationId: GetEntityStoreStatus
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
+                    type: array
+                  status:
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_StoreStatus'
+          description: Successful response
+      summary: Get the status of the Entity Store
+      tags:
+        - Security Entity Analytics API
   /api/exception_lists:
     delete:
       description: Delete an exception list using the `id` or `list_id` field.
@@ -53601,6 +53657,14 @@ components:
         - index
         - description
         - category
+    Security_Entity_Analytics_API_StoreStatus:
+      enum:
+        - not_installed
+        - installing
+        - running
+        - stopped
+        - error
+      type: string
     Security_Entity_Analytics_API_TaskManagerUnavailableResponse:
       description: Task manager is unavailable
       type: object
diff --git a/package.json b/package.json
index a8c60004e6040..eed5b3a9b61cb 100644
--- a/package.json
+++ b/package.json
@@ -118,7 +118,8 @@
     "@elastic/ecs": "^8.11.1",
     "@elastic/elasticsearch": "^8.15.2",
     "@elastic/ems-client": "8.5.3",
-    "@elastic/eui": "97.3.1",
+    "@elastic/eui": "97.3.1-borealis.2",
+    "@elastic/eui-theme-borealis": "0.0.2",
     "@elastic/filesaver": "1.1.2",
     "@elastic/node-crypto": "^1.2.3",
     "@elastic/numeral": "^2.5.1",
@@ -617,6 +618,7 @@
     "@kbn/licensing-plugin": "link:x-pack/plugins/licensing",
     "@kbn/links-plugin": "link:src/plugins/links",
     "@kbn/lists-plugin": "link:x-pack/plugins/lists",
+    "@kbn/llm-tasks-plugin": "link:x-pack/plugins/ai_infra/llm_tasks",
     "@kbn/locator-examples-plugin": "link:examples/locator_examples",
     "@kbn/locator-explorer-plugin": "link:examples/locator_explorer",
     "@kbn/logging": "link:packages/kbn-logging",
@@ -721,6 +723,8 @@
     "@kbn/presentation-panel-plugin": "link:src/plugins/presentation_panel",
     "@kbn/presentation-publishing": "link:packages/presentation/presentation_publishing",
     "@kbn/presentation-util-plugin": "link:src/plugins/presentation_util",
+    "@kbn/product-doc-base-plugin": "link:x-pack/plugins/ai_infra/product_doc_base",
+    "@kbn/product-doc-common": "link:x-pack/packages/ai-infra/product-doc-common",
     "@kbn/profiling-data-access-plugin": "link:x-pack/plugins/observability_solution/profiling_data_access",
     "@kbn/profiling-plugin": "link:x-pack/plugins/observability_solution/profiling",
     "@kbn/profiling-utils": "link:packages/kbn-profiling-utils",
@@ -1068,7 +1072,7 @@
     "@turf/length": "^6.0.2",
     "@xstate/react": "^3.2.2",
     "@xstate5/react": "npm:@xstate/react@^4.1.2",
-    "@xyflow/react": "^12.3.4",
+    "@xyflow/react": "^12.3.5",
     "adm-zip": "^0.5.9",
     "ai": "^2.2.33",
     "ajv": "^8.12.0",
diff --git a/packages/core/rendering/core-rendering-server-internal/src/views/styles.tsx b/packages/core/rendering/core-rendering-server-internal/src/views/styles.tsx
index ceeb6f4b7f9e2..54e8559ad25c1 100644
--- a/packages/core/rendering/core-rendering-server-internal/src/views/styles.tsx
+++ b/packages/core/rendering/core-rendering-server-internal/src/views/styles.tsx
@@ -8,17 +8,18 @@
  */
 
 import React, { FC } from 'react';
-import type { DarkModeValue } from '@kbn/core-ui-settings-common';
+import { type DarkModeValue, ThemeName } from '@kbn/core-ui-settings-common';
 
 interface Props {
   darkMode: DarkModeValue;
+  themeName: ThemeName;
   stylesheetPaths: string[];
 }
 
-export const Styles: FC<Props> = ({ darkMode, stylesheetPaths }) => {
+export const Styles: FC<Props> = ({ darkMode, themeName, stylesheetPaths }) => {
   return (
     <>
-      {darkMode !== 'system' && <InlineStyles darkMode={darkMode} />}
+      {darkMode !== 'system' && <InlineStyles darkMode={darkMode} themeName={themeName} />}
       {stylesheetPaths.map((path) => (
         <link key={path} rel="stylesheet" type="text/css" href={path} />
       ))}
@@ -26,7 +27,27 @@ export const Styles: FC<Props> = ({ darkMode, stylesheetPaths }) => {
   );
 };
 
-const InlineStyles: FC<{ darkMode: boolean }> = ({ darkMode }) => {
+const InlineStyles: FC<{ darkMode: boolean; themeName: ThemeName }> = ({ darkMode, themeName }) => {
+  const getThemeStyles = (theme: ThemeName) => {
+    if (theme === 'borealis') {
+      return {
+        pageBackground: darkMode ? '#07101F' : '#F6F9FC', // colors.body
+        welcomeText: darkMode ? '#8E9FBC' : '#5A6D8C', // colors.subduedText
+        progress: darkMode ? '#172336' : '#ECF1F9', // colors.lightestShade
+        progressBefore: darkMode ? '#599DFF' : '#0B64DD', // colors.primary
+      };
+    }
+
+    return {
+      pageBackground: darkMode ? '#141519' : '#F8FAFD',
+      welcomeText: darkMode ? '#98A2B3' : '#69707D',
+      progress: darkMode ? '#25262E' : '#F5F7FA',
+      progressBefore: darkMode ? '#1BA9F5' : '#006DE4',
+    };
+  };
+
+  const themeStyles = getThemeStyles(themeName);
+
   // must be kept in sync with
   // packages/core/apps/core-apps-server-internal/assets/legacy_theme.js
   /* eslint-disable react/no-danger */
@@ -36,19 +57,19 @@ const InlineStyles: FC<{ darkMode: boolean }> = ({ darkMode }) => {
         __html: `
 
           html {
-            background-color: ${darkMode ? '#141519' : '#F8FAFD'}
+            background-color: ${themeStyles.pageBackground}
           }
 
           .kbnWelcomeText {
-            color: ${darkMode ? '#98A2B3' : '#69707D'};
+            color: ${themeStyles.welcomeText};
           }
 
           .kbnProgress {
-            background-color: ${darkMode ? '#25262E' : '#F5F7FA'};
+            background-color: ${themeStyles.progress};
           }
 
           .kbnProgress:before {
-            background-color: ${darkMode ? '#1BA9F5' : '#006DE4'};
+            background-color: ${themeStyles.progressBefore};
           }
 
         `,
diff --git a/packages/core/rendering/core-rendering-server-internal/src/views/template.tsx b/packages/core/rendering/core-rendering-server-internal/src/views/template.tsx
index fdbade121445d..d3556287a0333 100644
--- a/packages/core/rendering/core-rendering-server-internal/src/views/template.tsx
+++ b/packages/core/rendering/core-rendering-server-internal/src/views/template.tsx
@@ -56,7 +56,11 @@ export const Template: FunctionComponent<Props> = ({
         {/* Inject EUI reset and global styles before all other component styles */}
         <meta name={EUI_STYLES_GLOBAL} />
         <meta name="emotion" />
-        <Styles darkMode={darkMode} stylesheetPaths={stylesheetPaths} />
+        <Styles
+          darkMode={darkMode}
+          themeName={injectedMetadata.theme.name}
+          stylesheetPaths={stylesheetPaths}
+        />
         {scriptPaths.map((path) => (
           <script key={path} src={path} />
         ))}
diff --git a/packages/core/security/core-security-server-internal/src/security_service.test.ts b/packages/core/security/core-security-server-internal/src/security_service.test.ts
index 75539e9954ac0..0ff1e59db71ec 100644
--- a/packages/core/security/core-security-server-internal/src/security_service.test.ts
+++ b/packages/core/security/core-security-server-internal/src/security_service.test.ts
@@ -16,17 +16,32 @@ import { loggerMock, MockedLogger } from '@kbn/logging-mocks';
 import { mockCoreContext } from '@kbn/core-base-server-mocks';
 import type { CoreSecurityDelegateContract } from '@kbn/core-security-server';
 import { SecurityService } from './security_service';
+import { configServiceMock } from '@kbn/config-mocks';
+import { getFips } from 'crypto';
 
 const createStubInternalContract = (): CoreSecurityDelegateContract => {
   return Symbol('stubContract') as unknown as CoreSecurityDelegateContract;
 };
 
-describe('SecurityService', () => {
+describe('SecurityService', function () {
   let coreContext: ReturnType<typeof mockCoreContext.create>;
+  let configService: ReturnType<typeof configServiceMock.create>;
   let service: SecurityService;
 
   beforeEach(() => {
-    coreContext = mockCoreContext.create();
+    const mockConfig = {
+      xpack: {
+        security: {
+          experimental: {
+            fipsMode: {
+              enabled: !!getFips(),
+            },
+          },
+        },
+      },
+    };
+    configService = configServiceMock.create({ getConfig$: mockConfig });
+    coreContext = mockCoreContext.create({ configService });
     service = new SecurityService(coreContext);
 
     convertSecurityApiMock.mockReset();
@@ -51,8 +66,11 @@ describe('SecurityService', () => {
       describe('#isEnabled', () => {
         it('should return boolean', () => {
           const { fips } = service.setup();
-
-          expect(fips.isEnabled()).toBe(false);
+          if (getFips() === 0) {
+            expect(fips.isEnabled()).toBe(false);
+          } else {
+            expect(fips.isEnabled()).toBe(true);
+          }
         });
       });
     });
diff --git a/packages/core/security/core-security-server-internal/tsconfig.json b/packages/core/security/core-security-server-internal/tsconfig.json
index e1812dc77cf49..11128461daf4e 100644
--- a/packages/core/security/core-security-server-internal/tsconfig.json
+++ b/packages/core/security/core-security-server-internal/tsconfig.json
@@ -22,5 +22,6 @@
     "@kbn/core-base-server-mocks",
     "@kbn/config",
     "@kbn/core-logging-server-mocks",
+    "@kbn/config-mocks",
   ]
 }
diff --git a/packages/core/test-helpers/core-test-helpers-kbn-server/src/create_root.ts b/packages/core/test-helpers/core-test-helpers-kbn-server/src/create_root.ts
index d2fa6850a8bf8..38dae90905cb2 100644
--- a/packages/core/test-helpers/core-test-helpers-kbn-server/src/create_root.ts
+++ b/packages/core/test-helpers/core-test-helpers-kbn-server/src/create_root.ts
@@ -12,10 +12,12 @@ import loadJsonFile from 'load-json-file';
 import { defaultsDeep } from 'lodash';
 import { BehaviorSubject } from 'rxjs';
 import supertest from 'supertest';
+import { set } from '@kbn/safer-lodash-set';
 
 import { getPackages } from '@kbn/repo-packages';
 import { ToolingLog } from '@kbn/tooling-log';
 import { REPO_ROOT } from '@kbn/repo-info';
+import { getFips } from 'crypto';
 import {
   createTestEsCluster,
   CreateTestEsClusterOptions,
@@ -75,6 +77,17 @@ export function createRootWithSettings(
     pkg.version = customKibanaVersion;
   }
 
+  /*
+   * Most of these integration tests expect OSS to default to true, but FIPS
+   * requires the security plugin to be enabled
+   */
+  let oss = true;
+  if (getFips() === 1) {
+    set(settings, 'xpack.security.experimental.fipsMode.enabled', true);
+    oss = false;
+    delete cliArgs.oss;
+  }
+
   const env = Env.createDefault(
     REPO_ROOT,
     {
@@ -84,10 +97,10 @@ export function createRootWithSettings(
         watch: false,
         basePath: false,
         runExamples: false,
-        oss: true,
         disableOptimizer: true,
         cache: true,
         dist: false,
+        oss,
         ...cliArgs,
       },
       repoPackages: getPackages(REPO_ROOT),
@@ -255,7 +268,13 @@ export function createTestServers({
   if (!adjustTimeout) {
     throw new Error('adjustTimeout is required in order to avoid flaky tests');
   }
-  const license = settings.es?.license ?? 'basic';
+  let license = settings.es?.license ?? 'basic';
+
+  if (getFips() === 1) {
+    // Set license to 'trial' if Node is running in FIPS mode
+    license = 'trial';
+  }
+
   const usersToBeAdded = settings.users ?? [];
   if (usersToBeAdded.length > 0) {
     if (license !== 'trial') {
@@ -292,6 +311,7 @@ export function createTestServers({
           hosts: es.getHostUrls(),
           username: kibanaServerTestUser.username,
           password: kibanaServerTestUser.password,
+          ...(getFips() ? kbnSettings.elasticsearch : {}),
         };
       }
 
diff --git a/packages/core/test-helpers/core-test-helpers-kbn-server/tsconfig.json b/packages/core/test-helpers/core-test-helpers-kbn-server/tsconfig.json
index 85d14bb04ab59..65ca0ccdfca0b 100644
--- a/packages/core/test-helpers/core-test-helpers-kbn-server/tsconfig.json
+++ b/packages/core/test-helpers/core-test-helpers-kbn-server/tsconfig.json
@@ -20,6 +20,7 @@
     "@kbn/repo-packages",
     "@kbn/es",
     "@kbn/dev-utils",
+    "@kbn/safer-lodash-set",
   ],
   "exclude": [
     "target/**/*",
diff --git a/packages/core/ui-settings/core-ui-settings-common/src/theme.ts b/packages/core/ui-settings/core-ui-settings-common/src/theme.ts
index 7bf9cbfe9486a..73b465d5b192f 100644
--- a/packages/core/ui-settings/core-ui-settings-common/src/theme.ts
+++ b/packages/core/ui-settings/core-ui-settings-common/src/theme.ts
@@ -52,6 +52,11 @@ export function parseThemeTags(input?: unknown): ThemeTags {
     return DEFAULT_THEME_TAGS;
   }
 
+  // TODO: remove when Borealis is in public beta
+  if (input === 'experimental') {
+    return SUPPORTED_THEME_TAGS;
+  }
+
   let rawTags: string[];
   if (typeof input === 'string') {
     rawTags = input.split(',').map((tag) => tag.trim());
diff --git a/packages/deeplinks/search/constants.ts b/packages/deeplinks/search/constants.ts
index 52f7bb201388e..6d9f6492abda7 100644
--- a/packages/deeplinks/search/constants.ts
+++ b/packages/deeplinks/search/constants.ts
@@ -16,6 +16,7 @@ export const ENTERPRISE_SEARCH_APPSEARCH_APP_ID = 'appSearch';
 export const ENTERPRISE_SEARCH_WORKPLACESEARCH_APP_ID = 'workplaceSearch';
 export const SERVERLESS_ES_APP_ID = 'serverlessElasticsearch';
 export const SERVERLESS_ES_CONNECTORS_ID = 'serverlessConnectors';
+export const SERVERLESS_ES_WEB_CRAWLERS_ID = 'serverlessWebCrawlers';
 export const SERVERLESS_ES_SEARCH_PLAYGROUND_ID = 'searchPlayground';
 export const SERVERLESS_ES_SEARCH_INFERENCE_ENDPOINTS_ID = 'searchInferenceEndpoints';
 export const SEARCH_HOMEPAGE = 'searchHomepage';
diff --git a/packages/deeplinks/search/deep_links.ts b/packages/deeplinks/search/deep_links.ts
index b23a86b3cc51c..9dc9a8ed18203 100644
--- a/packages/deeplinks/search/deep_links.ts
+++ b/packages/deeplinks/search/deep_links.ts
@@ -10,6 +10,7 @@
 import {
   SERVERLESS_ES_APP_ID,
   SERVERLESS_ES_CONNECTORS_ID,
+  SERVERLESS_ES_WEB_CRAWLERS_ID,
   ENTERPRISE_SEARCH_APP_ID,
   ENTERPRISE_SEARCH_CONTENT_APP_ID,
   ENTERPRISE_SEARCH_APPLICATIONS_APP_ID,
@@ -38,6 +39,7 @@ export type EnterpriseSearchAppsearchApp = typeof ENTERPRISE_SEARCH_APPSEARCH_AP
 export type EnterpriseSearchWorkplaceSearchApp = typeof ENTERPRISE_SEARCH_WORKPLACESEARCH_APP_ID;
 export type ServerlessSearchApp = typeof SERVERLESS_ES_APP_ID;
 export type ConnectorsId = typeof SERVERLESS_ES_CONNECTORS_ID;
+export type ServerlessWebCrawlers = typeof SERVERLESS_ES_WEB_CRAWLERS_ID;
 export type SearchPlaygroundId = typeof SERVERLESS_ES_SEARCH_PLAYGROUND_ID;
 export type SearchInferenceEndpointsId = typeof SERVERLESS_ES_SEARCH_INFERENCE_ENDPOINTS_ID;
 export type SearchHomepage = typeof SEARCH_HOMEPAGE;
@@ -68,6 +70,7 @@ export type DeepLinkId =
   | EnterpriseSearchWorkplaceSearchApp
   | ServerlessSearchApp
   | ConnectorsId
+  | ServerlessWebCrawlers
   | SearchPlaygroundId
   | SearchInferenceEndpointsId
   | SearchHomepage
diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json
index a5642cee10958..020b9a97753b4 100644
--- a/packages/kbn-check-mappings-update-cli/current_fields.json
+++ b/packages/kbn-check-mappings-update-cli/current_fields.json
@@ -855,6 +855,13 @@
   "policy-settings-protection-updates-note": [
     "note"
   ],
+  "product-doc-install-status": [
+    "index_name",
+    "installation_status",
+    "last_installation_date",
+    "product_name",
+    "product_version"
+  ],
   "query": [
     "description",
     "title",
diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json
index 61f680509c133..2409b7578da84 100644
--- a/packages/kbn-check-mappings-update-cli/current_mappings.json
+++ b/packages/kbn-check-mappings-update-cli/current_mappings.json
@@ -2841,6 +2841,26 @@
       }
     }
   },
+  "product-doc-install-status": {
+    "dynamic": false,
+    "properties": {
+      "index_name": {
+        "type": "keyword"
+      },
+      "installation_status": {
+        "type": "keyword"
+      },
+      "last_installation_date": {
+        "type": "date"
+      },
+      "product_name": {
+        "type": "keyword"
+      },
+      "product_version": {
+        "type": "keyword"
+      }
+    }
+  },
   "query": {
     "dynamic": false,
     "properties": {
diff --git a/packages/kbn-es/src/install/install_source.ts b/packages/kbn-es/src/install/install_source.ts
index 244b349002829..9a7e8f166791a 100644
--- a/packages/kbn-es/src/install/install_source.ts
+++ b/packages/kbn-es/src/install/install_source.ts
@@ -84,7 +84,7 @@ async function sourceInfo(cwd: string, license: string, log: ToolingLog = defaul
   log.info('on %s at %s', chalk.bold(branch), chalk.bold(sha));
   log.info('%s locally modified file(s)', chalk.bold(status.modified.length));
 
-  const etag = crypto.createHash('md5').update(branch); // eslint-disable-line @kbn/eslint/no_unsafe_hash
+  const etag = crypto.createHash('sha256').update(branch);
   etag.update(sha);
 
   // for changed files, use last modified times in hash calculation
@@ -92,7 +92,7 @@ async function sourceInfo(cwd: string, license: string, log: ToolingLog = defaul
     etag.update(fs.statSync(path.join(cwd, file.path)).mtime.toString());
   });
 
-  const cwdHash = crypto.createHash('md5').update(cwd).digest('hex').substr(0, 8); // eslint-disable-line @kbn/eslint/no_unsafe_hash
+  const cwdHash = crypto.createHash('sha256').update(cwd).digest('hex').substr(0, 8);
 
   const basename = `${branch}-${task}-${cwdHash}`;
   const filename = `${basename}.${ext}`;
diff --git a/packages/kbn-eslint-config/.eslintrc.js b/packages/kbn-eslint-config/.eslintrc.js
index ec39d88606438..e38b6cc48c443 100644
--- a/packages/kbn-eslint-config/.eslintrc.js
+++ b/packages/kbn-eslint-config/.eslintrc.js
@@ -127,13 +127,16 @@ module.exports = {
           exclude: USES_STYLED_COMPONENTS,
           disallowedMessage: `Prefer using @emotion/react instead. To use styled-components, ensure you plugin is enabled in packages/kbn-babel-preset/styled_components_files.js.`,
         },
-        ...['@elastic/eui/dist/eui_theme_light.json', '@elastic/eui/dist/eui_theme_dark.json'].map(
-          (from) => ({
-            from,
-            to: false,
-            disallowedMessage: `Use "@kbn/ui-theme" to access theme vars.`,
-          })
-        ),
+        ...[
+          '@elastic/eui/dist/eui_theme_amsterdam_light.json',
+          '@elastic/eui/dist/eui_theme_amsterdam_dark.json',
+          '@elastic/eui/dist/eui_theme_borealis_light.json',
+          '@elastic/eui/dist/eui_theme_borealis_dark.json',
+        ].map((from) => ({
+          from,
+          to: false,
+          disallowedMessage: `Use "@kbn/ui-theme" to access theme vars.`,
+        })),
         {
           from: '@kbn/test/jest',
           to: '@kbn/test-jest-helpers',
diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
index 58424700d9bf6..e1e9b6aa81898 100644
--- a/packages/kbn-optimizer/limits.yml
+++ b/packages/kbn-optimizer/limits.yml
@@ -2,7 +2,7 @@ pageLoadAssetSize:
   actions: 20000
   advancedSettings: 27596
   aiAssistantManagementSelection: 19146
-  aiops: 16600
+  aiops: 16670
   alerting: 106936
   apm: 64385
   banners: 17946
@@ -31,7 +31,7 @@ pageLoadAssetSize:
   dataUsage: 30000
   dataViewEditor: 28082
   dataViewFieldEditor: 42021
-  dataViewManagement: 5300
+  dataViewManagement: 5370
   dataViews: 65000
   dataVisualizer: 30000
   devTools: 38637
@@ -124,6 +124,7 @@ pageLoadAssetSize:
   painlessLab: 179748
   presentationPanel: 55463
   presentationUtil: 58834
+  productDocBase: 22500
   profiling: 36694
   remoteClusters: 51327
   reporting: 58600
diff --git a/packages/kbn-test/src/es/test_es_cluster.ts b/packages/kbn-test/src/es/test_es_cluster.ts
index 620147e1fa7ab..20c54e044e46f 100644
--- a/packages/kbn-test/src/es/test_es_cluster.ts
+++ b/packages/kbn-test/src/es/test_es_cluster.ts
@@ -21,6 +21,7 @@ import type { ToolingLog } from '@kbn/tooling-log';
 import { REPO_ROOT } from '@kbn/repo-info';
 import type { ArtifactLicense } from '@kbn/es';
 import type { ServerlessOptions } from '@kbn/es/src/utils';
+import { getFips } from 'crypto';
 import { CI_PARALLEL_PROCESS_PREFIX } from '../ci_parallel_process_prefix';
 import { esTestConfig } from './es_test_config';
 
@@ -200,12 +201,15 @@ export function createTestEsCluster<
 
   const esArgs = assignArgs(defaultEsArgs, customEsArgs);
 
+  // Use 'trial' license if FIPS mode is enabled, otherwise use the provided license or default to 'basic'
+  const testLicense: ArtifactLicense = getFips() === 1 ? 'trial' : license ? license : 'basic';
+
   const config = {
     version: esVersion,
     installPath: Path.resolve(basePath, clusterName),
     sourcePath: Path.resolve(REPO_ROOT, '../elasticsearch'),
+    license: testLicense,
     password,
-    license,
     basePath,
     esArgs,
     resources: files,
diff --git a/packages/kbn-ui-shared-deps-npm/webpack.config.js b/packages/kbn-ui-shared-deps-npm/webpack.config.js
index 926a041a72c3d..384071e0b9168 100644
--- a/packages/kbn-ui-shared-deps-npm/webpack.config.js
+++ b/packages/kbn-ui-shared-deps-npm/webpack.config.js
@@ -65,8 +65,10 @@ module.exports = (_, argv) => {
         '@elastic/eui/optimize/es/components/provider/nested',
         '@elastic/eui/optimize/es/services',
         '@elastic/eui/optimize/es/services/format',
-        '@elastic/eui/dist/eui_theme_light.json',
-        '@elastic/eui/dist/eui_theme_dark.json',
+        '@elastic/eui/dist/eui_theme_amsterdam_light.json',
+        '@elastic/eui/dist/eui_theme_amsterdam_dark.json',
+        '@elastic/eui/dist/eui_theme_borealis_light.json',
+        '@elastic/eui/dist/eui_theme_borealis_dark.json',
         '@elastic/numeral',
         '@emotion/cache',
         '@emotion/react',
diff --git a/packages/kbn-ui-shared-deps-src/src/definitions.js b/packages/kbn-ui-shared-deps-src/src/definitions.js
index 2c391dd18d1bc..3e66e5a102f06 100644
--- a/packages/kbn-ui-shared-deps-src/src/definitions.js
+++ b/packages/kbn-ui-shared-deps-src/src/definitions.js
@@ -77,6 +77,7 @@ const externals = {
     '__kbnSharedDeps__.ElasticEuiLibComponentsUseIsNestedEuiProvider',
   '@elastic/eui/lib/services': '__kbnSharedDeps__.ElasticEuiLibServices',
   '@elastic/eui/lib/services/format': '__kbnSharedDeps__.ElasticEuiLibServicesFormat',
+  '@elastic/eui-theme-borealis': '__kbnSharedDeps__.ElasticEuiThemeBorealis',
 
   // transient dep of eui
   '@hello-pangea/dnd': '__kbnSharedDeps__.HelloPangeaDnd',
diff --git a/packages/kbn-ui-shared-deps-src/src/entry.js b/packages/kbn-ui-shared-deps-src/src/entry.js
index 25432fcfe399e..1d7e6442e29d0 100644
--- a/packages/kbn-ui-shared-deps-src/src/entry.js
+++ b/packages/kbn-ui-shared-deps-src/src/entry.js
@@ -41,6 +41,7 @@ export const Rxjs = require('rxjs');
 export const ElasticNumeral = require('@elastic/numeral');
 export const ElasticCharts = require('@elastic/charts');
 export const ElasticEui = require('@elastic/eui');
+export const ElasticEuiThemeBorealis = require('@elastic/eui-theme-borealis');
 export const ElasticEuiLibComponentsUseIsNestedEuiProvider = require('@elastic/eui/optimize/es/components/provider/nested');
 export const ElasticEuiLibServices = require('@elastic/eui/optimize/es/services');
 export const ElasticEuiLibServicesFormat = require('@elastic/eui/optimize/es/services/format');
diff --git a/packages/kbn-ui-theme/src/theme.ts b/packages/kbn-ui-theme/src/theme.ts
index 3718c7dfb9d64..36137395950ef 100644
--- a/packages/kbn-ui-theme/src/theme.ts
+++ b/packages/kbn-ui-theme/src/theme.ts
@@ -7,12 +7,15 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-// TODO(tkajtoch): Add support for multiple themes
+/* eslint-disable-next-line @kbn/eslint/module_migration */
+import { default as v8Light } from '@elastic/eui/dist/eui_theme_amsterdam_light.json';
+/* eslint-disable-next-line @kbn/eslint/module_migration */
+import { default as v8Dark } from '@elastic/eui/dist/eui_theme_amsterdam_dark.json';
 
 /* eslint-disable-next-line @kbn/eslint/module_migration */
-import { default as v8Light } from '@elastic/eui/dist/eui_theme_light.json';
+import { default as borealisLight } from '@elastic/eui/dist/eui_theme_borealis_light.json';
 /* eslint-disable-next-line @kbn/eslint/module_migration */
-import { default as v8Dark } from '@elastic/eui/dist/eui_theme_dark.json';
+import { default as borealisDark } from '@elastic/eui/dist/eui_theme_borealis_dark.json';
 
 const globals: any = typeof window === 'undefined' ? {} : window;
 
@@ -27,19 +30,40 @@ export const version = 8;
 /** @deprecated theme can be dynamic now, access is discouraged */
 export const darkMode = tag.endsWith('dark');
 
-export const euiLightVars: Theme = v8Light;
-export const euiDarkVars: Theme = v8Dark;
-
 let isDarkMode = darkMode;
 export const _setDarkMode = (mode: boolean) => {
   isDarkMode = mode;
 };
 
+const getThemeVars = (): { light: Theme; dark: Theme } => {
+  if (globals?.__kbnThemeTag__?.includes('borealis')) {
+    return {
+      light: borealisLight,
+      dark: borealisDark,
+    };
+  }
+
+  return {
+    light: v8Light,
+    dark: v8Dark,
+  };
+};
+
+export const euiLightVars: Theme = getThemeVars().light;
+export const euiDarkVars: Theme = getThemeVars().dark;
+
 /**
  * EUI Theme vars that automatically adjust to light/dark theme
  */
-export const euiThemeVars: Theme = new Proxy(isDarkMode ? euiDarkVars : euiLightVars, {
-  get(accessedTarget, accessedKey, ...rest) {
-    return Reflect.get(isDarkMode ? euiDarkVars : euiLightVars, accessedKey, ...rest);
-  },
-});
+export const euiThemeVars: Theme = new Proxy(
+  isDarkMode ? getThemeVars().dark : getThemeVars().light,
+  {
+    get(accessedTarget, accessedKey, ...rest) {
+      return Reflect.get(
+        isDarkMode ? getThemeVars().dark : getThemeVars().light,
+        accessedKey,
+        ...rest
+      );
+    },
+  }
+);
diff --git a/packages/react/kibana_context/common/theme.ts b/packages/react/kibana_context/common/theme.ts
index 45c89172cf187..f526be2d22145 100644
--- a/packages/react/kibana_context/common/theme.ts
+++ b/packages/react/kibana_context/common/theme.ts
@@ -8,6 +8,7 @@
  */
 
 import { EuiThemeSystem, EuiThemeAmsterdam } from '@elastic/eui';
+import { EuiThemeBorealis } from '@elastic/eui-theme-borealis';
 
 export interface ThemeConfig {
   euiTheme: EuiThemeSystem;
@@ -17,6 +18,9 @@ const THEMES: Record<string, ThemeConfig> = {
   amsterdam: {
     euiTheme: EuiThemeAmsterdam,
   },
+  borealis: {
+    euiTheme: EuiThemeBorealis,
+  },
 };
 
 export const getThemeConfigByName = (name: string): ThemeConfig | null => {
diff --git a/src/core/public/styles/core_app/_globals_borealisdark.scss b/src/core/public/styles/core_app/_globals_borealisdark.scss
new file mode 100644
index 0000000000000..6ee301a70c30d
--- /dev/null
+++ b/src/core/public/styles/core_app/_globals_borealisdark.scss
@@ -0,0 +1,9 @@
+// v9 borealis theme global scope
+//
+// prepended to all .scss imports (from JS, when borealis dark theme selected)
+
+@import '@elastic/eui-theme-borealis/src/theme_dark.scss';
+
+@import './mixins';
+
+$kbnThemeVersion: 'borealisdark';
\ No newline at end of file
diff --git a/src/core/public/styles/core_app/_globals_borealislight.scss b/src/core/public/styles/core_app/_globals_borealislight.scss
new file mode 100644
index 0000000000000..5134cf6b85b78
--- /dev/null
+++ b/src/core/public/styles/core_app/_globals_borealislight.scss
@@ -0,0 +1,9 @@
+// v9 borealis theme global scope
+//
+// prepended to all .scss imports (from JS, when borealis light theme selected)
+
+@import '@elastic/eui-theme-borealis/src/theme_light.scss';
+
+@import './mixins';
+
+$kbnThemeVersion: 'borealislight';
\ No newline at end of file
diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
index 28a1e8e1eb538..0f186fba94b54 100644
--- a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
+++ b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
@@ -145,6 +145,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "osquery-pack-asset": "cd140bc2e4b092e93692b587bf6e38051ef94c75",
         "osquery-saved-query": "6095e288750aa3164dfe186c74bc5195c2bf2bd4",
         "policy-settings-protection-updates-note": "33924bb246f9e5bcb876109cc83e3c7a28308352",
+        "product-doc-install-status": "ca6e96840228e4cc2f11bae24a0797f4f7238c8c",
         "query": "501bece68f26fe561286a488eabb1a8ab12f1137",
         "risk-engine-configuration": "bab237d09c2e7189dddddcb1b28f19af69755efb",
         "rules-settings": "ba57ef1881b3dcbf48fbfb28902d8f74442190b2",
diff --git a/src/core/server/integration_tests/config/check_dynamic_config.test.ts b/src/core/server/integration_tests/config/check_dynamic_config.test.ts
index 85061b876eebf..38250076385b9 100644
--- a/src/core/server/integration_tests/config/check_dynamic_config.test.ts
+++ b/src/core/server/integration_tests/config/check_dynamic_config.test.ts
@@ -16,128 +16,135 @@ import {
   request,
 } from '@kbn/core-test-helpers-kbn-server';
 import { PLUGIN_SYSTEM_ENABLE_ALL_PLUGINS_CONFIG_PATH } from '@kbn/core-plugins-server-internal/src/constants';
-
-describe('PUT /internal/core/_settings', () => {
-  let esServer: TestElasticsearchUtils;
-  let root: Root;
-
-  const loggerName = 'my-test-logger';
-
-  beforeAll(async () => {
-    const settings = {
-      coreApp: { allowDynamicConfigOverrides: true },
-      logging: {
-        loggers: [{ name: loggerName, level: 'error', appenders: ['console'] }],
-      },
-      server: { restrictInternalApis: false },
-    };
-    const { startES, startKibana } = createTestServers({
-      adjustTimeout: (t: number) => jest.setTimeout(t),
-      settings: {
-        kbn: settings,
-      },
+import { getFips } from 'crypto';
+
+if (getFips() === 0) {
+  describe('PUT /internal/core/_settings', () => {
+    let esServer: TestElasticsearchUtils;
+    let root: Root;
+
+    const loggerName = 'my-test-logger';
+
+    beforeAll(async () => {
+      const settings = {
+        coreApp: { allowDynamicConfigOverrides: true },
+        logging: {
+          loggers: [{ name: loggerName, level: 'error', appenders: ['console'] }],
+        },
+        server: { restrictInternalApis: false },
+      };
+      const { startES, startKibana } = createTestServers({
+        adjustTimeout: (t: number) => jest.setTimeout(t),
+        settings: {
+          kbn: settings,
+        },
+      });
+
+      esServer = await startES();
+
+      const kbnUtils = await startKibana();
+      root = kbnUtils.root;
+
+      // eslint-disable-next-line dot-notation
+      root['server'].configService.addDynamicConfigPaths('logging', ['loggers']); // just for the sake of being able to change something easy to test
     });
 
-    esServer = await startES();
-
-    const kbnUtils = await startKibana();
-    root = kbnUtils.root;
-
-    // eslint-disable-next-line dot-notation
-    root['server'].configService.addDynamicConfigPaths('logging', ['loggers']); // just for the sake of being able to change something easy to test
-  });
+    afterAll(async () => {
+      await root?.shutdown();
+      await esServer?.stop();
+    });
 
-  afterAll(async () => {
-    await root?.shutdown();
-    await esServer?.stop();
-  });
+    test('should update the log level', async () => {
+      const logger = root.logger.get(loggerName);
+      expect(logger.isLevelEnabled('info')).toBe(false);
+      await request
+        .put(root, '/internal/core/_settings')
+        .set('Elastic-Api-Version', '1')
+        .send({ 'logging.loggers': [{ name: loggerName, level: 'debug', appenders: ['console'] }] })
+        .expect(200);
+      expect(logger.isLevelEnabled('info')).toBe(true);
+    });
 
-  test('should update the log level', async () => {
-    const logger = root.logger.get(loggerName);
-    expect(logger.isLevelEnabled('info')).toBe(false);
-    await request
-      .put(root, '/internal/core/_settings')
-      .set('Elastic-Api-Version', '1')
-      .send({ 'logging.loggers': [{ name: loggerName, level: 'debug', appenders: ['console'] }] })
-      .expect(200);
-    expect(logger.isLevelEnabled('info')).toBe(true);
+    test('should remove the setting', async () => {
+      const logger = root.logger.get(loggerName);
+      expect(logger.isLevelEnabled('info')).toBe(true); // still true from the previous test
+      await request
+        .put(root, '/internal/core/_settings')
+        .set('Elastic-Api-Version', '1')
+        .send({ 'logging.loggers': null })
+        .expect(200);
+      expect(logger.isLevelEnabled('info')).toBe(false);
+    });
   });
 
-  test('should remove the setting', async () => {
-    const logger = root.logger.get(loggerName);
-    expect(logger.isLevelEnabled('info')).toBe(true); // still true from the previous test
-    await request
-      .put(root, '/internal/core/_settings')
-      .set('Elastic-Api-Version', '1')
-      .send({ 'logging.loggers': null })
-      .expect(200);
-    expect(logger.isLevelEnabled('info')).toBe(false);
-  });
-});
-
-describe('checking all opted-in dynamic config settings', () => {
-  let root: Root;
-
-  beforeAll(async () => {
-    const settings = {
-      logging: {
-        loggers: [{ name: 'root', level: 'info', appenders: ['console'] }],
-      },
-      server: {
-        restrictInternalApis: false,
-      },
-    };
-
-    set(settings, PLUGIN_SYSTEM_ENABLE_ALL_PLUGINS_CONFIG_PATH, true);
-
-    root = createRootWithCorePlugins(settings, {
-      basePath: false,
-      cache: false,
-      dev: true,
-      disableOptimizer: true,
-      silent: false,
-      dist: false,
-      oss: false,
-      runExamples: false,
-      watch: false,
+  describe('checking all opted-in dynamic config settings', () => {
+    let root: Root;
+
+    beforeAll(async () => {
+      const settings = {
+        logging: {
+          loggers: [{ name: 'root', level: 'info', appenders: ['console'] }],
+        },
+        server: {
+          restrictInternalApis: false,
+        },
+      };
+
+      set(settings, PLUGIN_SYSTEM_ENABLE_ALL_PLUGINS_CONFIG_PATH, true);
+
+      root = createRootWithCorePlugins(settings, {
+        basePath: false,
+        cache: false,
+        dev: true,
+        disableOptimizer: true,
+        silent: false,
+        dist: false,
+        oss: false,
+        runExamples: false,
+        watch: false,
+      });
+
+      await root.preboot();
+      await root.setup();
     });
 
-    await root.preboot();
-    await root.setup();
-  });
+    afterAll(async () => {
+      if (root) {
+        await root.shutdown();
+      }
+    });
 
-  afterAll(async () => {
-    if (root) {
-      await root.shutdown();
+    function getListOfDynamicConfigPaths(): string[] {
+      // eslint-disable-next-line dot-notation
+      return [...root['server']['configService']['dynamicPaths'].entries()]
+        .flatMap(([configPath, dynamicConfigKeys]) => {
+          return dynamicConfigKeys.map(
+            (dynamicConfigKey: string) => `${configPath}.${dynamicConfigKey}`
+          );
+        })
+        .sort();
     }
-  });
 
-  function getListOfDynamicConfigPaths(): string[] {
-    // eslint-disable-next-line dot-notation
-    return [...root['server']['configService']['dynamicPaths'].entries()]
-      .flatMap(([configPath, dynamicConfigKeys]) => {
-        return dynamicConfigKeys.map(
-          (dynamicConfigKey: string) => `${configPath}.${dynamicConfigKey}`
-        );
-      })
-      .sort();
-  }
-
-  /**
-   * This test is meant to fail when any setting is flagged as capable
-   * of dynamic configuration {@link PluginConfigDescriptor.dynamicConfig}.
-   *
-   * Please, add your settings to the list with a comment of why it's required to be dynamic.
-   *
-   * The intent is to trigger a code review from the Core and Security teams to discuss potential issues.
-   */
-  test('detecting all the settings that have opted-in for dynamic in-memory updates', () => {
-    expect(getListOfDynamicConfigPaths()).toStrictEqual([
-      // Making testing easier by having the ability of overriding the feature flags without the need to restart
-      'feature_flags.overrides',
-      // We need this for enriching our Perf tests with more valuable data regarding the steps of the test
-      // Also helpful in Cloud & Serverless testing because we can't control the labels in those offerings
-      'telemetry.labels',
-    ]);
+    /**
+     * This test is meant to fail when any setting is flagged as capable
+     * of dynamic configuration {@link PluginConfigDescriptor.dynamicConfig}.
+     *
+     * Please, add your settings to the list with a comment of why it's required to be dynamic.
+     *
+     * The intent is to trigger a code review from the Core and Security teams to discuss potential issues.
+     */
+    test('detecting all the settings that have opted-in for dynamic in-memory updates', () => {
+      expect(getListOfDynamicConfigPaths()).toStrictEqual([
+        // Making testing easier by having the ability of overriding the feature flags without the need to restart
+        'feature_flags.overrides',
+        // We need this for enriching our Perf tests with more valuable data regarding the steps of the test
+        // Also helpful in Cloud & Serverless testing because we can't control the labels in those offerings
+        'telemetry.labels',
+      ]);
+    });
+  });
+} else {
+  it('is running in FIPS mode, skipping tests since they fail due to FIPS overrides', () => {
+    expect(getFips()).toBe(1);
   });
-});
+}
diff --git a/src/core/server/integration_tests/config/config_deprecation.test.ts b/src/core/server/integration_tests/config/config_deprecation.test.ts
index 277a6080c377f..42425f10a4c97 100644
--- a/src/core/server/integration_tests/config/config_deprecation.test.ts
+++ b/src/core/server/integration_tests/config/config_deprecation.test.ts
@@ -10,6 +10,7 @@
 import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
 import { mockLoggingSystem } from './config_deprecation.test.mocks';
 import { createRoot } from '@kbn/core-test-helpers-kbn-server';
+import { getFips } from 'crypto';
 
 describe('configuration deprecations', () => {
   let root: ReturnType<typeof createRoot>;
@@ -24,13 +25,19 @@ describe('configuration deprecations', () => {
     }
   });
 
-  it('should not log deprecation warnings for default configuration', async () => {
-    root = createRoot();
+  if (getFips() === 0) {
+    it('should not log deprecation warnings for default configuration', async () => {
+      root = createRoot();
 
-    await root.preboot();
-    await root.setup();
+      await root.preboot();
+      await root.setup();
 
-    const logs = loggingSystemMock.collect(mockLoggingSystem);
-    expect(logs.warn.flat()).toHaveLength(0);
-  });
+      const logs = loggingSystemMock.collect(mockLoggingSystem);
+      expect(logs.warn.flat()).toHaveLength(0);
+    });
+  } else {
+    it('fips is enabled and the default configuration has been overridden', () => {
+      expect(getFips()).toBe(1);
+    });
+  }
 });
diff --git a/src/core/server/integration_tests/core_app/default_route_provider_config.test.ts b/src/core/server/integration_tests/core_app/default_route_provider_config.test.ts
index 57646007a586f..a3338e7d45468 100644
--- a/src/core/server/integration_tests/core_app/default_route_provider_config.test.ts
+++ b/src/core/server/integration_tests/core_app/default_route_provider_config.test.ts
@@ -14,74 +14,81 @@ import {
   request,
   type TestElasticsearchUtils,
 } from '@kbn/core-test-helpers-kbn-server';
+import { getFips } from 'crypto';
 
 describe('default route provider', () => {
   let esServer: TestElasticsearchUtils;
   let root: Root;
 
-  beforeAll(async () => {
-    const { startES } = createTestServers({
-      adjustTimeout: (t: number) => jest.setTimeout(t),
+  if (getFips() === 0) {
+    beforeAll(async () => {
+      const { startES } = createTestServers({
+        adjustTimeout: (t: number) => jest.setTimeout(t),
+      });
+      esServer = await startES();
+      root = createRootWithCorePlugins({
+        server: {
+          basePath: '/hello',
+          restrictInternalApis: false,
+        },
+      });
+
+      await root.preboot();
+      await root.setup();
+      await root.start();
     });
-    esServer = await startES();
-    root = createRootWithCorePlugins({
-      server: {
-        basePath: '/hello',
-        restrictInternalApis: false,
-      },
+
+    afterAll(async () => {
+      await esServer.stop();
+      await root.shutdown();
     });
 
-    await root.preboot();
-    await root.setup();
-    await root.start();
-  });
+    it('redirects to the configured default route respecting basePath', async function () {
+      const { status, header } = await request.get(root, '/');
 
-  afterAll(async () => {
-    await esServer.stop();
-    await root.shutdown();
-  });
+      expect(status).toEqual(302);
+      expect(header).toMatchObject({
+        location: '/hello/app/home',
+      });
+    });
 
-  it('redirects to the configured default route respecting basePath', async function () {
-    const { status, header } = await request.get(root, '/');
+    it('ignores invalid values', async function () {
+      const invalidRoutes = [
+        'http://not-your-kibana.com',
+        '///example.com',
+        '//example.com',
+        ' //example.com',
+      ];
 
-    expect(status).toEqual(302);
-    expect(header).toMatchObject({
-      location: '/hello/app/home',
-    });
-  });
+      for (const url of invalidRoutes) {
+        await request
+          .post(root, '/internal/kibana/settings/defaultRoute')
+          .send({ value: url })
+          .expect(400);
+      }
 
-  it('ignores invalid values', async function () {
-    const invalidRoutes = [
-      'http://not-your-kibana.com',
-      '///example.com',
-      '//example.com',
-      ' //example.com',
-    ];
+      const { status, header } = await request.get(root, '/');
+      expect(status).toEqual(302);
+      expect(header).toMatchObject({
+        location: '/hello/app/home',
+      });
+    });
 
-    for (const url of invalidRoutes) {
+    it('consumes valid values', async function () {
       await request
         .post(root, '/internal/kibana/settings/defaultRoute')
-        .send({ value: url })
-        .expect(400);
-    }
+        .send({ value: '/valid' })
+        .expect(200);
 
-    const { status, header } = await request.get(root, '/');
-    expect(status).toEqual(302);
-    expect(header).toMatchObject({
-      location: '/hello/app/home',
+      const { status, header } = await request.get(root, '/');
+      expect(status).toEqual(302);
+      expect(header).toMatchObject({
+        location: '/hello/valid',
+      });
     });
-  });
-
-  it('consumes valid values', async function () {
-    await request
-      .post(root, '/internal/kibana/settings/defaultRoute')
-      .send({ value: '/valid' })
-      .expect(200);
-
-    const { status, header } = await request.get(root, '/');
-    expect(status).toEqual(302);
-    expect(header).toMatchObject({
-      location: '/hello/valid',
+  } else {
+    it('should have fips enabled, the overrides prevent these tests from working', () => {
+      expect(getFips()).toBe(1);
     });
-  });
+  }
 });
diff --git a/src/core/server/integration_tests/elasticsearch/version_compatibility.test.ts b/src/core/server/integration_tests/elasticsearch/version_compatibility.test.ts
index d63895220ceb1..c2cb6fccc3cd0 100644
--- a/src/core/server/integration_tests/elasticsearch/version_compatibility.test.ts
+++ b/src/core/server/integration_tests/elasticsearch/version_compatibility.test.ts
@@ -17,6 +17,7 @@ import { firstValueFrom, Subject } from 'rxjs';
 import { CliArgs } from '@kbn/config';
 import Semver from 'semver';
 import { unsafeConsole } from '@kbn/security-hardening';
+import { getFips } from 'crypto';
 
 function nextMinor() {
   return Semver.inc(esTestConfig.getVersion(), 'minor') || '10.0.0';
@@ -130,9 +131,15 @@ describe('Version Compatibility', () => {
     );
   });
 
-  it('should ignore version mismatch when running on serverless mode and complete startup', async () => {
-    await expect(
-      startServers({ customKibanaVersion: nextMinor(), cliArgs: { serverless: true } })
-    ).resolves.toBeUndefined();
-  });
+  if (getFips() === 0) {
+    it('should ignore version mismatch when running on serverless mode and complete startup', async () => {
+      await expect(
+        startServers({ customKibanaVersion: nextMinor(), cliArgs: { serverless: true } })
+      ).resolves.toBeUndefined();
+    });
+  } else {
+    it('fips is enabled, serverless doesnt like the config overrides', () => {
+      expect(getFips()).toBe(1);
+    });
+  }
 });
diff --git a/src/core/server/integration_tests/node/migrator.test.ts b/src/core/server/integration_tests/node/migrator.test.ts
index cd4ab1cd8c74e..f899d7da5cde0 100644
--- a/src/core/server/integration_tests/node/migrator.test.ts
+++ b/src/core/server/integration_tests/node/migrator.test.ts
@@ -16,6 +16,7 @@ import { ToolingLog } from '@kbn/tooling-log';
 import { createTestEsCluster, kibanaServerTestUser } from '@kbn/test';
 import { observeLines } from '@kbn/stdio-dev-helpers';
 import { REPO_ROOT } from '@kbn/repo-info';
+import { getFips } from 'crypto';
 
 describe('migrator-only node', () => {
   const log = new ToolingLog({ writeTo: process.stdout, level: 'debug' });
@@ -30,6 +31,7 @@ describe('migrator-only node', () => {
     let logsSub: undefined | Rx.Subscription;
     try {
       await es.start();
+      const isFipsEnabled = getFips();
 
       proc = ChildProcess.spawn(
         process.execPath,
@@ -42,7 +44,7 @@ describe('migrator-only node', () => {
           '--no-optimizer',
           '--no-base-path',
           '--no-watch',
-          '--oss',
+          isFipsEnabled ? '--xpack.security.experimental.fipsMode.enabled=true' : '--oss',
         ],
         { stdio: ['pipe', 'pipe', 'pipe'] }
       );
diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts
index 490dea4c06be6..6898962077b9c 100644
--- a/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts
+++ b/src/core/server/integration_tests/saved_objects/migrations/group3/multiple_es_nodes.test.ts
@@ -18,6 +18,7 @@ import {
 } from '@kbn/core-test-helpers-kbn-server';
 import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { Root } from '@kbn/core-root-server-internal';
+import { getFips } from 'crypto';
 
 const LOG_FILE_PREFIX = 'migration_test_multiple_es_nodes';
 
@@ -114,89 +115,95 @@ describe('migration v2', () => {
     }
   });
 
-  it('migrates saved objects normally with multiple ES nodes', async () => {
-    const { startES } = createTestServers({
-      adjustTimeout: (t: number) => jest.setTimeout(t),
-      settings: {
-        es: {
-          license: 'basic',
-          clusterName: 'es-test-cluster',
-          nodes: [
-            {
-              name: 'node-01',
-              // original SO (5000 total; 2500 of type `foo` + 2500 of type `bar`):
-              // [
-              //   { id: 'foo:1', type: 'foo', foo: { status: 'not_migrated_1' } },
-              //   { id: 'bar:1', type: 'bar', bar: { status: 'not_migrated_1' } },
-              //   { id: 'foo:2', type: 'foo', foo: { status: 'not_migrated_2' } },
-              //   { id: 'bar:2', type: 'bar', bar: { status: 'not_migrated_2' } },
-              // ];
-              dataArchive: Path.join(__dirname, '..', 'archives', '7.13.0_5k_so_node_01.zip'),
-            },
-            {
-              name: 'node-02',
-              dataArchive: Path.join(__dirname, '..', 'archives', '7.13.0_5k_so_node_02.zip'),
-            },
-          ],
+  if (getFips() === 0) {
+    it('migrates saved objects normally with multiple ES nodes', async () => {
+      const { startES } = createTestServers({
+        adjustTimeout: (t: number) => jest.setTimeout(t),
+        settings: {
+          es: {
+            license: 'basic',
+            clusterName: 'es-test-cluster',
+            nodes: [
+              {
+                name: 'node-01',
+                // original SO (5000 total; 2500 of type `foo` + 2500 of type `bar`):
+                // [
+                //   { id: 'foo:1', type: 'foo', foo: { status: 'not_migrated_1' } },
+                //   { id: 'bar:1', type: 'bar', bar: { status: 'not_migrated_1' } },
+                //   { id: 'foo:2', type: 'foo', foo: { status: 'not_migrated_2' } },
+                //   { id: 'bar:2', type: 'bar', bar: { status: 'not_migrated_2' } },
+                // ];
+                dataArchive: Path.join(__dirname, '..', 'archives', '7.13.0_5k_so_node_01.zip'),
+              },
+              {
+                name: 'node-02',
+                dataArchive: Path.join(__dirname, '..', 'archives', '7.13.0_5k_so_node_02.zip'),
+              },
+            ],
+          },
         },
-      },
-    });
-
-    esServer = await startES();
-
-    root = createRoot({
-      logFileName: Path.join(__dirname, `${LOG_FILE_PREFIX}.log`),
-      hosts: esServer.hosts,
-    });
-
-    await root.preboot();
-    const setup = await root.setup();
-    setup.savedObjects.registerType({
-      name: 'foo',
-      hidden: false,
-      mappings: { properties: { status: { type: 'text' } } },
-      namespaceType: 'agnostic',
-      migrations: {
-        '7.14.0': (doc) => {
-          if (doc.attributes?.status) {
-            doc.attributes.status = doc.attributes.status.replace('not_migrated', 'migrated');
-          }
-          return doc;
+      });
+
+      esServer = await startES();
+
+      root = createRoot({
+        logFileName: Path.join(__dirname, `${LOG_FILE_PREFIX}.log`),
+        hosts: esServer.hosts,
+      });
+
+      await root.preboot();
+      const setup = await root.setup();
+      setup.savedObjects.registerType({
+        name: 'foo',
+        hidden: false,
+        mappings: { properties: { status: { type: 'text' } } },
+        namespaceType: 'agnostic',
+        migrations: {
+          '7.14.0': (doc) => {
+            if (doc.attributes?.status) {
+              doc.attributes.status = doc.attributes.status.replace('not_migrated', 'migrated');
+            }
+            return doc;
+          },
         },
-      },
-    });
-    setup.savedObjects.registerType({
-      name: 'bar',
-      hidden: false,
-      mappings: { properties: { status: { type: 'text' } } },
-      namespaceType: 'agnostic',
-      migrations: {
-        '7.14.0': (doc) => {
-          if (doc.attributes?.status) {
-            doc.attributes.status = doc.attributes.status.replace('not_migrated', 'migrated');
-          }
-          return doc;
+      });
+      setup.savedObjects.registerType({
+        name: 'bar',
+        hidden: false,
+        mappings: { properties: { status: { type: 'text' } } },
+        namespaceType: 'agnostic',
+        migrations: {
+          '7.14.0': (doc) => {
+            if (doc.attributes?.status) {
+              doc.attributes.status = doc.attributes.status.replace('not_migrated', 'migrated');
+            }
+            return doc;
+          },
         },
-      },
+      });
+
+      await root.start();
+      const esClient = esServer.es.getClient();
+
+      const migratedFooDocs = await fetchDocs(esClient, migratedIndexAlias, 'foo');
+      expect(migratedFooDocs.length).toBe(2500);
+      migratedFooDocs.forEach((doc, i) => {
+        expect(doc.id).toBe(`foo:${i}`);
+        expect(doc.foo.status).toBe(`migrated_${i}`);
+        expect(doc.typeMigrationVersion).toBe('7.14.0');
+      });
+
+      const migratedBarDocs = await fetchDocs(esClient, migratedIndexAlias, 'bar');
+      expect(migratedBarDocs.length).toBe(2500);
+      migratedBarDocs.forEach((doc, i) => {
+        expect(doc.id).toBe(`bar:${i}`);
+        expect(doc.bar.status).toBe(`migrated_${i}`);
+        expect(doc.typeMigrationVersion).toBe('7.14.0');
+      });
     });
-
-    await root.start();
-    const esClient = esServer.es.getClient();
-
-    const migratedFooDocs = await fetchDocs(esClient, migratedIndexAlias, 'foo');
-    expect(migratedFooDocs.length).toBe(2500);
-    migratedFooDocs.forEach((doc, i) => {
-      expect(doc.id).toBe(`foo:${i}`);
-      expect(doc.foo.status).toBe(`migrated_${i}`);
-      expect(doc.typeMigrationVersion).toBe('7.14.0');
-    });
-
-    const migratedBarDocs = await fetchDocs(esClient, migratedIndexAlias, 'bar');
-    expect(migratedBarDocs.length).toBe(2500);
-    migratedBarDocs.forEach((doc, i) => {
-      expect(doc.id).toBe(`bar:${i}`);
-      expect(doc.bar.status).toBe(`migrated_${i}`);
-      expect(doc.typeMigrationVersion).toBe('7.14.0');
+  } else {
+    it('skips the test when running in FIPS mode since the data archives cause the es nodes to run with a basic license', () => {
+      expect(getFips()).toBe(1);
     });
-  });
+  }
 });
diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts
index df809d8c4c173..9f970ed234d71 100644
--- a/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts
+++ b/src/core/server/integration_tests/saved_objects/migrations/group3/read_batch_size.test.ts
@@ -15,6 +15,7 @@ import {
 } from '@kbn/core-test-helpers-kbn-server';
 import { clearLog, readLog, startElasticsearch } from '../kibana_migrator_test_kit';
 import { delay } from '../test_utils';
+import { getFips } from 'crypto';
 
 const logFilePath = join(__dirname, 'read_batch_size.log');
 
@@ -36,33 +37,39 @@ describe('migration v2 - read batch size', () => {
     await delay(5); // give it a few seconds... cause we always do ¯\_(ツ)_/¯
   });
 
-  it('reduces the read batchSize in half if a batch exceeds maxReadBatchSizeBytes', async () => {
-    root = createRoot({ maxReadBatchSizeBytes: 15000 });
-    await root.preboot();
-    await root.setup();
-    await root.start();
+  if (getFips() === 0) {
+    it('reduces the read batchSize in half if a batch exceeds maxReadBatchSizeBytes', async () => {
+      root = createRoot({ maxReadBatchSizeBytes: 15000 });
+      await root.preboot();
+      await root.setup();
+      await root.start();
 
-    // Check for migration steps present in the logs
-    logs = await readLog(logFilePath);
+      // Check for migration steps present in the logs
+      logs = await readLog(logFilePath);
 
-    expect(logs).toMatch(
-      /Read a batch with a response content length of \d+ bytes which exceeds migrations\.maxReadBatchSizeBytes, retrying by reducing the batch size in half to 15/
-    );
-    expect(logs).toMatch('[.kibana] Migration completed');
-  });
+      expect(logs).toMatch(
+        /Read a batch with a response content length of \d+ bytes which exceeds migrations\.maxReadBatchSizeBytes, retrying by reducing the batch size in half to 15/
+      );
+      expect(logs).toMatch('[.kibana] Migration completed');
+    });
 
-  it('does not reduce the read batchSize in half if no batches exceeded maxReadBatchSizeBytes', async () => {
-    root = createRoot({ maxReadBatchSizeBytes: 50000 });
-    await root.preboot();
-    await root.setup();
-    await root.start();
+    it('does not reduce the read batchSize in half if no batches exceeded maxReadBatchSizeBytes', async () => {
+      root = createRoot({ maxReadBatchSizeBytes: 50000 });
+      await root.preboot();
+      await root.setup();
+      await root.start();
 
-    // Check for migration steps present in the logs
-    logs = await readLog(logFilePath);
+      // Check for migration steps present in the logs
+      logs = await readLog(logFilePath);
 
-    expect(logs).not.toMatch('retrying by reducing the batch size in half to');
-    expect(logs).toMatch('[.kibana] Migration completed');
-  });
+      expect(logs).not.toMatch('retrying by reducing the batch size in half to');
+      expect(logs).toMatch('[.kibana] Migration completed');
+    });
+  } else {
+    it('cannot run tests with dataArchives that have a basic licesne in FIPS mode', () => {
+      expect(getFips()).toBe(1);
+    });
+  }
 });
 
 function createRoot({ maxReadBatchSizeBytes }: { maxReadBatchSizeBytes?: number }) {
diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
index ba06073e454a9..3ceba522d08cb 100644
--- a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
+++ b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
@@ -115,6 +115,7 @@ const previouslyRegisteredTypes = [
   'osquery-usage-metric',
   'osquery-manager-usage-metric',
   'policy-settings-protection-updates-note',
+  'product-doc-install-status',
   'query',
   'rules-settings',
   'sample-data-telemetry',
diff --git a/src/core/server/integration_tests/saved_objects/serverless/migrations/smoke.test.ts b/src/core/server/integration_tests/saved_objects/serverless/migrations/smoke.test.ts
index e76bbd8d2d65b..27af749593e70 100644
--- a/src/core/server/integration_tests/saved_objects/serverless/migrations/smoke.test.ts
+++ b/src/core/server/integration_tests/saved_objects/serverless/migrations/smoke.test.ts
@@ -13,28 +13,35 @@ import {
   TestServerlessKibanaUtils,
   createTestServerlessInstances,
 } from '@kbn/core-test-helpers-kbn-server';
+import { getFips } from 'crypto';
 
-describe('Basic smoke test', () => {
+describe('Basic smoke test', function () {
   let serverlessES: TestServerlessESUtils;
   let serverlessKibana: TestServerlessKibanaUtils;
   let root: TestServerlessKibanaUtils['root'];
 
-  beforeEach(async () => {
-    const { startES, startKibana } = createTestServerlessInstances({
-      adjustTimeout: jest.setTimeout,
+  if (getFips() === 0) {
+    beforeEach(async () => {
+      const { startES, startKibana } = createTestServerlessInstances({
+        adjustTimeout: jest.setTimeout,
+      });
+      serverlessES = await startES();
+      serverlessKibana = await startKibana();
+      root = serverlessKibana.root;
     });
-    serverlessES = await startES();
-    serverlessKibana = await startKibana();
-    root = serverlessKibana.root;
-  });
 
-  afterEach(async () => {
-    await serverlessES?.stop();
-    await serverlessKibana?.stop();
-  });
+    afterEach(async () => {
+      await serverlessES?.stop();
+      await serverlessKibana?.stop();
+    });
 
-  test('it can start Kibana running against serverless ES', async () => {
-    const { body } = await request.get(root, '/api/status').expect(200);
-    expect(body).toMatchObject({ status: { overall: { level: 'available' } } });
-  });
+    test('it can start Kibana running against serverless ES', async () => {
+      const { body } = await request.get(root, '/api/status').expect(200);
+      expect(body).toMatchObject({ status: { overall: { level: 'available' } } });
+    });
+  } else {
+    test('FIPS is enabled, serverless doesnt like the config overrides', () => {
+      expect(getFips()).toBe(1);
+    });
+  }
 });
diff --git a/src/dev/build/lib/integration_tests/fs.test.ts b/src/dev/build/lib/integration_tests/fs.test.ts
index 2b1adac411f65..4a24da0e0b5f6 100644
--- a/src/dev/build/lib/integration_tests/fs.test.ts
+++ b/src/dev/build/lib/integration_tests/fs.test.ts
@@ -13,6 +13,7 @@ import { chmodSync, statSync } from 'fs';
 import del from 'del';
 
 import { mkdirp, write, read, getChildPaths, copyAll, getFileHash, untar, gunzip } from '../fs';
+import { getFips } from 'crypto';
 
 const TMP = resolve(__dirname, '../__tmp__');
 const FIXTURES = resolve(__dirname, '../__fixtures__');
@@ -266,9 +267,12 @@ describe('getFileHash()', () => {
       '7d865e959b2466918c9863afca942d0fb89d7c9ac0c99bafc3749504ded97730'
     );
   });
-  it('resolves with the md5 hash of a file', async () => {
-    expect(await getFileHash(BAR_TXT_PATH, 'md5')).toBe('c157a79031e1c40f85931829bc5fc552');
-  });
+
+  if (getFips() !== 1) {
+    it('resolves with the md5 hash of a file', async () => {
+      expect(await getFileHash(BAR_TXT_PATH, 'md5')).toBe('c157a79031e1c40f85931829bc5fc552');
+    });
+  }
 });
 
 describe('untar()', () => {
diff --git a/src/dev/license_checker/config.ts b/src/dev/license_checker/config.ts
index 91c3903a279d0..0605429b326ef 100644
--- a/src/dev/license_checker/config.ts
+++ b/src/dev/license_checker/config.ts
@@ -87,7 +87,8 @@ export const LICENSE_OVERRIDES = {
   'jsts@1.6.2': ['Eclipse Distribution License - v 1.0'], // cf. https://github.com/bjornharrtell/jsts
   '@mapbox/jsonlint-lines-primitives@2.0.2': ['MIT'], // license in readme https://github.com/tmcw/jsonlint
   '@elastic/ems-client@8.5.3': ['Elastic License 2.0'],
-  '@elastic/eui@97.3.1': ['Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0'],
+  '@elastic/eui@97.3.1-borealis.2': ['Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0'],
+  '@elastic/eui-theme-borealis@0.0.2': ['Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0'],
   'language-subtag-registry@0.3.21': ['CC-BY-4.0'], // retired ODC‑By license https://github.com/mattcg/language-subtag-registry
   'buffers@0.1.1': ['MIT'], // license in importing module https://www.npmjs.com/package/binary
   '@bufbuild/protobuf@1.2.1': ['Apache-2.0'], // license (Apache-2.0 AND BSD-3-Clause)
diff --git a/src/plugins/data_views/server/fetcher/lib/es_api.ts b/src/plugins/data_views/server/fetcher/lib/es_api.ts
index c5a85267c0e55..c7c3a8c6736bd 100644
--- a/src/plugins/data_views/server/fetcher/lib/es_api.ts
+++ b/src/plugins/data_views/server/fetcher/lib/es_api.ts
@@ -94,7 +94,10 @@ export async function callFieldCapsApi(params: FieldCapsApiParams) {
     );
   } catch (error) {
     // return an empty set for closed indices
-    if (error.message.startsWith('cluster_block_exception')) {
+    if (
+      error.message.startsWith('index_closed_exception') ||
+      error.message.startsWith('cluster_block_exception')
+    ) {
       return { body: { indices: [], fields: {} } };
     }
     throw convertEsError(indices, error);
diff --git a/src/plugins/files/server/blob_storage_service/adapters/es/integration_tests/es.test.ts b/src/plugins/files/server/blob_storage_service/adapters/es/integration_tests/es.test.ts
index afbae27ec367d..ab440e60629b5 100644
--- a/src/plugins/files/server/blob_storage_service/adapters/es/integration_tests/es.test.ts
+++ b/src/plugins/files/server/blob_storage_service/adapters/es/integration_tests/es.test.ts
@@ -27,10 +27,13 @@ describe('Elasticsearch blob storage', () => {
 
   beforeAll(async () => {
     ElasticsearchBlobStorageClient.configureConcurrentTransfers(Infinity);
-    const { startES, startKibana } = createTestServers({ adjustTimeout: jest.setTimeout });
+
+    const { startES, startKibana } = createTestServers({
+      adjustTimeout: jest.setTimeout,
+    });
     manageES = await startES();
     manageKbn = await startKibana();
-    esClient = manageKbn.coreStart.elasticsearch.client.asInternalUser;
+    esClient = manageKbn.coreStart.elasticsearch.createClient('es.test').asInternalUser;
   });
 
   afterAll(async () => {
diff --git a/src/plugins/files/server/file_client/create_es_file_client.ts b/src/plugins/files/server/file_client/create_es_file_client.ts
index ddfcfc0833e80..3302e878c3631 100644
--- a/src/plugins/files/server/file_client/create_es_file_client.ts
+++ b/src/plugins/files/server/file_client/create_es_file_client.ts
@@ -8,6 +8,7 @@
  */
 
 import type { Logger, ElasticsearchClient } from '@kbn/core/server';
+import { getFips } from 'crypto';
 import { ElasticsearchBlobStorageClient } from '../blob_storage_service';
 import { FileClientImpl } from './file_client';
 import type { FileClient } from './types';
@@ -66,12 +67,18 @@ export function createEsFileClient(arg: CreateEsFileClientArgs): FileClient {
     maxSizeBytes,
     indexIsAlias,
   } = arg;
+
+  let hashes: Array<'sha1' | 'sha256' | 'sha512' | 'md5'> = ['sha1', 'sha256', 'sha512'];
+  if (getFips() !== 1) {
+    hashes = ['md5', ...hashes];
+  }
+
   return new FileClientImpl(
     {
       id: NO_FILE_KIND,
       http: {},
       maxSizeBytes,
-      hashes: ['md5', 'sha1', 'sha256', 'sha512'],
+      hashes,
     },
     new EsIndexFilesMetadataClient(metadataIndex, elasticsearchClient, logger, indexIsAlias),
     new ElasticsearchBlobStorageClient(
diff --git a/src/plugins/files/server/file_client/integration_tests/es_file_client.test.ts b/src/plugins/files/server/file_client/integration_tests/es_file_client.test.ts
index 3492db16ee1a9..16fd2e535763b 100644
--- a/src/plugins/files/server/file_client/integration_tests/es_file_client.test.ts
+++ b/src/plugins/files/server/file_client/integration_tests/es_file_client.test.ts
@@ -13,6 +13,7 @@ import { TestEnvironmentUtils, setupIntegrationEnvironment } from '../../test_ut
 import { createEsFileClient } from '../create_es_file_client';
 import { FileClient } from '../types';
 import { FileMetadata } from '../../../common';
+import { getFips } from 'crypto';
 
 describe('ES-index-backed file client', () => {
   let esClient: TestEnvironmentUtils['esClient'];
@@ -107,13 +108,21 @@ describe('ES-index-backed file client', () => {
     });
     await file.uploadContent(Readable.from([Buffer.from('test')]));
 
-    expect(file.toJSON().hash).toStrictEqual({
-      md5: '098f6bcd4621d373cade4e832627b4f6',
+    let expected: Record<string, string> = {
       sha1: 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3',
       sha256: '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08',
       sha512:
         'ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff',
-    });
+    };
+
+    if (getFips() !== 1) {
+      expected = {
+        md5: '098f6bcd4621d373cade4e832627b4f6',
+        ...expected,
+      };
+    }
+
+    expect(file.toJSON().hash).toStrictEqual(expected);
 
     await deleteFile({ id: file.id, hasContent: true });
   });
diff --git a/src/plugins/files/server/file_client/stream_transforms/file_hash_transform/file_hash_transform.test.ts b/src/plugins/files/server/file_client/stream_transforms/file_hash_transform/file_hash_transform.test.ts
index f0801cf763dd0..18f0cd6184e71 100644
--- a/src/plugins/files/server/file_client/stream_transforms/file_hash_transform/file_hash_transform.test.ts
+++ b/src/plugins/files/server/file_client/stream_transforms/file_hash_transform/file_hash_transform.test.ts
@@ -24,6 +24,8 @@ import { BlobStorageService } from '../../../blob_storage_service';
 import { InternalFileShareService } from '../../../file_share_service';
 import { InternalFileService } from '../../../file_service/internal_file_service';
 
+import { getFips } from 'crypto';
+
 describe('When using the FileHashTransform', () => {
   let file: IFile;
   let fileContent: Readable;
@@ -75,23 +77,25 @@ describe('When using the FileHashTransform', () => {
     expect(() => fileHash.getFileHash()).toThrow('File hash generation not yet complete');
   });
 
-  it.each([
-    ['md5', '098f6bcd4621d373cade4e832627b4f6'],
-    ['sha1', 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'],
-    ['sha256', '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08'],
-    [
-      'sha512',
-      'ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff',
-    ],
-  ] as Array<[SupportedFileHashAlgorithm, string]>)(
-    'should generate file hash using algorithm: %s',
-    async (algorithm, expectedHash) => {
-      const fileHash = createFileHashTransform(algorithm);
-      await file.uploadContent(fileContent, undefined, {
-        transforms: [fileHash],
-      });
+  describe('algorithms', function () {
+    it.each([
+      ...(getFips() !== 1 ? [['md5', '098f6bcd4621d373cade4e832627b4f6']] : []),
+      ['sha1', 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'],
+      ['sha256', '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08'],
+      [
+        'sha512',
+        'ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff',
+      ],
+    ] as Array<[SupportedFileHashAlgorithm, string]>)(
+      'should generate file hash using algorithm: %s',
+      async (algorithm, expectedHash) => {
+        const fileHash = createFileHashTransform(algorithm);
+        await file.uploadContent(fileContent, undefined, {
+          transforms: [fileHash],
+        });
 
-      expect(fileHash.getFileHash()).toEqual({ algorithm, value: expectedHash });
-    }
-  );
+        expect(fileHash.getFileHash()).toEqual({ algorithm, value: expectedHash });
+      }
+    );
+  });
 });
diff --git a/src/plugins/home/kibana.jsonc b/src/plugins/home/kibana.jsonc
index deef8ba61fd73..55939278b6746 100644
--- a/src/plugins/home/kibana.jsonc
+++ b/src/plugins/home/kibana.jsonc
@@ -2,7 +2,7 @@
   "type": "plugin",
   "id": "@kbn/home-plugin",
   "owner": [
-    "@elastic/kibana-core"
+    "@elastic/appex-sharedux"
   ],
   "group": "platform",
   "visibility": "shared",
@@ -25,4 +25,4 @@
       "kibanaReact"
     ]
   }
-}
\ No newline at end of file
+}
diff --git a/src/plugins/home/public/application/components/_solutions_section.scss b/src/plugins/home/public/application/components/_solutions_section.scss
index 93da045674261..0874790689779 100644
--- a/src/plugins/home/public/application/components/_solutions_section.scss
+++ b/src/plugins/home/public/application/components/_solutions_section.scss
@@ -24,6 +24,6 @@
   }
 
   &--securitySolution img {
-    background-color: $euiColorSuccess;
+    background-color: $euiColorAccentSecondary;
   }
 }
diff --git a/src/plugins/saved_objects/public/index.ts b/src/plugins/saved_objects/public/index.ts
index 6d7a013cf59ca..c0c8ae33f6b92 100644
--- a/src/plugins/saved_objects/public/index.ts
+++ b/src/plugins/saved_objects/public/index.ts
@@ -11,7 +11,7 @@ import { SavedObjectsPublicPlugin } from './plugin';
 
 export type { OnSaveProps, OriginSaveModalProps, SaveModalState, SaveResult } from './save_modal';
 export { SavedObjectSaveModal, SavedObjectSaveModalOrigin, showSaveModal } from './save_modal';
-export { checkForDuplicateTitle, saveWithConfirmation, isErrorNonFatal } from './saved_object';
+export { isErrorNonFatal } from './saved_object';
 export type { SavedObjectSaveOpts, SavedObject, SavedObjectConfig } from './types';
 
 export const plugin = () => new SavedObjectsPublicPlugin();
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/apply_es_resp.ts b/src/plugins/saved_objects/public/saved_object/helpers/apply_es_resp.ts
deleted file mode 100644
index 1bd1a7de29ec8..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/apply_es_resp.ts
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { cloneDeep, defaults, forOwn, assign } from 'lodash';
-import { SavedObjectNotFound } from '@kbn/kibana-utils-plugin/public';
-import { injectSearchSourceReferences, parseSearchSourceJSON } from '@kbn/data-plugin/public';
-import type { DataView } from '@kbn/data-views-plugin/public';
-import { EsResponse, SavedObject, SavedObjectConfig, SavedObjectKibanaServices } from '../../types';
-import { expandShorthand } from './field_mapping';
-
-/**
- * A given response of and ElasticSearch containing a plain saved object is applied to the given
- * savedObject
- */
-export async function applyESResp(
-  resp: EsResponse,
-  savedObject: SavedObject,
-  config: SavedObjectConfig,
-  dependencies: SavedObjectKibanaServices
-) {
-  const mapping = expandShorthand(config.mapping ?? {});
-  const savedObjectType = config.type || '';
-  savedObject._source = cloneDeep(resp._source);
-  if (typeof resp.found === 'boolean' && !resp.found) {
-    throw new SavedObjectNotFound(savedObjectType, savedObject.id || '');
-  }
-
-  const meta = resp._source.kibanaSavedObjectMeta || {};
-  delete resp._source.kibanaSavedObjectMeta;
-
-  if (!config.indexPattern && savedObject._source.indexPattern) {
-    config.indexPattern = savedObject._source.indexPattern as DataView;
-    delete savedObject._source.indexPattern;
-  }
-
-  // assign the defaults to the response
-  defaults(savedObject._source, savedObject.defaults);
-
-  // transform the source using _deserializers
-  forOwn(mapping, (fieldMapping, fieldName) => {
-    if (fieldMapping._deserialize && typeof fieldName === 'string') {
-      savedObject._source[fieldName] = fieldMapping._deserialize(
-        savedObject._source[fieldName] as string
-      );
-    }
-  });
-
-  // Give obj all of the values in _source.fields
-  assign(savedObject, savedObject._source);
-  savedObject.lastSavedTitle = savedObject.title;
-
-  if (meta.searchSourceJSON) {
-    try {
-      let searchSourceValues = parseSearchSourceJSON(meta.searchSourceJSON);
-
-      if (config.searchSource) {
-        searchSourceValues = injectSearchSourceReferences(
-          searchSourceValues as any,
-          resp.references
-        );
-        savedObject.searchSource = await dependencies.search.searchSource.create(
-          searchSourceValues
-        );
-      } else {
-        savedObject.searchSourceFields = searchSourceValues;
-      }
-    } catch (error) {
-      if (
-        error.constructor.name === 'SavedObjectNotFound' &&
-        error.savedObjectType === 'index-pattern'
-      ) {
-        // if parsing the search source fails because the index pattern wasn't found,
-        // remember the reference - this is required for error handling on legacy imports
-        savedObject.unresolvedIndexPatternReference = {
-          name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
-          id: JSON.parse(meta.searchSourceJSON).index,
-          type: 'index-pattern',
-        };
-      }
-
-      throw error;
-    }
-  }
-
-  const injectReferences = config.injectReferences;
-  if (injectReferences && resp.references && resp.references.length > 0) {
-    injectReferences(savedObject, resp.references);
-  }
-
-  if (typeof config.afterESResp === 'function') {
-    savedObject = await config.afterESResp(savedObject);
-  }
-
-  return savedObject;
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/check_for_duplicate_title.ts b/src/plugins/saved_objects/public/saved_object/helpers/check_for_duplicate_title.ts
deleted file mode 100644
index 78f7a5cb31d8e..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/check_for_duplicate_title.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { SavedObject, SavedObjectKibanaServices, StartServices } from '../../types';
-import { findObjectByTitle } from './find_object_by_title';
-import { SAVE_DUPLICATE_REJECTED } from '../../constants';
-import { displayDuplicateTitleConfirmModal } from './display_duplicate_title_confirm_modal';
-
-/**
- * check for an existing SavedObject with the same title in ES
- * returns Promise<true> when it's no duplicate, or the modal displaying the warning
- * that's there's a duplicate is confirmed, else it returns a rejected Promise<ErrorMsg>
- * @param savedObject
- * @param isTitleDuplicateConfirmed
- * @param onTitleDuplicate
- * @param services
- * @param startServices
- */
-export async function checkForDuplicateTitle(
-  savedObject: Pick<
-    SavedObject,
-    'id' | 'title' | 'getDisplayName' | 'lastSavedTitle' | 'copyOnSave' | 'getEsType'
-  >,
-  isTitleDuplicateConfirmed: boolean,
-  onTitleDuplicate: (() => void) | undefined,
-  services: Pick<SavedObjectKibanaServices, 'savedObjectsClient' | 'overlays'>,
-  startServices: StartServices
-): Promise<true> {
-  const { savedObjectsClient, overlays } = services;
-  // Don't check for duplicates if user has already confirmed save with duplicate title
-  if (isTitleDuplicateConfirmed) {
-    return true;
-  }
-
-  // Don't check if the user isn't updating the title, otherwise that would become very annoying to have
-  // to confirm the save every time, except when copyOnSave is true, then we do want to check.
-  if (savedObject.title === savedObject.lastSavedTitle && !savedObject.copyOnSave) {
-    return true;
-  }
-
-  const duplicate = await findObjectByTitle(
-    savedObjectsClient,
-    savedObject.getEsType(),
-    savedObject.title
-  );
-
-  if (!duplicate || duplicate.id === savedObject.id) {
-    return true;
-  }
-
-  if (onTitleDuplicate) {
-    onTitleDuplicate();
-    return Promise.reject(new Error(SAVE_DUPLICATE_REJECTED));
-  }
-
-  // TODO: make onTitleDuplicate a required prop and remove UI components from this class
-  // Need to leave here until all users pass onTitleDuplicate.
-  return displayDuplicateTitleConfirmModal(savedObject, overlays, startServices);
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/confirm_modal_promise.tsx b/src/plugins/saved_objects/public/saved_object/helpers/confirm_modal_promise.tsx
deleted file mode 100644
index afdafaa5483c3..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/confirm_modal_promise.tsx
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import React from 'react';
-import { CoreStart, OverlayStart } from '@kbn/core/public';
-import { i18n } from '@kbn/i18n';
-import { EuiConfirmModal } from '@elastic/eui';
-import { toMountPoint } from '@kbn/react-kibana-mount';
-
-type StartServices = Pick<CoreStart, 'analytics' | 'i18n' | 'theme'>;
-
-export function confirmModalPromise(
-  message = '',
-  title = '',
-  confirmBtnText = '',
-  overlays: OverlayStart,
-  startServices: StartServices
-): Promise<true> {
-  return new Promise((resolve, reject) => {
-    const cancelButtonText = i18n.translate('savedObjects.confirmModal.cancelButtonLabel', {
-      defaultMessage: 'Cancel',
-    });
-
-    const modal = overlays.openModal(
-      toMountPoint(
-        <EuiConfirmModal
-          onCancel={() => {
-            modal.close();
-            reject();
-          }}
-          onConfirm={() => {
-            modal.close();
-            resolve(true);
-          }}
-          confirmButtonText={confirmBtnText}
-          cancelButtonText={cancelButtonText}
-          title={title}
-        >
-          {message}
-        </EuiConfirmModal>,
-        startServices
-      )
-    );
-  });
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/create_source.ts b/src/plugins/saved_objects/public/saved_object/helpers/create_source.ts
deleted file mode 100644
index 42d3c956cdad2..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/create_source.ts
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { get } from 'lodash';
-import { i18n } from '@kbn/i18n';
-import { SavedObjectAttributes } from '@kbn/core/public';
-import { SavedObject, SavedObjectKibanaServices, StartServices } from '../../types';
-import { OVERWRITE_REJECTED } from '../../constants';
-import { confirmModalPromise } from './confirm_modal_promise';
-
-/**
- * Attempts to create the current object using the serialized source. If an object already
- * exists, a warning message requests an overwrite confirmation.
- * @param source - serialized version of this object (return value from this._serialize())
- * What will be indexed into elasticsearch.
- * @param savedObject - savedObject
- * @param esType - type of the saved object
- * @param options - options to pass to the saved object create method
- * @param services - provides Kibana services savedObjectsClient and overlays
- * @returns {Promise} - A promise that is resolved with the objects id if the object is
- * successfully indexed. If the overwrite confirmation was rejected, an error is thrown with
- * a confirmRejected = true parameter so that case can be handled differently than
- * a create or index error.
- * @resolved {SavedObject}
- */
-export async function createSource(
-  source: SavedObjectAttributes,
-  savedObject: SavedObject,
-  esType: string,
-  options = {},
-  services: SavedObjectKibanaServices,
-  startServices: StartServices
-) {
-  const { savedObjectsClient, overlays } = services;
-  try {
-    return await savedObjectsClient.create(esType, source, options);
-  } catch (err) {
-    // record exists, confirm overwriting
-    if (get(err, 'res.status') === 409) {
-      const confirmMessage = i18n.translate(
-        'savedObjects.confirmModal.overwriteConfirmationMessage',
-        {
-          defaultMessage: 'Are you sure you want to overwrite {title}?',
-          values: { title: savedObject.title },
-        }
-      );
-
-      const title = i18n.translate('savedObjects.confirmModal.overwriteTitle', {
-        defaultMessage: 'Overwrite {name}?',
-        values: { name: savedObject.getDisplayName() },
-      });
-      const confirmButtonText = i18n.translate('savedObjects.confirmModal.overwriteButtonLabel', {
-        defaultMessage: 'Overwrite',
-      });
-
-      return confirmModalPromise(confirmMessage, title, confirmButtonText, overlays, startServices)
-        .then(() =>
-          savedObjectsClient.create(
-            esType,
-            source,
-            savedObject.creationOpts({ overwrite: true, ...options })
-          )
-        )
-        .catch(() => Promise.reject(new Error(OVERWRITE_REJECTED)));
-    }
-    return await Promise.reject(err);
-  }
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/display_duplicate_title_confirm_modal.ts b/src/plugins/saved_objects/public/saved_object/helpers/display_duplicate_title_confirm_modal.ts
deleted file mode 100644
index 3dec7f93f1d19..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/display_duplicate_title_confirm_modal.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { i18n } from '@kbn/i18n';
-import { OverlayStart } from '@kbn/core/public';
-import { SAVE_DUPLICATE_REJECTED } from '../../constants';
-import { confirmModalPromise } from './confirm_modal_promise';
-import { SavedObject, StartServices } from '../../types';
-
-export function displayDuplicateTitleConfirmModal(
-  savedObject: Pick<SavedObject, 'title' | 'getDisplayName'>,
-  overlays: OverlayStart,
-  startServices: StartServices
-): Promise<true> {
-  const confirmMessage = i18n.translate(
-    'savedObjects.confirmModal.saveDuplicateConfirmationMessage',
-    {
-      defaultMessage: `A {name} with the title ''{title}'' already exists. Would you like to save anyway?`,
-      values: { title: savedObject.title, name: savedObject.getDisplayName() },
-    }
-  );
-
-  const confirmButtonText = i18n.translate('savedObjects.confirmModal.saveDuplicateButtonLabel', {
-    defaultMessage: 'Save {name}',
-    values: { name: savedObject.getDisplayName() },
-  });
-  try {
-    return confirmModalPromise(confirmMessage, '', confirmButtonText, overlays, startServices);
-  } catch (_) {
-    return Promise.reject(new Error(SAVE_DUPLICATE_REJECTED));
-  }
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/index.ts b/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/index.ts
deleted file mode 100644
index 850352da2b188..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/index.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-export type { FieldMappingSpec, MappingObject } from './types';
-export { expandShorthand } from './mapping_setup';
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/mapping_setup.test.ts b/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/mapping_setup.test.ts
deleted file mode 100644
index dbf7d5c38eec3..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/mapping_setup.test.ts
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { expandShorthand } from './mapping_setup';
-import { ES_FIELD_TYPES } from '@kbn/data-plugin/public';
-
-describe('mapping_setup', () => {
-  it('allows shortcuts for field types by just setting the value to the type name', () => {
-    const mapping = expandShorthand({ foo: ES_FIELD_TYPES.BOOLEAN });
-
-    expect(mapping.foo.type).toBe('boolean');
-  });
-
-  it('can set type as an option', () => {
-    const mapping = expandShorthand({ foo: { type: ES_FIELD_TYPES.INTEGER } });
-
-    expect(mapping.foo.type).toBe('integer');
-  });
-
-  describe('when type is json', () => {
-    it('returned object is type text', () => {
-      const mapping = expandShorthand({ foo: 'json' });
-
-      expect(mapping.foo.type).toBe('text');
-    });
-
-    it('returned object has _serialize function', () => {
-      const mapping = expandShorthand({ foo: 'json' });
-
-      expect(mapping.foo._serialize).toBeInstanceOf(Function);
-    });
-
-    it('returned object has _deserialize function', () => {
-      const mapping = expandShorthand({ foo: 'json' });
-
-      expect(mapping.foo._serialize).toBeInstanceOf(Function);
-    });
-  });
-});
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/mapping_setup.ts b/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/mapping_setup.ts
deleted file mode 100644
index cc4de351eb3c0..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/mapping_setup.ts
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { mapValues, isString } from 'lodash';
-import { ES_FIELD_TYPES } from '@kbn/data-plugin/public';
-import { FieldMappingSpec, MappingObject } from './types';
-
-// import from ./common/types to prevent circular dependency of kibana_utils <-> data plugin
-
-/** @private */
-type ShorthandFieldMapObject = FieldMappingSpec | ES_FIELD_TYPES | 'json';
-
-/** @public */
-export const expandShorthand = (sh: Record<string, ShorthandFieldMapObject>): MappingObject => {
-  return mapValues(sh, (val: ShorthandFieldMapObject) => {
-    const fieldMap = isString(val) ? { type: val } : val;
-    const json: FieldMappingSpec = {
-      type: ES_FIELD_TYPES.TEXT,
-      _serialize(v) {
-        if (v) return JSON.stringify(v);
-      },
-      _deserialize(v) {
-        if (v) return JSON.parse(v);
-      },
-    };
-
-    return fieldMap.type === 'json' ? json : fieldMap;
-  }) as MappingObject;
-};
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/types.ts b/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/types.ts
deleted file mode 100644
index 4a1b3e0d3892d..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/field_mapping/types.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { ES_FIELD_TYPES } from '@kbn/data-plugin/public';
-
-/** @public */
-export interface FieldMappingSpec {
-  type: ES_FIELD_TYPES;
-  _serialize?: (mapping: any) => string | undefined;
-  _deserialize?: (mapping: string) => any | undefined;
-}
-
-/** @public */
-export type MappingObject = Record<string, FieldMappingSpec>;
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.test.ts b/src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.test.ts
deleted file mode 100644
index c570165ae1f81..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.test.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { findObjectByTitle } from './find_object_by_title';
-import { SavedObjectsClientContract, SavedObject } from '@kbn/core/public';
-import { simpleSavedObjectMock } from '@kbn/core/public/mocks';
-
-describe('findObjectByTitle', () => {
-  const savedObjectsClient: SavedObjectsClientContract = {} as SavedObjectsClientContract;
-
-  beforeEach(() => {
-    savedObjectsClient.find = jest.fn();
-  });
-
-  it('returns undefined if title is not provided', async () => {
-    const match = await findObjectByTitle(savedObjectsClient, 'index-pattern', '');
-    expect(match).toBeUndefined();
-  });
-
-  it('matches any case', async () => {
-    const indexPattern = simpleSavedObjectMock.create(savedObjectsClient, {
-      attributes: { title: 'foo' },
-    } as SavedObject);
-    savedObjectsClient.find = jest.fn().mockImplementation(() =>
-      Promise.resolve({
-        savedObjects: [indexPattern],
-      })
-    );
-    const match = await findObjectByTitle(savedObjectsClient, 'index-pattern', 'FOO');
-    expect(match).toEqual(indexPattern);
-  });
-});
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.ts b/src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.ts
deleted file mode 100644
index 2ec7cf89d7d34..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/find_object_by_title.ts
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import {
-  SavedObjectsClientContract,
-  SimpleSavedObject,
-  SavedObjectAttributes,
-} from '@kbn/core/public';
-
-/**
- * Returns an object matching a given title
- *
- * @param savedObjectsClient {SavedObjectsClientContract}
- * @param type {string}
- * @param title {string}
- * @returns {Promise<SimpleSavedObject|undefined>}
- */
-export async function findObjectByTitle<T extends SavedObjectAttributes>(
-  savedObjectsClient: SavedObjectsClientContract,
-  type: string,
-  title: string
-): Promise<SimpleSavedObject<T> | void> {
-  if (!title) {
-    return;
-  }
-
-  // Elastic search will return the most relevant results first, which means exact matches should come
-  // first, and so we shouldn't need to request everything. Using 10 just to be on the safe side.
-  const response = await savedObjectsClient.find<T>({
-    type,
-    perPage: 10,
-    search: `"${title}"`,
-    searchFields: ['title'],
-    fields: ['title'],
-  });
-  return response.savedObjects.find(
-    (obj) => obj.get('title').toLowerCase() === title.toLowerCase()
-  );
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/hydrate_index_pattern.ts b/src/plugins/saved_objects/public/saved_object/helpers/hydrate_index_pattern.ts
deleted file mode 100644
index 42de37dcb71d1..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/hydrate_index_pattern.ts
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { DataViewsContract } from '@kbn/data-views-plugin/public';
-import { SavedObject, SavedObjectConfig } from '../../types';
-
-/**
- * After creation or fetching from ES, ensure that the searchSources index indexPattern
- * is an bonafide IndexPattern object.
- *
- * @return {Promise<IndexPattern | null>}
- */
-export async function hydrateIndexPattern(
-  id: string,
-  savedObject: SavedObject,
-  dataViews: DataViewsContract,
-  config: SavedObjectConfig
-) {
-  const indexPattern = config.indexPattern;
-
-  if (!savedObject.searchSource) {
-    return null;
-  }
-
-  const index = id || indexPattern || savedObject.searchSource.getOwnField('index');
-
-  if (typeof index !== 'string' || !index) {
-    return null;
-  }
-
-  const indexObj = await dataViews.get(index);
-  savedObject.searchSource.setField('index', indexObj);
-  return indexObj;
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/initialize_saved_object.ts b/src/plugins/saved_objects/public/saved_object/helpers/initialize_saved_object.ts
deleted file mode 100644
index a7428156176a5..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/initialize_saved_object.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { cloneDeep, assign } from 'lodash';
-import { SavedObjectsClientContract } from '@kbn/core/public';
-import { SavedObject, SavedObjectConfig } from '../../types';
-
-/**
- * Initialize saved object
- */
-export async function intializeSavedObject(
-  savedObject: SavedObject,
-  savedObjectsClient: SavedObjectsClientContract,
-  config: SavedObjectConfig
-) {
-  const esType = config.type;
-  // ensure that the esType is defined
-  if (!esType) throw new Error('You must define a type name to use SavedObject objects.');
-
-  if (!savedObject.id) {
-    // just assign the defaults and be done
-    assign(savedObject, savedObject.defaults);
-    await savedObject.hydrateIndexPattern!();
-    if (typeof config.afterESResp === 'function') {
-      savedObject = await config.afterESResp(savedObject);
-    }
-    return savedObject;
-  }
-
-  const resp = await savedObjectsClient.get(esType, savedObject.id);
-  const respMapped = {
-    _id: resp.id,
-    _type: resp.type,
-    _source: cloneDeep(resp.attributes),
-    references: resp.references,
-    found: !!resp._version,
-  };
-  await savedObject.applyESResp(respMapped);
-  if (typeof config.init === 'function') {
-    await config.init.call(savedObject);
-  }
-
-  return savedObject;
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/save_saved_object.ts b/src/plugins/saved_objects/public/saved_object/helpers/save_saved_object.ts
index 76ac6bc3c0b33..429a96eb19f46 100644
--- a/src/plugins/saved_objects/public/saved_object/helpers/save_saved_object.ts
+++ b/src/plugins/saved_objects/public/saved_object/helpers/save_saved_object.ts
@@ -7,118 +7,13 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import {
-  SavedObject,
-  SavedObjectConfig,
-  SavedObjectKibanaServices,
-  SavedObjectSaveOpts,
-  StartServices,
-} from '../../types';
 import { OVERWRITE_REJECTED, SAVE_DUPLICATE_REJECTED } from '../../constants';
-import { createSource } from './create_source';
-import { checkForDuplicateTitle } from './check_for_duplicate_title';
 
 /**
  * @param error {Error} the error
  * @return {boolean}
  */
-export function isErrorNonFatal(error: { message: string }) {
+export function isErrorNonFatal(error: { message: string }): boolean {
   if (!error) return false;
   return error.message === OVERWRITE_REJECTED || error.message === SAVE_DUPLICATE_REJECTED;
 }
-
-/**
- * Saves this object.
- *
- * @param {string} [esType]
- * @param {SavedObject} [savedObject]
- * @param {SavedObjectConfig} [config]
- * @param {object} [options={}]
- * @property {boolean} [options.confirmOverwrite=false] - If true, attempts to create the source so it
- * can confirm an overwrite if a document with the id already exists.
- * @property {boolean} [options.isTitleDuplicateConfirmed=false] - If true, save allowed with duplicate title
- * @property {func} [options.onTitleDuplicate] - function called if duplicate title exists.
- * When not provided, confirm modal will be displayed asking user to confirm or cancel save.
- * @param {SavedObjectKibanaServices} [services]
- * @param {StartServices} [startServices]
- * @return {Promise}
- * @resolved {String} - The id of the doc
- */
-export async function saveSavedObject(
-  savedObject: SavedObject,
-  config: SavedObjectConfig,
-  {
-    confirmOverwrite = false,
-    isTitleDuplicateConfirmed = false,
-    onTitleDuplicate,
-  }: SavedObjectSaveOpts = {},
-  services: SavedObjectKibanaServices,
-  startServices: StartServices
-): Promise<string> {
-  const { savedObjectsClient, chrome } = services;
-
-  const esType = config.type || '';
-  const extractReferences = config.extractReferences;
-  // Save the original id in case the save fails.
-  const originalId = savedObject.id;
-  // Read https://github.com/elastic/kibana/issues/9056 and
-  // https://github.com/elastic/kibana/issues/9012 for some background into why this copyOnSave variable
-  // exists.
-  // The goal is to move towards a better rename flow, but since our users have been conditioned
-  // to expect a 'save as' flow during a rename, we are keeping the logic the same until a better
-  // UI/UX can be worked out.
-  if (savedObject.copyOnSave) {
-    delete savedObject.id;
-  }
-
-  // Here we want to extract references and set them within "references" attribute
-  let { attributes, references } = savedObject._serialize();
-  if (extractReferences) {
-    ({ attributes, references } = extractReferences({ attributes, references }));
-  }
-  if (!references) throw new Error('References not returned from extractReferences');
-
-  try {
-    await checkForDuplicateTitle(
-      savedObject,
-      isTitleDuplicateConfirmed,
-      onTitleDuplicate,
-      services,
-      startServices
-    );
-    savedObject.isSaving = true;
-    const resp = confirmOverwrite
-      ? await createSource(
-          attributes,
-          savedObject,
-          esType,
-          savedObject.creationOpts({ references }),
-          services,
-          startServices
-        )
-      : await savedObjectsClient.create(
-          esType,
-          attributes,
-          savedObject.creationOpts({ references, overwrite: true })
-        );
-
-    savedObject.id = resp.id;
-    if (savedObject.showInRecentlyAccessed && savedObject.getFullPath) {
-      chrome.recentlyAccessed.add(
-        savedObject.getFullPath(),
-        savedObject.title,
-        String(savedObject.id)
-      );
-    }
-    savedObject.isSaving = false;
-    savedObject.lastSavedTitle = savedObject.title;
-    return savedObject.id;
-  } catch (err) {
-    savedObject.isSaving = false;
-    savedObject.id = originalId;
-    if (isErrorNonFatal(err)) {
-      return '';
-    }
-    return Promise.reject(err);
-  }
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.test.ts b/src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.test.ts
deleted file mode 100644
index 00c8a01026ef4..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.test.ts
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { SavedObjectAttributes, SavedObjectsCreateOptions, OverlayStart } from '@kbn/core/public';
-import { SavedObjectsClientContract } from '@kbn/core/public';
-import { analyticsServiceMock, i18nServiceMock, themeServiceMock } from '@kbn/core/public/mocks';
-import { saveWithConfirmation } from './save_with_confirmation';
-import * as deps from './confirm_modal_promise';
-import { OVERWRITE_REJECTED } from '../../constants';
-
-describe('saveWithConfirmation', () => {
-  const savedObjectsClient: SavedObjectsClientContract = {} as SavedObjectsClientContract;
-  const overlays: OverlayStart = {} as OverlayStart;
-  const source: SavedObjectAttributes = {} as SavedObjectAttributes;
-  const options: SavedObjectsCreateOptions = {} as SavedObjectsCreateOptions;
-  const savedObject = {
-    getEsType: () => 'test type',
-    title: 'test title',
-    displayName: 'test display name',
-  };
-  const startServices = {
-    analytics: analyticsServiceMock.createAnalyticsServiceStart(),
-    i18n: i18nServiceMock.createStartContract(),
-    theme: themeServiceMock.createStartContract(),
-  };
-
-  beforeEach(() => {
-    savedObjectsClient.create = jest.fn();
-    jest.spyOn(deps, 'confirmModalPromise').mockReturnValue(Promise.resolve({} as any));
-  });
-
-  test('should call create of savedObjectsClient', async () => {
-    await saveWithConfirmation(
-      source,
-      savedObject,
-      options,
-      { savedObjectsClient, overlays },
-      startServices
-    );
-    expect(savedObjectsClient.create).toHaveBeenCalledWith(
-      savedObject.getEsType(),
-      source,
-      options
-    );
-  });
-
-  test('should call confirmModalPromise when such record exists', async () => {
-    savedObjectsClient.create = jest
-      .fn()
-      .mockImplementation((type, src, opt) =>
-        opt && opt.overwrite ? Promise.resolve({} as any) : Promise.reject({ res: { status: 409 } })
-      );
-
-    await saveWithConfirmation(
-      source,
-      savedObject,
-      options,
-      { savedObjectsClient, overlays },
-      startServices
-    );
-    expect(deps.confirmModalPromise).toHaveBeenCalledWith(
-      expect.any(String),
-      expect.any(String),
-      expect.any(String),
-      overlays,
-      expect.objectContaining({
-        analytics: expect.any(Object),
-        i18n: expect.any(Object),
-        theme: expect.any(Object),
-      })
-    );
-  });
-
-  test('should call create of savedObjectsClient when overwriting confirmed', async () => {
-    savedObjectsClient.create = jest
-      .fn()
-      .mockImplementation((type, src, opt) =>
-        opt && opt.overwrite ? Promise.resolve({} as any) : Promise.reject({ res: { status: 409 } })
-      );
-
-    await saveWithConfirmation(
-      source,
-      savedObject,
-      options,
-      { savedObjectsClient, overlays },
-      startServices
-    );
-    expect(savedObjectsClient.create).toHaveBeenLastCalledWith(savedObject.getEsType(), source, {
-      overwrite: true,
-      ...options,
-    });
-  });
-
-  test('should reject when overwriting denied', async () => {
-    savedObjectsClient.create = jest.fn().mockReturnValue(Promise.reject({ res: { status: 409 } }));
-    jest.spyOn(deps, 'confirmModalPromise').mockReturnValue(Promise.reject());
-
-    expect.assertions(1);
-    await expect(
-      saveWithConfirmation(
-        source,
-        savedObject,
-        options,
-        {
-          savedObjectsClient,
-          overlays,
-        },
-        startServices
-      )
-    ).rejects.toThrow(OVERWRITE_REJECTED);
-  });
-});
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.ts b/src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.ts
deleted file mode 100644
index d80e2179b5329..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/save_with_confirmation.ts
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { get } from 'lodash';
-import { i18n } from '@kbn/i18n';
-import {
-  SavedObjectAttributes,
-  SavedObjectsCreateOptions,
-  OverlayStart,
-  SavedObjectsClientContract,
-} from '@kbn/core/public';
-import { OVERWRITE_REJECTED } from '../../constants';
-import type { StartServices } from '../../types';
-import { confirmModalPromise } from './confirm_modal_promise';
-
-/**
- * Attempts to create the current object using the serialized source. If an object already
- * exists, a warning message requests an overwrite confirmation.
- * @param source - serialized version of this object what will be indexed into elasticsearch.
- * @param savedObject - a simple object that contains properties title and displayName, and getEsType method
- * @param options - options to pass to the saved object create method
- * @param services - provides Kibana services savedObjectsClient and overlays
- * @returns {Promise} - A promise that is resolved with the objects id if the object is
- * successfully indexed. If the overwrite confirmation was rejected, an error is thrown with
- * a confirmRejected = true parameter so that case can be handled differently than
- * a create or index error.
- * @resolved {SavedObject}
- */
-export async function saveWithConfirmation(
-  source: SavedObjectAttributes,
-  savedObject: {
-    getEsType(): string;
-    title: string;
-    displayName: string;
-  },
-  options: SavedObjectsCreateOptions,
-  services: { savedObjectsClient: SavedObjectsClientContract; overlays: OverlayStart },
-  startServices: StartServices
-) {
-  const { savedObjectsClient, overlays } = services;
-  try {
-    return await savedObjectsClient.create(savedObject.getEsType(), source, options);
-  } catch (err) {
-    // record exists, confirm overwriting
-    if (get(err, 'res.status') === 409) {
-      const confirmMessage = i18n.translate(
-        'savedObjects.confirmModal.overwriteConfirmationMessage',
-        {
-          defaultMessage: 'Are you sure you want to overwrite {title}?',
-          values: { title: savedObject.title },
-        }
-      );
-
-      const title = i18n.translate('savedObjects.confirmModal.overwriteTitle', {
-        defaultMessage: 'Overwrite {name}?',
-        values: { name: savedObject.displayName },
-      });
-      const confirmButtonText = i18n.translate('savedObjects.confirmModal.overwriteButtonLabel', {
-        defaultMessage: 'Overwrite',
-      });
-
-      return confirmModalPromise(confirmMessage, title, confirmButtonText, overlays, startServices)
-        .then(() =>
-          savedObjectsClient.create(savedObject.getEsType(), source, {
-            overwrite: true,
-            ...options,
-          })
-        )
-        .catch(() => Promise.reject(new Error(OVERWRITE_REJECTED)));
-    }
-    return await Promise.reject(err);
-  }
-}
diff --git a/src/plugins/saved_objects/public/saved_object/helpers/serialize_saved_object.ts b/src/plugins/saved_objects/public/saved_object/helpers/serialize_saved_object.ts
deleted file mode 100644
index 3150f6ad3f005..0000000000000
--- a/src/plugins/saved_objects/public/saved_object/helpers/serialize_saved_object.ts
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { forOwn } from 'lodash';
-import { extractSearchSourceReferences } from '@kbn/data-plugin/public';
-import { SavedObject, SavedObjectConfig } from '../../types';
-import { expandShorthand } from './field_mapping';
-
-export function serializeSavedObject(savedObject: SavedObject, config: SavedObjectConfig) {
-  // mapping definition for the fields that this object will expose
-  const mapping = expandShorthand(config.mapping ?? {});
-  const attributes = {} as Record<string, any>;
-  const references = [];
-
-  forOwn(mapping, (fieldMapping, fieldName) => {
-    if (typeof fieldName !== 'string') {
-      return;
-    }
-    // @ts-ignore
-    const savedObjectFieldVal = savedObject[fieldName];
-    if (savedObjectFieldVal != null) {
-      attributes[fieldName] = fieldMapping._serialize
-        ? fieldMapping._serialize(savedObjectFieldVal)
-        : savedObjectFieldVal;
-    }
-  });
-
-  if (savedObject.searchSource) {
-    const { searchSourceJSON, references: searchSourceReferences } =
-      savedObject.searchSource.serialize();
-    attributes.kibanaSavedObjectMeta = { searchSourceJSON };
-    references.push(...searchSourceReferences);
-  }
-
-  if (savedObject.searchSourceFields) {
-    const [searchSourceFields, searchSourceReferences] = extractSearchSourceReferences(
-      savedObject.searchSourceFields
-    );
-    const searchSourceJSON = JSON.stringify(searchSourceFields);
-    attributes.kibanaSavedObjectMeta = { searchSourceJSON };
-    references.push(...searchSourceReferences);
-  }
-
-  if (savedObject.unresolvedIndexPatternReference) {
-    references.push(savedObject.unresolvedIndexPatternReference);
-  }
-
-  return { attributes, references };
-}
diff --git a/src/plugins/saved_objects/public/saved_object/index.ts b/src/plugins/saved_objects/public/saved_object/index.ts
index 560178fdf4f36..68639d030317e 100644
--- a/src/plugins/saved_objects/public/saved_object/index.ts
+++ b/src/plugins/saved_objects/public/saved_object/index.ts
@@ -7,6 +7,4 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-export { checkForDuplicateTitle } from './helpers/check_for_duplicate_title';
-export { saveWithConfirmation } from './helpers/save_with_confirmation';
 export { isErrorNonFatal } from './helpers/save_saved_object';
diff --git a/src/plugins/saved_objects/public/types.ts b/src/plugins/saved_objects/public/types.ts
index c34ef878b5d7e..0919c24ab2c62 100644
--- a/src/plugins/saved_objects/public/types.ts
+++ b/src/plugins/saved_objects/public/types.ts
@@ -7,16 +7,8 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import {
-  ChromeStart,
-  CoreStart,
-  OverlayStart,
-  SavedObjectsClientContract,
-  SavedObjectAttributes,
-  SavedObjectReference,
-} from '@kbn/core/public';
-import { ISearchSource, ISearchStart, SerializedSearchSourceFields } from '@kbn/data-plugin/public';
-import { DataViewsContract } from '@kbn/data-views-plugin/public';
+import { CoreStart, SavedObjectAttributes, SavedObjectReference } from '@kbn/core/public';
+import { ISearchSource, SerializedSearchSourceFields } from '@kbn/data-plugin/public';
 import type { DataView } from '@kbn/data-views-plugin/common';
 
 /**
@@ -62,14 +54,6 @@ export interface SavedObjectCreationOpts {
   overwrite?: boolean;
 }
 
-export interface SavedObjectKibanaServices {
-  savedObjectsClient: SavedObjectsClientContract;
-  dataViews: DataViewsContract;
-  search: ISearchStart;
-  chrome: ChromeStart;
-  overlays: OverlayStart;
-}
-
 export type StartServices = Pick<CoreStart, 'analytics' | 'i18n' | 'theme'>;
 
 export interface SavedObjectAttributesAndRefs {
diff --git a/src/plugins/saved_objects/tsconfig.json b/src/plugins/saved_objects/tsconfig.json
index ccec7b43ad9f1..83e113a7e4e17 100644
--- a/src/plugins/saved_objects/tsconfig.json
+++ b/src/plugins/saved_objects/tsconfig.json
@@ -7,7 +7,6 @@
   "kbn_references": [
     "@kbn/core",
     "@kbn/data-plugin",
-    "@kbn/kibana-utils-plugin",
     "@kbn/i18n",
     "@kbn/data-views-plugin",
     "@kbn/i18n-react",
diff --git a/test/api_integration/apis/data_views/fields_for_wildcard_route/response.ts b/test/api_integration/apis/data_views/fields_for_wildcard_route/response.ts
index a80ca89ee4865..1810129552215 100644
--- a/test/api_integration/apis/data_views/fields_for_wildcard_route/response.ts
+++ b/test/api_integration/apis/data_views/fields_for_wildcard_route/response.ts
@@ -21,6 +21,7 @@ export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const supertest = getService('supertest');
   const esClient = getService('es');
+  const log = getService('log');
 
   const ensureFieldsAreSorted = (resp: { body: { fields: { name: string } } }) => {
     expect(resp.body.fields).to.eql(sortBy(resp.body.fields, 'name'));
@@ -80,8 +81,7 @@ export default function ({ getService }: FtrProviderContext) {
     },
   ];
 
-  // Failing: See https://github.com/elastic/kibana/issues/199413
-  describe.skip('fields_for_wildcard_route response', () => {
+  describe('fields_for_wildcard_route response', () => {
     before(() =>
       esArchiver.load('test/api_integration/fixtures/es_archiver/index_patterns/basic_index')
     );
@@ -240,7 +240,7 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(404);
     });
 
-    it('returns 200 when index is closed', async () => {
+    it('returns 200 when index is closed and allow_no_index is true', async () => {
       const es = getService('es');
 
       await es.indices.close({ index: 'basic_index' });
@@ -249,13 +249,36 @@ export default function ({ getService }: FtrProviderContext) {
         .get(FIELDS_FOR_WILDCARD_PATH)
         .set(ELASTIC_HTTP_VERSION_HEADER, INITIAL_REST_VERSION_INTERNAL)
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
-        .query({ pattern: 'basic_index' })
+        .query({ pattern: 'basic_index', allow_no_index: true })
+        .expect((response) => {
+          if (response.statusCode !== 200) {
+            log.debug(response.body);
+          }
+        })
         .expect(200, {
           fields: [],
           indices: [],
         });
     });
 
+    it('returns 404 when index is closed and allow_no_index is false', async () => {
+      const es = getService('es');
+
+      await es.indices.close({ index: 'basic_index' });
+
+      await supertest
+        .get(FIELDS_FOR_WILDCARD_PATH)
+        .set(ELASTIC_HTTP_VERSION_HEADER, INITIAL_REST_VERSION_INTERNAL)
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .query({ pattern: 'basic_index' })
+        .expect((response) => {
+          if (response.statusCode !== 404) {
+            log.debug(response.body);
+          }
+        })
+        .expect(404);
+    });
+
     it('returns empty set when no fields even if meta fields are supplied', async () => {
       await esClient.indices.create({ index: 'fields-for-wildcard-000001' });
 
diff --git a/test/functional/apps/dashboard/group5/dashboard_panel_listing.ts b/test/functional/apps/dashboard/group5/dashboard_panel_listing.ts
index 1685228699fc3..abd6b1c5dd1c1 100644
--- a/test/functional/apps/dashboard/group5/dashboard_panel_listing.ts
+++ b/test/functional/apps/dashboard/group5/dashboard_panel_listing.ts
@@ -17,7 +17,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const kibanaServer = getService('kibanaServer');
   const dashboardAddPanel = getService('dashboardAddPanel');
 
-  describe('dashboard panel listing', () => {
+  describe('dashboard panel listing', function () {
+    this.tags('skipFIPS');
     before(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
       await kibanaServer.importExport.load(
diff --git a/test/server_integration/http/ssl_with_p12/index.js b/test/server_integration/http/ssl_with_p12/index.js
index b402ce548c6a1..21c09a8d7e63f 100644
--- a/test/server_integration/http/ssl_with_p12/index.js
+++ b/test/server_integration/http/ssl_with_p12/index.js
@@ -10,7 +10,8 @@
 export default function ({ getService }) {
   const supertest = getService('supertest');
 
-  describe('kibana server with ssl', () => {
+  describe('kibana server with ssl', function () {
+    this.tags('skipFIPS');
     it('handles requests using ssl with a P12 keystore', async () => {
       await supertest.get('/').expect(302);
     });
diff --git a/test/server_integration/http/ssl_with_p12_intermediate/index.js b/test/server_integration/http/ssl_with_p12_intermediate/index.js
index b01df762c7345..0fc4a2f793e20 100644
--- a/test/server_integration/http/ssl_with_p12_intermediate/index.js
+++ b/test/server_integration/http/ssl_with_p12_intermediate/index.js
@@ -10,7 +10,8 @@
 export default function ({ getService }) {
   const supertest = getService('supertest');
 
-  describe('kibana server with ssl', () => {
+  describe('kibana server with ssl', function () {
+    this.tags('skipFIPS');
     it('handles requests using ssl with a P12 keystore that uses an intermediate CA', async () => {
       await supertest.get('/').expect(302);
     });
diff --git a/tsconfig.base.json b/tsconfig.base.json
index 26fe060916a92..3e1d80208f5b4 100644
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -1148,6 +1148,8 @@
       "@kbn/lint-ts-projects-cli/*": ["packages/kbn-lint-ts-projects-cli/*"],
       "@kbn/lists-plugin": ["x-pack/plugins/lists"],
       "@kbn/lists-plugin/*": ["x-pack/plugins/lists/*"],
+      "@kbn/llm-tasks-plugin": ["x-pack/plugins/ai_infra/llm_tasks"],
+      "@kbn/llm-tasks-plugin/*": ["x-pack/plugins/ai_infra/llm_tasks/*"],
       "@kbn/locator-examples-plugin": ["examples/locator_examples"],
       "@kbn/locator-examples-plugin/*": ["examples/locator_examples/*"],
       "@kbn/locator-explorer-plugin": ["examples/locator_explorer"],
@@ -1390,6 +1392,10 @@
       "@kbn/presentation-util-plugin/*": ["src/plugins/presentation_util/*"],
       "@kbn/product-doc-artifact-builder": ["x-pack/packages/ai-infra/product-doc-artifact-builder"],
       "@kbn/product-doc-artifact-builder/*": ["x-pack/packages/ai-infra/product-doc-artifact-builder/*"],
+      "@kbn/product-doc-base-plugin": ["x-pack/plugins/ai_infra/product_doc_base"],
+      "@kbn/product-doc-base-plugin/*": ["x-pack/plugins/ai_infra/product_doc_base/*"],
+      "@kbn/product-doc-common": ["x-pack/packages/ai-infra/product-doc-common"],
+      "@kbn/product-doc-common/*": ["x-pack/packages/ai-infra/product-doc-common/*"],
       "@kbn/profiling-data-access-plugin": ["x-pack/plugins/observability_solution/profiling_data_access"],
       "@kbn/profiling-data-access-plugin/*": ["x-pack/plugins/observability_solution/profiling_data_access/*"],
       "@kbn/profiling-plugin": ["x-pack/plugins/observability_solution/profiling"],
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/README.md b/x-pack/packages/ai-infra/product-doc-artifact-builder/README.md
index eb64d53b5b8f7..49949def3e5e7 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/README.md
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/README.md
@@ -1,3 +1,49 @@
 # @kbn/product-doc-artifact-builder
 
-Script to build the knowledge base artifacts
+Script to build the knowledge base artifacts.
+
+## How to run
+
+```
+node scripts/build_product_doc_artifacts.js --stack-version {version} --product-name {product}
+```
+
+### parameters
+
+#### `stack-version`: 
+
+the stack version to generate the artifacts for.
+
+#### `product-name`: 
+
+(multi-value) the list of products to generate artifacts for.
+
+possible values: 
+- "kibana"
+- "elasticsearch"
+- "observability"
+- "security"
+
+#### `target-folder`:
+
+The folder to generate the artifacts in.
+
+Defaults to `{REPO_ROOT}/build-kb-artifacts`.
+
+#### `build-folder`:
+
+The folder to use for temporary files.
+
+Defaults to `{REPO_ROOT}/build/temp-kb-artifacts`
+
+#### Cluster infos
+
+- params for the source cluster:
+`sourceClusterUrl` / env.KIBANA_SOURCE_CLUSTER_URL
+`sourceClusterUsername` / env.KIBANA_SOURCE_CLUSTER_USERNAME
+`sourceClusterPassword` / env.KIBANA_SOURCE_CLUSTER_PASSWORD
+
+- params for the embedding cluster:
+`embeddingClusterUrl` / env.KIBANA_EMBEDDING_CLUSTER_URL
+`embeddingClusterUsername` / env.KIBANA_EMBEDDING_CLUSTER_USERNAME
+`embeddingClusterPassword` / env.KIBANA_EMBEDDING_CLUSTER_PASSWORD
\ No newline at end of file
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/manifest.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/manifest.ts
index cbebcdc22981b..a8aa927c5ef1f 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/manifest.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/manifest.ts
@@ -5,17 +5,13 @@
  * 2.0.
  */
 
-export interface ArtifactManifest {
-  formatVersion: string;
-  productName: string;
-  productVersion: string;
-}
+import type { ArtifactManifest, ProductName } from '@kbn/product-doc-common';
 
 export const getArtifactManifest = ({
   productName,
   stackVersion,
 }: {
-  productName: string;
+  productName: ProductName;
   stackVersion: string;
 }): ArtifactManifest => {
   return {
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/mappings.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/mappings.ts
index ae84ae60616a3..979845ec31844 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/mappings.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/mappings.ts
@@ -21,10 +21,7 @@ export const getArtifactMappings = (inferenceEndpoint: string): MappingTypeMappi
       slug: { type: 'keyword' },
       url: { type: 'keyword' },
       version: { type: 'version' },
-      ai_subtitle: {
-        type: 'semantic_text',
-        inference_id: inferenceEndpoint,
-      },
+      ai_subtitle: { type: 'text' },
       ai_summary: {
         type: 'semantic_text',
         inference_id: inferenceEndpoint,
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/product_name.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/product_name.ts
index cfcc141323f4f..e4ca33849a527 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/product_name.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/product_name.ts
@@ -5,7 +5,34 @@
  * 2.0.
  */
 
-/**
- * The allowed product names, as found in the source's cluster
- */
-export const sourceProductNames = ['Kibana', 'Elasticsearch', 'Security', 'Observability'];
+import type { ProductName } from '@kbn/product-doc-common';
+
+const productNameToSourceNamesMap: Record<ProductName, string[]> = {
+  kibana: ['Kibana'],
+  elasticsearch: ['Elasticsearch'],
+  security: ['Security'],
+  observability: ['Observability'],
+};
+
+const sourceNameToProductName = Object.entries(productNameToSourceNamesMap).reduce<
+  Record<string, ProductName>
+>((map, [productName, sourceNames]) => {
+  sourceNames.forEach((sourceName) => {
+    map[sourceName] = productName as ProductName;
+  });
+  return map;
+}, {});
+
+export const getSourceNamesFromProductName = (productName: ProductName): string[] => {
+  if (!productNameToSourceNamesMap[productName]) {
+    throw new Error(`Unknown product name: ${productName}`);
+  }
+  return productNameToSourceNamesMap[productName];
+};
+
+export const getProductNameFromSource = (source: string): ProductName => {
+  if (!sourceNameToProductName[source]) {
+    throw new Error(`Unknown source name: ${source}`);
+  }
+  return sourceNameToProductName[source];
+};
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/build_artifacts.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/build_artifacts.ts
index bbde3310f8e3a..551f58bc68308 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/build_artifacts.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/build_artifacts.ts
@@ -8,6 +8,7 @@
 import Path from 'path';
 import { Client } from '@elastic/elasticsearch';
 import { ToolingLog } from '@kbn/tooling-log';
+import type { ProductName } from '@kbn/product-doc-common';
 import {
   // checkConnectivity,
   createTargetIndex,
@@ -18,6 +19,7 @@ import {
   createArtifact,
   cleanupFolders,
   deleteIndex,
+  processDocuments,
 } from './tasks';
 import type { TaskConfig } from './types';
 
@@ -93,7 +95,7 @@ const buildArtifact = async ({
   sourceClient,
   log,
 }: {
-  productName: string;
+  productName: ProductName;
   stackVersion: string;
   buildFolder: string;
   targetFolder: string;
@@ -105,7 +107,7 @@ const buildArtifact = async ({
 
   const targetIndex = getTargetIndexName({ productName, stackVersion });
 
-  const documents = await extractDocumentation({
+  let documents = await extractDocumentation({
     client: sourceClient,
     index: 'search-docs-1',
     log,
@@ -113,6 +115,8 @@ const buildArtifact = async ({
     stackVersion,
   });
 
+  documents = await processDocuments({ documents, log });
+
   await createTargetIndex({
     client: embeddingClient,
     indexName: targetIndex,
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/command.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/command.ts
index 49af1d158db83..e8d0d9486e331 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/command.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/command.ts
@@ -6,19 +6,19 @@
  */
 
 import Path from 'path';
-import { REPO_ROOT } from '@kbn/repo-info';
 import yargs from 'yargs';
+import { REPO_ROOT } from '@kbn/repo-info';
+import { DocumentationProduct } from '@kbn/product-doc-common';
 import type { TaskConfig } from './types';
 import { buildArtifacts } from './build_artifacts';
-import { sourceProductNames } from './artifact/product_name';
 
 function options(y: yargs.Argv) {
   return y
     .option('productName', {
       describe: 'name of products to generate documentation for',
       array: true,
-      choices: sourceProductNames,
-      default: ['Kibana'],
+      choices: Object.values(DocumentationProduct),
+      default: [DocumentationProduct.kibana],
     })
     .option('stackVersion', {
       describe: 'The stack version to generate documentation for',
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_artifact.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_artifact.ts
index 343099876585a..056887a41a4d2 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_artifact.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_artifact.ts
@@ -8,9 +8,9 @@
 import Path from 'path';
 import AdmZip from 'adm-zip';
 import type { ToolingLog } from '@kbn/tooling-log';
+import { getArtifactName, type ProductName } from '@kbn/product-doc-common';
 import { getArtifactMappings } from '../artifact/mappings';
 import { getArtifactManifest } from '../artifact/manifest';
-import { getArtifactName } from '../artifact/artifact_name';
 
 export const createArtifact = async ({
   productName,
@@ -21,7 +21,7 @@ export const createArtifact = async ({
 }: {
   buildFolder: string;
   targetFolder: string;
-  productName: string;
+  productName: ProductName;
   stackVersion: string;
   log: ToolingLog;
 }) => {
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_chunk_files.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_chunk_files.ts
index 8b0e7323c2886..73cf8f0109228 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_chunk_files.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_chunk_files.ts
@@ -10,7 +10,7 @@ import Fs from 'fs/promises';
 import type { Client } from '@elastic/elasticsearch';
 import type { ToolingLog } from '@kbn/tooling-log';
 
-const fileSizeLimit = 250_000;
+const fileSizeLimit = 500_000;
 
 export const createChunkFiles = async ({
   index,
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_index.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_index.ts
index e4f24725883ab..d26ffc980f3ab 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_index.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/create_index.ts
@@ -21,10 +21,7 @@ const mappings: MappingTypeMapping = {
     slug: { type: 'keyword' },
     url: { type: 'keyword' },
     version: { type: 'version' },
-    ai_subtitle: {
-      type: 'semantic_text',
-      inference_id: 'kibana-elser2',
-    },
+    ai_subtitle: { type: 'text' },
     ai_summary: {
       type: 'semantic_text',
       inference_id: 'kibana-elser2',
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/extract_documentation.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/extract_documentation.ts
index f1dd051394bbd..6aa8bb49b0cfd 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/extract_documentation.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/extract_documentation.ts
@@ -8,6 +8,8 @@
 import type { Client } from '@elastic/elasticsearch';
 import type { SearchHit } from '@elastic/elasticsearch/lib/api/types';
 import type { ToolingLog } from '@kbn/tooling-log';
+import type { ProductName } from '@kbn/product-doc-common';
+import { getSourceNamesFromProductName, getProductNameFromSource } from '../artifact/product_name';
 
 /** the list of fields to import from the source cluster */
 const fields = [
@@ -27,7 +29,7 @@ const fields = [
 export interface ExtractedDocument {
   content_title: string;
   content_body: string;
-  product_name: string;
+  product_name: ProductName;
   root_type: string;
   slug: string;
   url: string;
@@ -43,7 +45,7 @@ const convertHit = (hit: SearchHit<any>): ExtractedDocument => {
   return {
     content_title: source.content_title,
     content_body: source.content_body,
-    product_name: source.product_name,
+    product_name: getProductNameFromSource(source.product_name),
     root_type: 'documentation',
     slug: source.slug,
     url: source.url,
@@ -65,7 +67,7 @@ export const extractDocumentation = async ({
   client: Client;
   index: string;
   stackVersion: string;
-  productName: string;
+  productName: ProductName;
   log: ToolingLog;
 }) => {
   log.info(`Starting to extract documents from source cluster`);
@@ -76,7 +78,7 @@ export const extractDocumentation = async ({
     query: {
       bool: {
         must: [
-          { term: { product_name: productName } },
+          { terms: { product_name: getSourceNamesFromProductName(productName) } },
           { term: { version: stackVersion } },
           { exists: { field: 'ai_fields.ai_summary' } },
         ],
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/index.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/index.ts
index 0c63431362329..ec94e4c135c17 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/index.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/index.ts
@@ -10,8 +10,8 @@ export { indexDocuments } from './index_documents';
 export { createTargetIndex } from './create_index';
 export { installElser } from './install_elser';
 export { createChunkFiles } from './create_chunk_files';
-export { performSemanticSearch } from './perform_semantic_search';
 export { checkConnectivity } from './check_connectivity';
 export { createArtifact } from './create_artifact';
 export { cleanupFolders } from './cleanup_folders';
 export { deleteIndex } from './delete_index';
+export { processDocuments } from './process_documents';
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/process_documents.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/process_documents.ts
new file mode 100644
index 0000000000000..69141ca167ab4
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/process_documents.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { uniqBy } from 'lodash';
+import { encode } from 'gpt-tokenizer';
+import type { ToolingLog } from '@kbn/tooling-log';
+import type { ExtractedDocument } from './extract_documentation';
+
+export const processDocuments = async ({
+  documents,
+  log,
+}: {
+  documents: ExtractedDocument[];
+  log: ToolingLog;
+}): Promise<ExtractedDocument[]> => {
+  log.info('Starting processing documents.');
+  const initialCount = documents.length;
+  documents = removeDuplicates(documents);
+  const noDupCount = documents.length;
+  log.info(`Removed ${initialCount - noDupCount} duplicates`);
+  documents.forEach(processDocument);
+  documents = filterEmptyDocs(documents);
+  log.info(`Removed ${noDupCount - documents.length} empty documents`);
+  log.info('Done processing documents.');
+  return documents;
+};
+
+const removeDuplicates = (documents: ExtractedDocument[]): ExtractedDocument[] => {
+  return uniqBy(documents, (doc) => doc.slug);
+};
+
+/**
+ * Filter "this content has moved" or "deleted pages" type of documents, just based on token count.
+ */
+const filterEmptyDocs = (documents: ExtractedDocument[]): ExtractedDocument[] => {
+  return documents.filter((doc) => {
+    const tokenCount = encode(doc.content_body).length;
+    if (tokenCount < 100) {
+      return false;
+    }
+    return true;
+  });
+};
+
+const processDocument = (document: ExtractedDocument) => {
+  document.content_body = document.content_body
+    // remove those "edit" button text that got embedded into titles.
+    .replaceAll(/([a-zA-Z])edit\n/g, (match) => {
+      return `${match[0]}\n`;
+    })
+    // limit to 2 consecutive carriage return
+    .replaceAll(/\n\n+/g, '\n\n');
+
+  return document;
+};
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/types.ts b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/types.ts
index d2acfb5774500..1eb4a4348d218 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/types.ts
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/src/types.ts
@@ -5,8 +5,10 @@
  * 2.0.
  */
 
+import type { ProductName } from '@kbn/product-doc-common';
+
 export interface TaskConfig {
-  productNames: string[];
+  productNames: ProductName[];
   stackVersion: string;
   buildFolder: string;
   targetFolder: string;
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/tsconfig.json b/x-pack/packages/ai-infra/product-doc-artifact-builder/tsconfig.json
index 508d4c715d0a7..68ff27852c4d1 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/tsconfig.json
+++ b/x-pack/packages/ai-infra/product-doc-artifact-builder/tsconfig.json
@@ -16,5 +16,6 @@
   "kbn_references": [
     "@kbn/tooling-log",
     "@kbn/repo-info",
+    "@kbn/product-doc-common",
   ]
 }
diff --git a/x-pack/packages/ai-infra/product-doc-common/README.md b/x-pack/packages/ai-infra/product-doc-common/README.md
new file mode 100644
index 0000000000000..ff20c0e0fd0e7
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/README.md
@@ -0,0 +1,3 @@
+# @kbn/product-doc-common
+
+Common types and utilities for the product documentation feature.
diff --git a/x-pack/packages/ai-infra/product-doc-common/index.ts b/x-pack/packages/ai-infra/product-doc-common/index.ts
new file mode 100644
index 0000000000000..1a96737138991
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/index.ts
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { getArtifactName, parseArtifactName } from './src/artifact';
+export { type ArtifactManifest } from './src/manifest';
+export { DocumentationProduct, type ProductName } from './src/product';
+export { isArtifactContentFilePath } from './src/artifact_content';
+export {
+  productDocIndexPrefix,
+  productDocIndexPattern,
+  getProductDocIndexName,
+} from './src/indices';
+export type { ProductDocumentationAttributes } from './src/documents';
diff --git a/x-pack/packages/ai-infra/product-doc-common/jest.config.js b/x-pack/packages/ai-infra/product-doc-common/jest.config.js
new file mode 100644
index 0000000000000..e6cae43806c8d
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/jest.config.js
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test/jest_node',
+  rootDir: '../../../..',
+  roots: ['<rootDir>/x-pack/packages/ai-infra/product-doc-common'],
+};
diff --git a/x-pack/packages/ai-infra/product-doc-common/kibana.jsonc b/x-pack/packages/ai-infra/product-doc-common/kibana.jsonc
new file mode 100644
index 0000000000000..16336c1fc8e27
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-common",
+  "id": "@kbn/product-doc-common",
+  "owner": "@elastic/appex-ai-infra"
+}
diff --git a/x-pack/packages/ai-infra/product-doc-common/package.json b/x-pack/packages/ai-infra/product-doc-common/package.json
new file mode 100644
index 0000000000000..839d411a2efb9
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/product-doc-common",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}
\ No newline at end of file
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/artifact.test.ts b/x-pack/packages/ai-infra/product-doc-common/src/artifact.test.ts
new file mode 100644
index 0000000000000..2b6362dbf4aad
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/artifact.test.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getArtifactName, parseArtifactName } from './artifact';
+
+describe('getArtifactName', () => {
+  it('builds the name based on the provided product name and version', () => {
+    expect(
+      getArtifactName({
+        productName: 'kibana',
+        productVersion: '8.16',
+      })
+    ).toEqual('kb-product-doc-kibana-8.16.zip');
+  });
+
+  it('excludes the extension when excludeExtension is true', () => {
+    expect(
+      getArtifactName({
+        productName: 'elasticsearch',
+        productVersion: '8.17',
+        excludeExtension: true,
+      })
+    ).toEqual('kb-product-doc-elasticsearch-8.17');
+  });
+
+  it('generates a lowercase name', () => {
+    expect(
+      getArtifactName({
+        // @ts-expect-error testing
+        productName: 'ElasticSearch',
+        productVersion: '8.17',
+        excludeExtension: true,
+      })
+    ).toEqual('kb-product-doc-elasticsearch-8.17');
+  });
+});
+
+describe('parseArtifactName', () => {
+  it('parses an artifact name with extension', () => {
+    expect(parseArtifactName('kb-product-doc-kibana-8.16.zip')).toEqual({
+      productName: 'kibana',
+      productVersion: '8.16',
+    });
+  });
+
+  it('parses an artifact name without extension', () => {
+    expect(parseArtifactName('kb-product-doc-security-8.17')).toEqual({
+      productName: 'security',
+      productVersion: '8.17',
+    });
+  });
+
+  it('returns undefined if the provided string does not match the artifact name pattern', () => {
+    expect(parseArtifactName('some-wrong-name')).toEqual(undefined);
+  });
+
+  it('returns undefined if the provided string is not strictly lowercase', () => {
+    expect(parseArtifactName('kb-product-doc-Security-8.17')).toEqual(undefined);
+  });
+});
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/artifact.ts b/x-pack/packages/ai-infra/product-doc-common/src/artifact.ts
new file mode 100644
index 0000000000000..1a6745abd733d
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/artifact.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { type ProductName, DocumentationProduct } from './product';
+
+// kb-product-doc-elasticsearch-8.15.zip
+const artifactNameRegexp = /^kb-product-doc-([a-z]+)-([0-9]+\.[0-9]+)(\.zip)?$/;
+const allowedProductNames: ProductName[] = Object.values(DocumentationProduct);
+
+export const getArtifactName = ({
+  productName,
+  productVersion,
+  excludeExtension = false,
+}: {
+  productName: ProductName;
+  productVersion: string;
+  excludeExtension?: boolean;
+}): string => {
+  const ext = excludeExtension ? '' : '.zip';
+  return `kb-product-doc-${productName}-${productVersion}${ext}`.toLowerCase();
+};
+
+export const parseArtifactName = (artifactName: string) => {
+  const match = artifactNameRegexp.exec(artifactName);
+  if (match) {
+    const productName = match[1].toLowerCase() as ProductName;
+    const productVersion = match[2].toLowerCase();
+    if (allowedProductNames.includes(productName)) {
+      return {
+        productName,
+        productVersion,
+      };
+    }
+  }
+};
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/artifact_content.test.ts b/x-pack/packages/ai-infra/product-doc-common/src/artifact_content.test.ts
new file mode 100644
index 0000000000000..3f97aaf94f880
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/artifact_content.test.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isArtifactContentFilePath } from './artifact_content';
+
+describe('isArtifactContentFilePath', () => {
+  it('returns true for filenames matching the pattern', () => {
+    expect(isArtifactContentFilePath('content/content-0.ndjson')).toEqual(true);
+    expect(isArtifactContentFilePath('content/content-007.ndjson')).toEqual(true);
+    expect(isArtifactContentFilePath('content/content-9042.ndjson')).toEqual(true);
+  });
+
+  it('returns false for filenames not matching the pattern', () => {
+    expect(isArtifactContentFilePath('content-0.ndjson')).toEqual(false);
+    expect(isArtifactContentFilePath('content/content-0')).toEqual(false);
+    expect(isArtifactContentFilePath('content/content.ndjson')).toEqual(false);
+    expect(isArtifactContentFilePath('content/content-9042.json')).toEqual(false);
+  });
+});
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/artifact_content.ts b/x-pack/packages/ai-infra/product-doc-common/src/artifact_content.ts
new file mode 100644
index 0000000000000..757e6664bb588
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/artifact_content.ts
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+const contentFileRegexp = /^content\/content-[0-9]+\.ndjson$/;
+
+export const isArtifactContentFilePath = (path: string): boolean => {
+  return contentFileRegexp.test(path);
+};
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/documents.ts b/x-pack/packages/ai-infra/product-doc-common/src/documents.ts
new file mode 100644
index 0000000000000..ef81b3d6411cc
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/documents.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ProductName } from './product';
+
+// don't need to define the other props
+interface SemanticTextField {
+  text: string;
+}
+
+interface SemanticTextArrayField {
+  text: string[];
+}
+
+export interface ProductDocumentationAttributes {
+  content_title: string;
+  content_body: SemanticTextField;
+  product_name: ProductName;
+  root_type: string;
+  slug: string;
+  url: string;
+  version: string;
+  ai_subtitle: string;
+  ai_summary: SemanticTextField;
+  ai_questions_answered: SemanticTextArrayField;
+  ai_tags: string[];
+}
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/indices.ts b/x-pack/packages/ai-infra/product-doc-common/src/indices.ts
new file mode 100644
index 0000000000000..b48cacf79fd23
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/indices.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ProductName } from './product';
+
+export const productDocIndexPrefix = '.kibana-ai-product-doc';
+export const productDocIndexPattern = `${productDocIndexPrefix}-*`;
+
+export const getProductDocIndexName = (productName: ProductName): string => {
+  return `${productDocIndexPrefix}-${productName.toLowerCase()}`;
+};
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/artifact_name.ts b/x-pack/packages/ai-infra/product-doc-common/src/manifest.ts
similarity index 59%
rename from x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/artifact_name.ts
rename to x-pack/packages/ai-infra/product-doc-common/src/manifest.ts
index 678b17088c7b4..6c246cf58fd5f 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/artifact/artifact_name.ts
+++ b/x-pack/packages/ai-infra/product-doc-common/src/manifest.ts
@@ -5,12 +5,10 @@
  * 2.0.
  */
 
-export const getArtifactName = ({
-  productName,
-  productVersion,
-}: {
-  productName: string;
+import type { ProductName } from './product';
+
+export interface ArtifactManifest {
+  formatVersion: string;
+  productName: ProductName;
   productVersion: string;
-}): string => {
-  return `kibana-kb-${productName}-${productVersion}.zip`.toLowerCase();
-};
+}
diff --git a/x-pack/packages/ai-infra/product-doc-common/src/product.ts b/x-pack/packages/ai-infra/product-doc-common/src/product.ts
new file mode 100644
index 0000000000000..417033f5083ec
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/src/product.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export enum DocumentationProduct {
+  kibana = 'kibana',
+  elasticsearch = 'elasticsearch',
+  observability = 'observability',
+  security = 'security',
+}
+
+export type ProductName = keyof typeof DocumentationProduct;
diff --git a/x-pack/packages/ai-infra/product-doc-common/tsconfig.json b/x-pack/packages/ai-infra/product-doc-common/tsconfig.json
new file mode 100644
index 0000000000000..0d78dace105e1
--- /dev/null
+++ b/x-pack/packages/ai-infra/product-doc-common/tsconfig.json
@@ -0,0 +1,17 @@
+{
+  "extends": "../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node"
+    ]
+  },
+  "include": [
+    "**/*.ts",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": []
+}
diff --git a/x-pack/packages/kbn-elastic-assistant-common/constants.ts b/x-pack/packages/kbn-elastic-assistant-common/constants.ts
index 49db6c295a51a..7a884936d04e2 100755
--- a/x-pack/packages/kbn-elastic-assistant-common/constants.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/constants.ts
@@ -55,3 +55,8 @@ export const ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_INDICES_URL =
 
 export const ELASTIC_AI_ASSISTANT_EVALUATE_URL =
   `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/evaluate` as const;
+
+// Defend insights
+export const DEFEND_INSIGHTS_TOOL_ID = 'defend-insights';
+export const DEFEND_INSIGHTS = `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/defend_insights`;
+export const DEFEND_INSIGHTS_BY_ID = `${DEFEND_INSIGHTS}/{id}`;
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts
index d883dfe98d564..0e204b4b949ea 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts
@@ -20,4 +20,5 @@ export type AssistantFeatureKey = keyof AssistantFeatures;
  */
 export const defaultAssistantFeatures = Object.freeze({
   assistantModelEvaluation: false,
+  defendInsights: false,
 });
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts
index 0f8b6235d7dc9..8777e8d728279 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts
@@ -19,4 +19,5 @@ import { z } from '@kbn/zod';
 export type GetCapabilitiesResponse = z.infer<typeof GetCapabilitiesResponse>;
 export const GetCapabilitiesResponse = z.object({
   assistantModelEvaluation: z.boolean(),
+  defendInsights: z.boolean(),
 });
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml
index a042abd391796..e9b6ca9697256 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml
@@ -22,8 +22,11 @@ paths:
                 properties:
                   assistantModelEvaluation:
                     type: boolean
+                  defendInsights:
+                    type: boolean
                 required:
                   - assistantModelEvaluation
+                  - defendInsights
         '400':
           description: Generic Error
           content:
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/common_attributes.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/common_attributes.gen.ts
new file mode 100644
index 0000000000000..e070c3129e192
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/common_attributes.gen.ts
@@ -0,0 +1,217 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Common Defend Insights Attributes
+ *   version: not applicable
+ */
+
+import { z } from '@kbn/zod';
+
+import { NonEmptyString, User } from '../common_attributes.gen';
+import { Replacements, ApiConfig } from '../conversations/common_attributes.gen';
+
+/**
+ * A Defend insight event
+ */
+export type DefendInsightEvent = z.infer<typeof DefendInsightEvent>;
+export const DefendInsightEvent = z.object({
+  /**
+   * The event's ID
+   */
+  id: z.string(),
+  /**
+   * The endpoint's ID
+   */
+  endpointId: z.string(),
+  /**
+   * The value of the event
+   */
+  value: z.string(),
+});
+
+/**
+ * The insight type (ie. incompatible_antivirus)
+ */
+export type DefendInsightType = z.infer<typeof DefendInsightType>;
+export const DefendInsightType = z.enum(['incompatible_antivirus', 'noisy_process_tree']);
+export type DefendInsightTypeEnum = typeof DefendInsightType.enum;
+export const DefendInsightTypeEnum = DefendInsightType.enum;
+
+/**
+ * A Defend insight generated from endpoint events
+ */
+export type DefendInsight = z.infer<typeof DefendInsight>;
+export const DefendInsight = z.object({
+  /**
+   * The group category of the events (ie. Windows Defender)
+   */
+  group: z.string(),
+  /**
+   * An array of event objects
+   */
+  events: z.array(DefendInsightEvent).optional(),
+});
+
+/**
+ * Array of Defend insights
+ */
+export type DefendInsights = z.infer<typeof DefendInsights>;
+export const DefendInsights = z.array(DefendInsight);
+
+/**
+ * The status of the Defend insight.
+ */
+export type DefendInsightStatus = z.infer<typeof DefendInsightStatus>;
+export const DefendInsightStatus = z.enum(['running', 'succeeded', 'failed', 'canceled']);
+export type DefendInsightStatusEnum = typeof DefendInsightStatus.enum;
+export const DefendInsightStatusEnum = DefendInsightStatus.enum;
+
+/**
+ * Run durations for the Defend insight
+ */
+export type DefendInsightGenerationInterval = z.infer<typeof DefendInsightGenerationInterval>;
+export const DefendInsightGenerationInterval = z.object({
+  /**
+   * The time the Defend insight was generated
+   */
+  date: z.string(),
+  /**
+   * The duration of the Defend insight generation
+   */
+  durationMs: z.number().int(),
+});
+
+export type DefendInsightsResponse = z.infer<typeof DefendInsightsResponse>;
+export const DefendInsightsResponse = z.object({
+  id: NonEmptyString,
+  timestamp: NonEmptyString.optional(),
+  /**
+   * The last time the Defend insight was updated.
+   */
+  updatedAt: z.string(),
+  /**
+   * The last time the Defend insight was viewed in the browser.
+   */
+  lastViewedAt: z.string(),
+  /**
+   * The number of events in the context.
+   */
+  eventsContextCount: z.number().int().optional(),
+  /**
+   * The time the Defend insight was created.
+   */
+  createdAt: z.string(),
+  replacements: Replacements.optional(),
+  users: z.array(User),
+  /**
+   * The status of the Defend insight.
+   */
+  status: DefendInsightStatus,
+  endpointIds: z.array(NonEmptyString),
+  insightType: DefendInsightType,
+  /**
+   * The Defend insights.
+   */
+  insights: DefendInsights,
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig,
+  /**
+   * Kibana space
+   */
+  namespace: z.string(),
+  /**
+   * The backing index required for update requests.
+   */
+  backingIndex: z.string(),
+  /**
+   * The most 5 recent generation intervals
+   */
+  generationIntervals: z.array(DefendInsightGenerationInterval),
+  /**
+   * The average generation interval in milliseconds
+   */
+  averageIntervalMs: z.number().int(),
+  /**
+   * The reason for a status of failed.
+   */
+  failureReason: z.string().optional(),
+});
+
+export type DefendInsightUpdateProps = z.infer<typeof DefendInsightUpdateProps>;
+export const DefendInsightUpdateProps = z.object({
+  id: NonEmptyString,
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig.optional(),
+  /**
+   * The number of events in the context.
+   */
+  eventsContextCount: z.number().int().optional(),
+  /**
+   * The Defend insights.
+   */
+  insights: DefendInsights.optional(),
+  /**
+   * The status of the Defend insight.
+   */
+  status: DefendInsightStatus.optional(),
+  replacements: Replacements.optional(),
+  /**
+   * The most 5 recent generation intervals
+   */
+  generationIntervals: z.array(DefendInsightGenerationInterval).optional(),
+  /**
+   * The backing index required for update requests.
+   */
+  backingIndex: z.string(),
+  /**
+   * The reason for a status of failed.
+   */
+  failureReason: z.string().optional(),
+  /**
+   * The last time the Defend insight was viewed in the browser.
+   */
+  lastViewedAt: z.string().optional(),
+});
+
+export type DefendInsightsUpdateProps = z.infer<typeof DefendInsightsUpdateProps>;
+export const DefendInsightsUpdateProps = z.array(DefendInsightUpdateProps);
+
+export type DefendInsightCreateProps = z.infer<typeof DefendInsightCreateProps>;
+export const DefendInsightCreateProps = z.object({
+  /**
+   * The Defend insight id.
+   */
+  id: z.string().optional(),
+  /**
+   * The status of the Defend insight.
+   */
+  status: DefendInsightStatus,
+  /**
+   * The number of events in the context.
+   */
+  eventsContextCount: z.number().int().optional(),
+  endpointIds: z.array(NonEmptyString),
+  insightType: DefendInsightType,
+  /**
+   * The Defend insights.
+   */
+  insights: DefendInsights,
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig,
+  replacements: Replacements.optional(),
+});
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/common_attributes.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/common_attributes.schema.yaml
new file mode 100644
index 0000000000000..5c27449c7d346
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/common_attributes.schema.yaml
@@ -0,0 +1,224 @@
+openapi: 3.0.0
+info:
+  title: Common Defend Insights Attributes
+  version: 'not applicable'
+paths: {}
+components:
+  x-codegen-enabled: true
+  schemas:
+    DefendInsightEvent:
+      type: object
+      description: A Defend insight event
+      required:
+        - 'id'
+        - 'endpointId'
+        - 'value'
+      properties:
+        id:
+          description: The event's ID
+          type: string
+        endpointId:
+          description: The endpoint's ID
+          type: string
+        value:
+          description: The value of the event
+          type: string
+
+    DefendInsightType:
+      description: The insight type (ie. incompatible_antivirus)
+      type: string
+      enum:
+        - incompatible_antivirus
+        - noisy_process_tree
+
+    DefendInsight:
+      type: object
+      description: A Defend insight generated from endpoint events
+      required:
+        - 'group'
+      properties:
+        group:
+          description: The group category of the events (ie. Windows Defender)
+          type: string
+        events:
+          description: An array of event objects
+          type: array
+          items:
+            $ref: '#/components/schemas/DefendInsightEvent'
+
+    DefendInsights:
+      type: array
+      description: Array of Defend insights
+      items:
+        $ref: '#/components/schemas/DefendInsight'
+
+    DefendInsightsResponse:
+      type: object
+      required:
+        - apiConfig
+        - id
+        - createdAt
+        - updatedAt
+        - lastViewedAt
+        - users
+        - namespace
+        - endpointIds
+        - insightType
+        - insights
+        - status
+        - backingIndex
+        - generationIntervals
+        - averageIntervalMs
+      properties:
+        id:
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        'timestamp':
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        updatedAt:
+          description: The last time the Defend insight was updated.
+          type: string
+        lastViewedAt:
+          description: The last time the Defend insight was viewed in the browser.
+          type: string
+        eventsContextCount:
+            type: integer
+            description: The number of events in the context.
+        createdAt:
+          description: The time the Defend insight was created.
+          type: string
+        replacements:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
+        users:
+          type: array
+          items:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/User'
+        status:
+          $ref: '#/components/schemas/DefendInsightStatus'
+          description: The status of the Defend insight.
+        endpointIds:
+          type: array
+          items:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        insightType:
+          $ref: '#/components/schemas/DefendInsightType'
+        insights:
+          $ref: '#/components/schemas/DefendInsights'
+          description: The Defend insights.
+        apiConfig:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+          description: LLM API configuration.
+        namespace:
+          type: string
+          description: Kibana space
+        backingIndex:
+          type: string
+          description: The backing index required for update requests.
+        generationIntervals:
+          type: array
+          description: The most 5 recent generation intervals
+          items:
+            $ref: '#/components/schemas/DefendInsightGenerationInterval'
+        averageIntervalMs:
+          type: integer
+          description: The average generation interval in milliseconds
+        failureReason:
+          type: string
+          description: The reason for a status of failed.
+
+    DefendInsightGenerationInterval:
+      type: object
+      description: Run durations for the Defend insight
+      required:
+        - 'date'
+        - 'durationMs'
+      properties:
+        date:
+          description: The time the Defend insight was generated
+          type: string
+        durationMs:
+          description: The duration of the Defend insight generation
+          type: integer
+
+    DefendInsightStatus:
+      type: string
+      description: The status of the Defend insight.
+      enum:
+        - running
+        - succeeded
+        - failed
+        - canceled
+
+    DefendInsightUpdateProps:
+      type: object
+      required:
+        - id
+        - backingIndex
+      properties:
+        id:
+          $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        apiConfig:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+          description: LLM API configuration.
+        eventsContextCount:
+          type: integer
+          description: The number of events in the context.
+        insights:
+          $ref: '#/components/schemas/DefendInsights'
+          description: The Defend insights.
+        status:
+          $ref: '#/components/schemas/DefendInsightStatus'
+          description: The status of the Defend insight.
+        replacements:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
+        generationIntervals:
+          type: array
+          description: The most 5 recent generation intervals
+          items:
+            $ref: '#/components/schemas/DefendInsightGenerationInterval'
+        backingIndex:
+          type: string
+          description: The backing index required for update requests.
+        failureReason:
+          type: string
+          description: The reason for a status of failed.
+        lastViewedAt:
+          description: The last time the Defend insight was viewed in the browser.
+          type: string
+
+    DefendInsightsUpdateProps:
+      type: array
+      items:
+        $ref: '#/components/schemas/DefendInsightUpdateProps'
+
+    DefendInsightCreateProps:
+      type: object
+      required:
+        - endpointIds
+        - insightType
+        - insights
+        - apiConfig
+        - status
+      properties:
+        id:
+          type: string
+          description: The Defend insight id.
+        status:
+          $ref: '#/components/schemas/DefendInsightStatus'
+          description: The status of the Defend insight.
+        eventsContextCount:
+          type: integer
+          description: The number of events in the context.
+        endpointIds:
+          type: array
+          items:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        insightType:
+          $ref: '#/components/schemas/DefendInsightType'
+        insights:
+          $ref: '#/components/schemas/DefendInsights'
+          description: The Defend insights.
+        apiConfig:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+          description: LLM API configuration.
+        replacements:
+          $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insight_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insight_route.gen.ts
new file mode 100644
index 0000000000000..fafaca8f48ead
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insight_route.gen.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Get Defend Insight API endpoint
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+
+import { NonEmptyString } from '../common_attributes.gen';
+import { DefendInsightsResponse } from './common_attributes.gen';
+
+export type DefendInsightGetRequestParams = z.infer<typeof DefendInsightGetRequestParams>;
+export const DefendInsightGetRequestParams = z.object({
+  /**
+   * The Defend insight id
+   */
+  id: NonEmptyString,
+});
+export type DefendInsightGetRequestParamsInput = z.input<typeof DefendInsightGetRequestParams>;
+
+export type DefendInsightGetResponse = z.infer<typeof DefendInsightGetResponse>;
+export const DefendInsightGetResponse = z.object({
+  data: DefendInsightsResponse.nullable().optional(),
+});
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insight_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insight_route.schema.yaml
new file mode 100644
index 0000000000000..2684bf53cf87b
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insight_route.schema.yaml
@@ -0,0 +1,45 @@
+openapi: 3.0.3
+info:
+  title: Get Defend Insight API endpoint
+  version: '1'
+paths:
+  /internal/elastic_assistant/defend_insights/{id}:
+    get:
+      x-codegen-enabled: true
+      x-labels: [ess, serverless]
+      operationId: DefendInsightGet
+      description: Get Defend insight by id
+      summary: Get Defend insight data
+      tags:
+        - defend_insights
+      parameters:
+        - name: 'id'
+          in: path
+          required: true
+          description: The Defend insight id
+          schema:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  data:
+                    $ref: './common_attributes.schema.yaml#/components/schemas/DefendInsightsResponse'
+                    nullable: true
+        '400':
+          description: Generic Error
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  statusCode:
+                    type: number
+                  error:
+                    type: string
+                  message:
+                    type: string
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insights_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insights_route.gen.ts
new file mode 100644
index 0000000000000..0a2f3d618a869
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insights_route.gen.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Get Defend Insights API endpoint
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+import { ArrayFromString } from '@kbn/zod-helpers';
+
+import { NonEmptyString } from '../common_attributes.gen';
+import {
+  DefendInsightType,
+  DefendInsightStatus,
+  DefendInsightsResponse,
+} from './common_attributes.gen';
+
+export type DefendInsightsGetRequestQuery = z.infer<typeof DefendInsightsGetRequestQuery>;
+export const DefendInsightsGetRequestQuery = z.object({
+  /**
+   * The insight ids for which to get Defend insights
+   */
+  ids: ArrayFromString(NonEmptyString).optional(),
+  /**
+   * The connector id for which to get Defend insights
+   */
+  connector_id: NonEmptyString.optional(),
+  /**
+   * The insight type for which to get Defend insights
+   */
+  type: DefendInsightType.optional(),
+  /**
+   * The status for which to get Defend insights
+   */
+  status: DefendInsightStatus.optional(),
+  /**
+   * The endpoint ids for which to get Defend insights
+   */
+  endpoint_ids: ArrayFromString(NonEmptyString).optional(),
+  /**
+   * The number of Defend insights to return
+   */
+  size: z.coerce.number().optional(),
+});
+export type DefendInsightsGetRequestQueryInput = z.input<typeof DefendInsightsGetRequestQuery>;
+
+export type DefendInsightsGetResponse = z.infer<typeof DefendInsightsGetResponse>;
+export const DefendInsightsGetResponse = z.object({
+  data: z.array(DefendInsightsResponse),
+});
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insights_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insights_route.schema.yaml
new file mode 100644
index 0000000000000..5d7e0b5358f81
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/get_defend_insights_route.schema.yaml
@@ -0,0 +1,82 @@
+openapi: 3.0.0
+info:
+  title: Get Defend Insights API endpoint
+  version: '1'
+paths:
+  /internal/elastic_assistant/defend_insights:
+    get:
+      x-codegen-enabled: true
+      x-labels: [ess, serverless]
+      operationId: DefendInsightsGet
+      description: Get relevant data for Defend insights
+      summary: Get relevant data for Defend insights
+      tags:
+        - defend_insights
+      parameters:
+        - name: 'ids'
+          in: query
+          required: false
+          description: The insight ids for which to get Defend insights
+          schema:
+            type: array
+            items:
+              $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        - name: 'connector_id'
+          in: query
+          required: false
+          description: The connector id for which to get Defend insights
+          schema:
+            $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        - name: 'type'
+          in: query
+          required: false
+          description: The insight type for which to get Defend insights
+          schema:
+            $ref: './common_attributes.schema.yaml#/components/schemas/DefendInsightType'
+        - name: 'status'
+          in: query
+          required: false
+          description: The status for which to get Defend insights
+          schema:
+            $ref: './common_attributes.schema.yaml#/components/schemas/DefendInsightStatus'
+        - name: 'endpoint_ids'
+          in: query
+          required: false
+          description: The endpoint ids for which to get Defend insights
+          schema:
+            type: array
+            items:
+              $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+        - name: 'size'
+          in: query
+          required: false
+          description: The number of Defend insights to return
+          schema:
+            type: number
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                required:
+                  - data
+                properties:
+                  data:
+                    type: array
+                    items:
+                      $ref: './common_attributes.schema.yaml#/components/schemas/DefendInsightsResponse'
+        '400':
+          description: Generic Error
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  statusCode:
+                    type: number
+                  error:
+                    type: string
+                  message:
+                    type: string
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/index.ts
new file mode 100644
index 0000000000000..0518abdf6dcb7
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/index.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './common_attributes.gen';
+export * from './get_defend_insight_route.gen';
+export * from './get_defend_insights_route.gen';
+export * from './post_defend_insights_route.gen';
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/post_defend_insights_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/post_defend_insights_route.gen.ts
new file mode 100644
index 0000000000000..cc0ccfeea1980
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/post_defend_insights_route.gen.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Post Defend Insights API endpoint
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+
+import { NonEmptyString } from '../common_attributes.gen';
+import { DefendInsightType, DefendInsightsResponse } from './common_attributes.gen';
+import { AnonymizationFieldResponse } from '../anonymization_fields/bulk_crud_anonymization_fields_route.gen';
+import { ApiConfig, Replacements } from '../conversations/common_attributes.gen';
+
+export type DefendInsightsPostRequestBody = z.infer<typeof DefendInsightsPostRequestBody>;
+export const DefendInsightsPostRequestBody = z.object({
+  endpointIds: z.array(NonEmptyString),
+  insightType: DefendInsightType,
+  anonymizationFields: z.array(AnonymizationFieldResponse),
+  /**
+   * LLM API configuration.
+   */
+  apiConfig: ApiConfig,
+  langSmithProject: z.string().optional(),
+  langSmithApiKey: z.string().optional(),
+  model: z.string().optional(),
+  replacements: Replacements.optional(),
+  subAction: z.enum(['invokeAI', 'invokeStream']),
+});
+export type DefendInsightsPostRequestBodyInput = z.input<typeof DefendInsightsPostRequestBody>;
+
+export type DefendInsightsPostResponse = z.infer<typeof DefendInsightsPostResponse>;
+export const DefendInsightsPostResponse = DefendInsightsResponse;
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/post_defend_insights_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/post_defend_insights_route.schema.yaml
new file mode 100644
index 0000000000000..87c7cdbb81a8e
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/defend_insights/post_defend_insights_route.schema.yaml
@@ -0,0 +1,77 @@
+openapi: 3.0.0
+info:
+  title: Post Defend Insights API endpoint
+  version: '1'
+components:
+  x-codegen-enabled: true
+
+paths:
+  /internal/elastic_assistant/defend_insights:
+    post:
+      x-codegen-enabled: true
+      x-labels: [ess, serverless]
+      operationId: DefendInsightsPost
+      description: Generate Elastic Defend configuration insights
+      summary: Generate Elastic Defend configuration insights from endpoint events via the Elastic Assistant
+      tags:
+        - defend_insights
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required:
+                - endpointIds
+                - insightType
+                - apiConfig
+                - anonymizationFields
+                - subAction
+              properties:
+                endpointIds:
+                  type: array
+                  items:
+                    $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString'
+                insightType:
+                  $ref: './common_attributes.schema.yaml#/components/schemas/DefendInsightType'
+                anonymizationFields:
+                  type: array
+                  items:
+                    $ref: '../anonymization_fields/bulk_crud_anonymization_fields_route.schema.yaml#/components/schemas/AnonymizationFieldResponse'
+                apiConfig:
+                  $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig'
+                  description: LLM API configuration.
+                langSmithProject:
+                  type: string
+                langSmithApiKey:
+                  type: string
+                model:
+                  type: string
+                replacements:
+                  $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements'
+                subAction:
+                  type: string
+                  enum:
+                    - invokeAI
+                    - invokeStream
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: './common_attributes.schema.yaml#/components/schemas/DefendInsightsResponse'
+        '400':
+          description: Bad request
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  statusCode:
+                    type: number
+                  error:
+                    type: string
+                  message:
+                    type: string
+
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts
index 9233791a870c3..02ac9b7b1ba90 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts
@@ -27,6 +27,9 @@ export * from './attack_discovery/get_attack_discovery_route.gen';
 export * from './attack_discovery/post_attack_discovery_route.gen';
 export * from './attack_discovery/cancel_attack_discovery_route.gen';
 
+// Defend insight Schemas
+export * from './defend_insights';
+
 // Chat Schemas
 export * from './chat/post_chat_complete_route.gen';
 
diff --git a/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts b/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts
index a0454cb2bbc18..99559e8ce6b68 100644
--- a/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts
+++ b/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts
@@ -28,6 +28,7 @@ import {
   DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
   DEFAULT_MICROSOFT_GRAPH_API_URL,
 } from '../../common';
+import { getFips } from 'crypto';
 
 const logger = loggingSystemMock.create().get() as jest.Mocked<Logger>;
 
@@ -251,19 +252,6 @@ describe('axios connections', () => {
       expect(res.status).toBe(200);
     });
 
-    test('it works with pfx and passphrase in SSL overrides', async () => {
-      const { url, server } = await createServer({ useHttps: true, requestCert: true });
-      testServer = server;
-
-      const configurationUtilities = getACUfromConfig();
-      const sslOverrides = {
-        pfx: KIBANA_P12,
-        passphrase: 'storepass',
-      };
-      const res = await request({ axios, url, logger, configurationUtilities, sslOverrides });
-      expect(res.status).toBe(200);
-    });
-
     test('it fails with cert and key but no ca in SSL overrides', async () => {
       const { url, server } = await createServer({ useHttps: true, requestCert: true });
       testServer = server;
@@ -278,18 +266,33 @@ describe('axios connections', () => {
       await expect(fn()).rejects.toThrow('certificate');
     });
 
-    test('it fails with pfx but no passphrase in SSL overrides', async () => {
-      const { url, server } = await createServer({ useHttps: true, requestCert: true });
-      testServer = server;
+    if (getFips() !== 1) {
+      test('it works with pfx and passphrase in SSL overrides', async () => {
+        const { url, server } = await createServer({ useHttps: true, requestCert: true });
+        testServer = server;
+
+        const configurationUtilities = getACUfromConfig();
+        const sslOverrides = {
+          pfx: KIBANA_P12,
+          passphrase: 'storepass',
+        };
+        const res = await request({ axios, url, logger, configurationUtilities, sslOverrides });
+        expect(res.status).toBe(200);
+      });
 
-      const configurationUtilities = getACUfromConfig();
-      const sslOverrides = {
-        pfx: KIBANA_P12,
-      };
-      const fn = async () =>
-        await request({ axios, url, logger, configurationUtilities, sslOverrides });
-      await expect(fn()).rejects.toThrow('mac verify');
-    });
+      test('it fails with pfx but no passphrase in SSL overrides', async () => {
+        const { url, server } = await createServer({ useHttps: true, requestCert: true });
+        testServer = server;
+
+        const configurationUtilities = getACUfromConfig();
+        const sslOverrides = {
+          pfx: KIBANA_P12,
+        };
+        const fn = async () =>
+          await request({ axios, url, logger, configurationUtilities, sslOverrides });
+        await expect(fn()).rejects.toThrow('mac verify');
+      });
+    }
 
     test('it fails with a client-side certificate issued by an invalid ca', async () => {
       const { url, server } = await createServer({ useHttps: true, requestCert: true });
diff --git a/x-pack/plugins/ai_infra/llm_tasks/README.md b/x-pack/plugins/ai_infra/llm_tasks/README.md
new file mode 100644
index 0000000000000..e019d456cd65a
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/README.md
@@ -0,0 +1,45 @@
+# LLM Tasks plugin
+
+This plugin contains various LLM tasks.
+
+## Retrieve documentation
+
+This task allows to retrieve documents from our Elastic product documentation.
+
+The task depends on the `product-doc-base` plugin, as this dependency is used
+to install and manage the product documentation.
+
+### Checking if the task is available
+
+A `retrieveDocumentationAvailable` API is exposed from the start contract, that
+should be used to assert that the `retrieve_doc` task can be used in the current
+context.
+
+That API receive the inbound request as parameter.
+
+Example:
+```ts
+if (await llmTasksStart.retrieveDocumentationAvailable({ request })) {
+  // task is available
+} else {
+  // task is not available
+}
+```
+
+### Executing the task
+
+The task is executed as an API of the plugin's start contract, and can be invoked
+as any other lifecycle API would.
+
+Example:
+```ts
+const result = await llmTasksStart.retrieveDocumentation({
+  searchTerm: "How to create a space in Kibana?",
+  request,
+  connectorId: 'my-connector-id',
+});
+
+const { success, documents } = result;
+```
+
+The exhaustive list of options for the task is available on the `RetrieveDocumentationParams` type's TS doc.
diff --git a/x-pack/plugins/ai_infra/llm_tasks/jest.config.js b/x-pack/plugins/ai_infra/llm_tasks/jest.config.js
new file mode 100644
index 0000000000000..2a6206d4304b9
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/jest.config.js
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../../..',
+  roots: ['<rootDir>/x-pack/plugins/ai_infra/llm_tasks/server'],
+  setupFiles: [],
+  collectCoverage: true,
+  collectCoverageFrom: [
+    '<rootDir>/x-pack/plugins/ai_infra/llm_tasks/{public,server,common}/**/*.{js,ts,tsx}',
+  ],
+
+  coverageReporters: ['html'],
+};
diff --git a/x-pack/plugins/ai_infra/llm_tasks/kibana.jsonc b/x-pack/plugins/ai_infra/llm_tasks/kibana.jsonc
new file mode 100644
index 0000000000000..1ef211d01210e
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/kibana.jsonc
@@ -0,0 +1,15 @@
+{
+  "type": "plugin",
+  "id": "@kbn/llm-tasks-plugin",
+  "owner": "@elastic/appex-ai-infra",
+  "plugin": {
+    "id": "llmTasks",
+    "server": true,
+    "browser": false,
+    "configPath": ["xpack", "llmTasks"],
+    "requiredPlugins": ["inference", "productDocBase"],
+    "requiredBundles": [],
+    "optionalPlugins": [],
+    "extraPublicDirs": []
+  }
+}
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/config.ts b/x-pack/plugins/ai_infra/llm_tasks/server/config.ts
new file mode 100644
index 0000000000000..c509af8bda64b
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/config.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema, type TypeOf } from '@kbn/config-schema';
+import type { PluginConfigDescriptor } from '@kbn/core/server';
+
+const configSchema = schema.object({});
+
+export const config: PluginConfigDescriptor<LlmTasksConfig> = {
+  schema: configSchema,
+  exposeToBrowser: {},
+};
+
+export type LlmTasksConfig = TypeOf<typeof configSchema>;
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/index.ts b/x-pack/plugins/ai_infra/llm_tasks/server/index.ts
new file mode 100644
index 0000000000000..1b18426dc2c34
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/index.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { PluginInitializer, PluginInitializerContext } from '@kbn/core/server';
+import type { LlmTasksConfig } from './config';
+import type {
+  LlmTasksPluginSetup,
+  LlmTasksPluginStart,
+  PluginSetupDependencies,
+  PluginStartDependencies,
+} from './types';
+import { LlmTasksPlugin } from './plugin';
+
+export { config } from './config';
+
+export type { LlmTasksPluginSetup, LlmTasksPluginStart };
+
+export const plugin: PluginInitializer<
+  LlmTasksPluginSetup,
+  LlmTasksPluginStart,
+  PluginSetupDependencies,
+  PluginStartDependencies
+> = async (pluginInitializerContext: PluginInitializerContext<LlmTasksConfig>) =>
+  new LlmTasksPlugin(pluginInitializerContext);
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/plugin.ts b/x-pack/plugins/ai_infra/llm_tasks/server/plugin.ts
new file mode 100644
index 0000000000000..d10c495ece159
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/plugin.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { CoreSetup, CoreStart, Plugin, PluginInitializerContext } from '@kbn/core/server';
+import type { LlmTasksConfig } from './config';
+import type {
+  LlmTasksPluginSetup,
+  LlmTasksPluginStart,
+  PluginSetupDependencies,
+  PluginStartDependencies,
+} from './types';
+import { retrieveDocumentation } from './tasks';
+
+export class LlmTasksPlugin
+  implements
+    Plugin<
+      LlmTasksPluginSetup,
+      LlmTasksPluginStart,
+      PluginSetupDependencies,
+      PluginStartDependencies
+    >
+{
+  private logger: Logger;
+
+  constructor(context: PluginInitializerContext<LlmTasksConfig>) {
+    this.logger = context.logger.get();
+  }
+  setup(
+    coreSetup: CoreSetup<PluginStartDependencies, LlmTasksPluginStart>,
+    setupDependencies: PluginSetupDependencies
+  ): LlmTasksPluginSetup {
+    return {};
+  }
+
+  start(core: CoreStart, startDependencies: PluginStartDependencies): LlmTasksPluginStart {
+    const { inference, productDocBase } = startDependencies;
+    return {
+      retrieveDocumentationAvailable: async () => {
+        const docBaseStatus = await startDependencies.productDocBase.management.getStatus();
+        return docBaseStatus.status === 'installed';
+      },
+      retrieveDocumentation: (options) => {
+        return retrieveDocumentation({
+          outputAPI: inference.getClient({ request: options.request }).output,
+          searchDocAPI: productDocBase.search,
+          logger: this.logger.get('tasks.retrieve-documentation'),
+        })(options);
+      },
+    };
+  }
+}
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/tasks/index.ts b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/index.ts
new file mode 100644
index 0000000000000..41d3911823449
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { retrieveDocumentation } from './retrieve_documentation';
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/index.ts b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/index.ts
new file mode 100644
index 0000000000000..22bf0745bd77f
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/index.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { retrieveDocumentation } from './retrieve_documentation';
+export type {
+  RetrieveDocumentationAPI,
+  RetrieveDocumentationResult,
+  RetrieveDocumentationParams,
+} from './types';
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/retrieve_documentation.test.ts b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/retrieve_documentation.test.ts
new file mode 100644
index 0000000000000..5722b73ca039c
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/retrieve_documentation.test.ts
@@ -0,0 +1,182 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { httpServerMock } from '@kbn/core/server/mocks';
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import type { DocSearchResult } from '@kbn/product-doc-base-plugin/server/services/search';
+
+import { retrieveDocumentation } from './retrieve_documentation';
+import { truncate, count as countTokens } from '../../utils/tokens';
+jest.mock('../../utils/tokens');
+const truncateMock = truncate as jest.MockedFn<typeof truncate>;
+const countTokensMock = countTokens as jest.MockedFn<typeof countTokens>;
+
+import { summarizeDocument } from './summarize_document';
+jest.mock('./summarize_document');
+const summarizeDocumentMock = summarizeDocument as jest.MockedFn<typeof summarizeDocument>;
+
+describe('retrieveDocumentation', () => {
+  let logger: MockedLogger;
+  let request: ReturnType<typeof httpServerMock.createKibanaRequest>;
+  let outputAPI: jest.Mock;
+  let searchDocAPI: jest.Mock;
+  let retrieve: ReturnType<typeof retrieveDocumentation>;
+
+  const createResult = (parts: Partial<DocSearchResult> = {}): DocSearchResult => {
+    return {
+      title: 'title',
+      content: 'content',
+      url: 'url',
+      productName: 'kibana',
+      ...parts,
+    };
+  };
+
+  beforeEach(() => {
+    logger = loggerMock.create();
+    request = httpServerMock.createKibanaRequest();
+    outputAPI = jest.fn();
+    searchDocAPI = jest.fn();
+    retrieve = retrieveDocumentation({ logger, searchDocAPI, outputAPI });
+  });
+
+  afterEach(() => {
+    summarizeDocumentMock.mockReset();
+    truncateMock.mockReset();
+    countTokensMock.mockReset();
+  });
+
+  it('calls the search API with the right parameters', async () => {
+    searchDocAPI.mockResolvedValue({ results: [] });
+
+    const result = await retrieve({
+      searchTerm: 'What is Kibana?',
+      products: ['kibana'],
+      request,
+      max: 5,
+      connectorId: '.my-connector',
+      functionCalling: 'simulated',
+    });
+
+    expect(result).toEqual({
+      success: true,
+      documents: [],
+    });
+
+    expect(searchDocAPI).toHaveBeenCalledTimes(1);
+    expect(searchDocAPI).toHaveBeenCalledWith({
+      query: 'What is Kibana?',
+      products: ['kibana'],
+      max: 5,
+    });
+  });
+
+  it('reduces the document length using the truncate strategy', async () => {
+    searchDocAPI.mockResolvedValue({
+      results: [
+        createResult({ content: 'content-1' }),
+        createResult({ content: 'content-2' }),
+        createResult({ content: 'content-3' }),
+      ],
+    });
+
+    countTokensMock.mockImplementation((text) => {
+      if (text === 'content-2') {
+        return 150;
+      } else {
+        return 50;
+      }
+    });
+    truncateMock.mockReturnValue('truncated');
+
+    const result = await retrieve({
+      searchTerm: 'What is Kibana?',
+      request,
+      connectorId: '.my-connector',
+      maxDocumentTokens: 100,
+      tokenReductionStrategy: 'truncate',
+    });
+
+    expect(result.documents.length).toEqual(3);
+    expect(result.documents[0].content).toEqual('content-1');
+    expect(result.documents[1].content).toEqual('truncated');
+    expect(result.documents[2].content).toEqual('content-3');
+
+    expect(truncateMock).toHaveBeenCalledTimes(1);
+    expect(truncateMock).toHaveBeenCalledWith('content-2', 100);
+  });
+
+  it('reduces the document length using the summarize strategy', async () => {
+    searchDocAPI.mockResolvedValue({
+      results: [
+        createResult({ content: 'content-1' }),
+        createResult({ content: 'content-2' }),
+        createResult({ content: 'content-3' }),
+      ],
+    });
+
+    countTokensMock.mockImplementation((text) => {
+      if (text === 'content-2') {
+        return 50;
+      } else {
+        return 150;
+      }
+    });
+    truncateMock.mockImplementation((text) => text);
+
+    summarizeDocumentMock.mockImplementation(({ documentContent }) => {
+      return Promise.resolve({ summary: `${documentContent}-summarized` });
+    });
+
+    const result = await retrieve({
+      searchTerm: 'What is Kibana?',
+      request,
+      connectorId: '.my-connector',
+      maxDocumentTokens: 100,
+      tokenReductionStrategy: 'summarize',
+    });
+
+    expect(result.documents.length).toEqual(3);
+    expect(result.documents[0].content).toEqual('content-1-summarized');
+    expect(result.documents[1].content).toEqual('content-2');
+    expect(result.documents[2].content).toEqual('content-3-summarized');
+
+    expect(truncateMock).toHaveBeenCalledTimes(2);
+    expect(truncateMock).toHaveBeenCalledWith('content-1-summarized', 100);
+    expect(truncateMock).toHaveBeenCalledWith('content-3-summarized', 100);
+  });
+
+  it('logs an error and return an empty list of docs in case of error', async () => {
+    searchDocAPI.mockResolvedValue({
+      results: [createResult({ content: 'content-1' })],
+    });
+    countTokensMock.mockImplementation(() => {
+      return 150;
+    });
+    summarizeDocumentMock.mockImplementation(() => {
+      throw new Error('woups');
+    });
+
+    const result = await retrieve({
+      searchTerm: 'What is Kibana?',
+      request,
+      connectorId: '.my-connector',
+      maxDocumentTokens: 100,
+      tokenReductionStrategy: 'summarize',
+    });
+
+    expect(result).toEqual({
+      success: false,
+      documents: [],
+    });
+
+    expect(logger.error).toHaveBeenCalledTimes(1);
+    expect(logger.error).toHaveBeenCalledWith(
+      expect.stringContaining('Error retrieving documentation')
+    );
+  });
+});
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/retrieve_documentation.ts b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/retrieve_documentation.ts
new file mode 100644
index 0000000000000..96f966e483601
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/retrieve_documentation.ts
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { OutputAPI } from '@kbn/inference-common';
+import type { ProductDocSearchAPI } from '@kbn/product-doc-base-plugin/server';
+import { truncate, count as countTokens } from '../../utils/tokens';
+import type { RetrieveDocumentationAPI } from './types';
+import { summarizeDocument } from './summarize_document';
+
+const MAX_DOCUMENTS_DEFAULT = 3;
+const MAX_TOKENS_DEFAULT = 1000;
+
+export const retrieveDocumentation =
+  ({
+    outputAPI,
+    searchDocAPI,
+    logger: log,
+  }: {
+    outputAPI: OutputAPI;
+    searchDocAPI: ProductDocSearchAPI;
+    logger: Logger;
+  }): RetrieveDocumentationAPI =>
+  async ({
+    searchTerm,
+    connectorId,
+    products,
+    functionCalling,
+    max = MAX_DOCUMENTS_DEFAULT,
+    maxDocumentTokens = MAX_TOKENS_DEFAULT,
+    tokenReductionStrategy = 'summarize',
+  }) => {
+    try {
+      const { results } = await searchDocAPI({ query: searchTerm, products, max });
+
+      log.debug(`searching with term=[${searchTerm}] returned ${results.length} documents`);
+
+      const processedDocuments = await Promise.all(
+        results.map(async (document) => {
+          const tokenCount = countTokens(document.content);
+          const docHasTooManyTokens = tokenCount >= maxDocumentTokens;
+          log.debug(
+            `processing doc [${document.url}] - tokens : [${tokenCount}] - tooManyTokens: [${docHasTooManyTokens}]`
+          );
+
+          let content = document.content;
+          if (docHasTooManyTokens) {
+            if (tokenReductionStrategy === 'summarize') {
+              const extractResponse = await summarizeDocument({
+                searchTerm,
+                documentContent: document.content,
+                outputAPI,
+                connectorId,
+                functionCalling,
+              });
+              content = truncate(extractResponse.summary, maxDocumentTokens);
+            } else {
+              content = truncate(document.content, maxDocumentTokens);
+            }
+          }
+
+          log.debug(`done processing document [${document.url}]`);
+          return {
+            title: document.title,
+            url: document.url,
+            content,
+          };
+        })
+      );
+
+      log.debug(() => {
+        const docsAsJson = JSON.stringify(processedDocuments);
+        return `searching with term=[${searchTerm}] - results: ${docsAsJson}`;
+      });
+
+      return {
+        success: true,
+        documents: processedDocuments.filter((doc) => doc.content.length > 0),
+      };
+    } catch (e) {
+      log.error(`Error retrieving documentation: ${e.message}. Returning empty results.`);
+      return { success: false, documents: [] };
+    }
+  };
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/summarize_document.ts b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/summarize_document.ts
new file mode 100644
index 0000000000000..815cbc94d08f8
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/summarize_document.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ToolSchema, FunctionCallingMode, OutputAPI } from '@kbn/inference-common';
+
+const summarizeDocumentSchema = {
+  type: 'object',
+  properties: {
+    useful: {
+      type: 'boolean',
+      description: `Whether the provided document has any useful information related to the user's query.`,
+    },
+    summary: {
+      type: 'string',
+      description: `The condensed version of the document that can be used to answer the question. Can be empty.`,
+    },
+  },
+  required: ['useful'],
+} as const satisfies ToolSchema;
+
+interface SummarizeDocumentResponse {
+  summary: string;
+}
+
+export const summarizeDocument = async ({
+  searchTerm,
+  documentContent,
+  connectorId,
+  outputAPI,
+  functionCalling,
+}: {
+  searchTerm: string;
+  documentContent: string;
+  outputAPI: OutputAPI;
+  connectorId: string;
+  functionCalling?: FunctionCallingMode;
+}): Promise<SummarizeDocumentResponse> => {
+  const result = await outputAPI({
+    id: 'summarize_document',
+    connectorId,
+    functionCalling,
+    system: `You are an helpful Elastic assistant, and your current task is to help answer the user's question.
+
+      Given a question and a document, please provide a condensed version of the document that can be used to answer the question.
+      - Limit the length of the output to 500 words.
+      - Try to include all relevant information that could be used to answer the question. If this
+        can't be done within the 500 words limit, then only include the most relevant information related to the question.
+      - If you think the document isn't relevant at all to answer the question, just return an empty text`,
+    input: `
+      ## User question
+
+      ${searchTerm}
+
+      ## Document
+
+      ${documentContent}
+      `,
+    schema: summarizeDocumentSchema,
+  });
+  return {
+    summary: result.output.summary ?? '',
+  };
+};
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/types.ts b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/types.ts
new file mode 100644
index 0000000000000..1e0637fcd344c
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/tasks/retrieve_documentation/types.ts
@@ -0,0 +1,72 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { KibanaRequest } from '@kbn/core/server';
+import type { FunctionCallingMode } from '@kbn/inference-common';
+import type { ProductName } from '@kbn/product-doc-common';
+
+/**
+ * Parameters for {@link RetrieveDocumentationAPI}
+ */
+export interface RetrieveDocumentationParams {
+  /**
+   * The search term to perform semantic text with.
+   * E.g. "What is Kibana Lens?"
+   */
+  searchTerm: string;
+  /**
+   * Maximum number of documents to return.
+   * Defaults to 3.
+   */
+  max?: number;
+  /**
+   * Optional list of products to restrict the search to.
+   */
+  products?: ProductName[];
+  /**
+   * The maximum number of tokens to return *per document*.
+   * Documents exceeding this limit will go through token reduction.
+   *
+   * Defaults to `1000`.
+   */
+  maxDocumentTokens?: number;
+  /**
+   * The token reduction strategy to apply for documents exceeding max token count.
+   * - truncate: Will keep the N first tokens
+   * - summarize: Will call the LLM asking to generate a contextualized summary of the document
+   *
+   * Overall, `summarize` is way more efficient, but significantly slower, given that an additional
+   * LLM call will be performed.
+   *
+   * Defaults to `summarize`
+   */
+  tokenReductionStrategy?: 'truncate' | 'summarize';
+  /**
+   * The request that initiated the task.
+   */
+  request: KibanaRequest;
+  /**
+   * Id of the LLM connector to use for the task.
+   */
+  connectorId: string;
+  functionCalling?: FunctionCallingMode;
+}
+
+export interface RetrievedDocument {
+  title: string;
+  url: string;
+  content: string;
+}
+
+export interface RetrieveDocumentationResult {
+  success: boolean;
+  documents: RetrievedDocument[];
+}
+
+export type RetrieveDocumentationAPI = (
+  options: RetrieveDocumentationParams
+) => Promise<RetrieveDocumentationResult>;
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/types.ts b/x-pack/plugins/ai_infra/llm_tasks/server/types.ts
new file mode 100644
index 0000000000000..d550e4398b509
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/types.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { InferenceServerStart } from '@kbn/inference-plugin/server';
+import type { ProductDocBaseStartContract } from '@kbn/product-doc-base-plugin/server';
+import type { RetrieveDocumentationAPI } from './tasks/retrieve_documentation';
+
+/* eslint-disable @typescript-eslint/no-empty-interface*/
+
+export interface PluginSetupDependencies {}
+
+export interface PluginStartDependencies {
+  inference: InferenceServerStart;
+  productDocBase: ProductDocBaseStartContract;
+}
+
+/**
+ * Describes public llmTasks plugin contract returned at the `setup` stage.
+ */
+export interface LlmTasksPluginSetup {}
+
+/**
+ * Describes public llmTasks plugin contract returned at the `start` stage.
+ */
+export interface LlmTasksPluginStart {
+  /**
+   * Checks if all prerequisites to use the `retrieveDocumentation` task
+   * are respected. Can be used to check if the task can be registered
+   * as LLM tool for example.
+   */
+  retrieveDocumentationAvailable: () => Promise<boolean>;
+  /**
+   * Perform the `retrieveDocumentation` task.
+   *
+   * @see RetrieveDocumentationAPI
+   */
+  retrieveDocumentation: RetrieveDocumentationAPI;
+}
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/utils/tokens.test.ts b/x-pack/plugins/ai_infra/llm_tasks/server/utils/tokens.test.ts
new file mode 100644
index 0000000000000..dce97eaea9b75
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/utils/tokens.test.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { count, truncate } from './tokens';
+
+describe('count', () => {
+  it('returns the token count of a given text', () => {
+    expect(count('some short sentence')).toBeGreaterThan(1);
+  });
+});
+
+describe('truncate', () => {
+  it('truncates text that exceed the specified maximum token count', () => {
+    const text = 'some sentence that is likely longer than 5 tokens.';
+    const output = truncate(text, 5);
+    expect(output.length).toBeLessThan(text.length);
+  });
+  it('keeps text with a smaller amount of tokens unchanged', () => {
+    const text = 'some sentence that is likely less than 100 tokens.';
+    const output = truncate(text, 100);
+    expect(output.length).toEqual(text.length);
+  });
+});
diff --git a/x-pack/plugins/ai_infra/llm_tasks/server/utils/tokens.ts b/x-pack/plugins/ai_infra/llm_tasks/server/utils/tokens.ts
new file mode 100644
index 0000000000000..cb469144255b7
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/server/utils/tokens.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { encode, decode } from 'gpt-tokenizer';
+
+export const count = (text: string): number => {
+  return encode(text).length;
+};
+
+export const truncate = (text: string, maxTokens: number): string => {
+  const encoded = encode(text);
+  if (encoded.length > maxTokens) {
+    const truncated = encoded.slice(0, maxTokens);
+    return decode(truncated);
+  }
+  return text;
+};
diff --git a/x-pack/plugins/ai_infra/llm_tasks/tsconfig.json b/x-pack/plugins/ai_infra/llm_tasks/tsconfig.json
new file mode 100644
index 0000000000000..03b87827d941a
--- /dev/null
+++ b/x-pack/plugins/ai_infra/llm_tasks/tsconfig.json
@@ -0,0 +1,27 @@
+{
+  "extends": "../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types"
+  },
+  "include": [
+    "../../../../typings/**/*",
+    "common/**/*",
+    "public/**/*",
+    "typings/**/*",
+    "public/**/*.json",
+    "server/**/*",
+    "scripts/**/*",
+    ".storybook/**/*"
+  ],
+  "exclude": ["target/**/*", ".storybook/**/*.js"],
+  "kbn_references": [
+    "@kbn/core",
+    "@kbn/logging",
+    "@kbn/config-schema",
+    "@kbn/product-doc-common",
+    "@kbn/inference-plugin",
+    "@kbn/product-doc-base-plugin",
+    "@kbn/logging-mocks",
+    "@kbn/inference-common",
+  ]
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/README.md b/x-pack/plugins/ai_infra/product_doc_base/README.md
new file mode 100644
index 0000000000000..0ff6c34dd2785
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/README.md
@@ -0,0 +1,3 @@
+# Product documentation base plugin
+
+This plugin contains the product documentation base service.
diff --git a/x-pack/plugins/ai_infra/product_doc_base/common/consts.ts b/x-pack/plugins/ai_infra/product_doc_base/common/consts.ts
new file mode 100644
index 0000000000000..1622df5ed865c
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/common/consts.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const productDocInstallStatusSavedObjectTypeName = 'product-doc-install-status';
+
+/**
+ * The id of the inference endpoint we're creating for our product doc indices.
+ * Could be replaced with the default elser 2 endpoint once the default endpoint feature is available.
+ */
+export const internalElserInferenceId = 'kibana-internal-elser2';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/common/http_api/installation.ts b/x-pack/plugins/ai_infra/product_doc_base/common/http_api/installation.ts
new file mode 100644
index 0000000000000..0237bd2c3b488
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/common/http_api/installation.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ProductName } from '@kbn/product-doc-common';
+import type { ProductInstallState, InstallationStatus } from '../install_status';
+
+export const INSTALLATION_STATUS_API_PATH = '/internal/product_doc_base/status';
+export const INSTALL_ALL_API_PATH = '/internal/product_doc_base/install';
+export const UNINSTALL_ALL_API_PATH = '/internal/product_doc_base/uninstall';
+
+export interface InstallationStatusResponse {
+  overall: InstallationStatus;
+  perProducts: Record<ProductName, ProductInstallState>;
+}
+
+export interface PerformInstallResponse {
+  installed: boolean;
+}
+
+export interface UninstallResponse {
+  success: boolean;
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/common/install_status.ts b/x-pack/plugins/ai_infra/product_doc_base/common/install_status.ts
new file mode 100644
index 0000000000000..81102d43c1ff3
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/common/install_status.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ProductName } from '@kbn/product-doc-common';
+
+export type InstallationStatus = 'installed' | 'uninstalled' | 'installing' | 'error';
+
+/**
+ * DTO representation of the product doc install status SO
+ */
+export interface ProductDocInstallStatus {
+  id: string;
+  productName: ProductName;
+  productVersion: string;
+  installationStatus: InstallationStatus;
+  lastInstallationDate: Date | undefined;
+  lastInstallationFailureReason: string | undefined;
+  indexName?: string;
+}
+
+export interface ProductInstallState {
+  status: InstallationStatus;
+  version?: string;
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/jest.config.js b/x-pack/plugins/ai_infra/product_doc_base/jest.config.js
new file mode 100644
index 0000000000000..fc06be251a6f7
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/jest.config.js
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../../..',
+  roots: [
+    '<rootDir>/x-pack/plugins/ai_infra/product_doc_base/public',
+    '<rootDir>/x-pack/plugins/ai_infra/product_doc_base/server',
+    '<rootDir>/x-pack/plugins/ai_infra/product_doc_base/common',
+  ],
+  setupFiles: [],
+  collectCoverage: true,
+  collectCoverageFrom: [
+    '<rootDir>/x-pack/plugins/ai_infra/product_doc_base/{public,server,common}/**/*.{js,ts,tsx}',
+  ],
+
+  coverageReporters: ['html'],
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/kibana.jsonc b/x-pack/plugins/ai_infra/product_doc_base/kibana.jsonc
new file mode 100644
index 0000000000000..268b4a70c9921
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/kibana.jsonc
@@ -0,0 +1,15 @@
+{
+  "type": "plugin",
+  "id": "@kbn/product-doc-base-plugin",
+  "owner": "@elastic/appex-ai-infra",
+  "plugin": {
+    "id": "productDocBase",
+    "server": true,
+    "browser": true,
+    "configPath": ["xpack", "productDocBase"],
+    "requiredPlugins": ["licensing", "taskManager"],
+    "requiredBundles": [],
+    "optionalPlugins": [],
+    "extraPublicDirs": []
+  }
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/index.ts b/x-pack/plugins/ai_infra/product_doc_base/public/index.ts
new file mode 100644
index 0000000000000..b5ccbf029a73e
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { PluginInitializer, PluginInitializerContext } from '@kbn/core/public';
+import { ProductDocBasePlugin } from './plugin';
+import type {
+  ProductDocBasePluginSetup,
+  ProductDocBasePluginStart,
+  PluginSetupDependencies,
+  PluginStartDependencies,
+  PublicPluginConfig,
+} from './types';
+
+export type { ProductDocBasePluginSetup, ProductDocBasePluginStart };
+
+export const plugin: PluginInitializer<
+  ProductDocBasePluginSetup,
+  ProductDocBasePluginStart,
+  PluginSetupDependencies,
+  PluginStartDependencies
+> = (pluginInitializerContext: PluginInitializerContext<PublicPluginConfig>) =>
+  new ProductDocBasePlugin(pluginInitializerContext);
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/plugin.tsx b/x-pack/plugins/ai_infra/product_doc_base/public/plugin.tsx
new file mode 100644
index 0000000000000..6f2c989b6e45d
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/plugin.tsx
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { CoreSetup, CoreStart, Plugin, PluginInitializerContext } from '@kbn/core/public';
+import type { Logger } from '@kbn/logging';
+import type {
+  PublicPluginConfig,
+  ProductDocBasePluginSetup,
+  ProductDocBasePluginStart,
+  PluginSetupDependencies,
+  PluginStartDependencies,
+} from './types';
+import { InstallationService } from './services/installation';
+
+export class ProductDocBasePlugin
+  implements
+    Plugin<
+      ProductDocBasePluginSetup,
+      ProductDocBasePluginStart,
+      PluginSetupDependencies,
+      PluginStartDependencies
+    >
+{
+  logger: Logger;
+
+  constructor(context: PluginInitializerContext<PublicPluginConfig>) {
+    this.logger = context.logger.get();
+  }
+  setup(
+    coreSetup: CoreSetup<PluginStartDependencies, ProductDocBasePluginStart>,
+    pluginsSetup: PluginSetupDependencies
+  ): ProductDocBasePluginSetup {
+    return {};
+  }
+
+  start(coreStart: CoreStart, pluginsStart: PluginStartDependencies): ProductDocBasePluginStart {
+    const installationService = new InstallationService({ http: coreStart.http });
+
+    return {
+      installation: {
+        getStatus: () => installationService.getInstallationStatus(),
+        install: () => installationService.install(),
+        uninstall: () => installationService.uninstall(),
+      },
+    };
+  }
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/index.ts b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/index.ts
new file mode 100644
index 0000000000000..2eee8613d77dc
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { InstallationService } from './installation_service';
+export type { InstallationAPI } from './types';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/installation_service.test.ts b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/installation_service.test.ts
new file mode 100644
index 0000000000000..294aeb99e0fd8
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/installation_service.test.ts
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { httpServiceMock } from '@kbn/core/public/mocks';
+import { InstallationService } from './installation_service';
+import {
+  INSTALLATION_STATUS_API_PATH,
+  INSTALL_ALL_API_PATH,
+  UNINSTALL_ALL_API_PATH,
+} from '../../../common/http_api/installation';
+
+describe('InstallationService', () => {
+  let http: ReturnType<typeof httpServiceMock.createSetupContract>;
+  let service: InstallationService;
+
+  beforeEach(() => {
+    http = httpServiceMock.createSetupContract();
+    service = new InstallationService({ http });
+  });
+
+  describe('#getInstallationStatus', () => {
+    it('calls the endpoint with the right parameters', async () => {
+      await service.getInstallationStatus();
+      expect(http.get).toHaveBeenCalledTimes(1);
+      expect(http.get).toHaveBeenCalledWith(INSTALLATION_STATUS_API_PATH);
+    });
+    it('returns the value from the server', async () => {
+      const expected = { stubbed: true };
+      http.get.mockResolvedValue(expected);
+
+      const response = await service.getInstallationStatus();
+      expect(response).toEqual(expected);
+    });
+  });
+  describe('#install', () => {
+    beforeEach(() => {
+      http.post.mockResolvedValue({ installed: true });
+    });
+
+    it('calls the endpoint with the right parameters', async () => {
+      await service.install();
+      expect(http.post).toHaveBeenCalledTimes(1);
+      expect(http.post).toHaveBeenCalledWith(INSTALL_ALL_API_PATH);
+    });
+    it('returns the value from the server', async () => {
+      const expected = { installed: true };
+      http.post.mockResolvedValue(expected);
+
+      const response = await service.install();
+      expect(response).toEqual(expected);
+    });
+    it('throws when the server returns installed: false', async () => {
+      const expected = { installed: false };
+      http.post.mockResolvedValue(expected);
+
+      await expect(service.install()).rejects.toThrowErrorMatchingInlineSnapshot(
+        `"Installation did not complete successfully"`
+      );
+    });
+  });
+  describe('#uninstall', () => {
+    it('calls the endpoint with the right parameters', async () => {
+      await service.uninstall();
+      expect(http.post).toHaveBeenCalledTimes(1);
+      expect(http.post).toHaveBeenCalledWith(UNINSTALL_ALL_API_PATH);
+    });
+    it('returns the value from the server', async () => {
+      const expected = { stubbed: true };
+      http.post.mockResolvedValue(expected);
+
+      const response = await service.uninstall();
+      expect(response).toEqual(expected);
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/installation_service.ts b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/installation_service.ts
new file mode 100644
index 0000000000000..ff347f52cb531
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/installation_service.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { HttpSetup } from '@kbn/core-http-browser';
+import {
+  INSTALLATION_STATUS_API_PATH,
+  INSTALL_ALL_API_PATH,
+  UNINSTALL_ALL_API_PATH,
+  InstallationStatusResponse,
+  PerformInstallResponse,
+  UninstallResponse,
+} from '../../../common/http_api/installation';
+
+export class InstallationService {
+  private readonly http: HttpSetup;
+
+  constructor({ http }: { http: HttpSetup }) {
+    this.http = http;
+  }
+
+  async getInstallationStatus(): Promise<InstallationStatusResponse> {
+    return await this.http.get<InstallationStatusResponse>(INSTALLATION_STATUS_API_PATH);
+  }
+
+  async install(): Promise<PerformInstallResponse> {
+    const response = await this.http.post<PerformInstallResponse>(INSTALL_ALL_API_PATH);
+    if (!response.installed) {
+      throw new Error('Installation did not complete successfully');
+    }
+    return response;
+  }
+
+  async uninstall(): Promise<UninstallResponse> {
+    return await this.http.post<UninstallResponse>(UNINSTALL_ALL_API_PATH);
+  }
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/types.ts b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/types.ts
new file mode 100644
index 0000000000000..5c01c84b24625
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/services/installation/types.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  InstallationStatusResponse,
+  PerformInstallResponse,
+  UninstallResponse,
+} from '../../../common/http_api/installation';
+
+export interface InstallationAPI {
+  getStatus(): Promise<InstallationStatusResponse>;
+  install(): Promise<PerformInstallResponse>;
+  uninstall(): Promise<UninstallResponse>;
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/public/types.ts b/x-pack/plugins/ai_infra/product_doc_base/public/types.ts
new file mode 100644
index 0000000000000..1d06b0e08fa23
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/public/types.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { InstallationAPI } from './services/installation';
+
+/* eslint-disable @typescript-eslint/no-empty-interface*/
+
+export interface PublicPluginConfig {}
+
+export interface PluginSetupDependencies {}
+
+export interface PluginStartDependencies {}
+
+export interface ProductDocBasePluginSetup {}
+
+export interface ProductDocBasePluginStart {
+  installation: InstallationAPI;
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/config.ts b/x-pack/plugins/ai_infra/product_doc_base/server/config.ts
new file mode 100644
index 0000000000000..bd0892d582701
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/config.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema, type TypeOf } from '@kbn/config-schema';
+import type { PluginConfigDescriptor } from '@kbn/core/server';
+
+const configSchema = schema.object({
+  artifactRepositoryUrl: schema.string({
+    defaultValue: 'https://kibana-knowledge-base-artifacts.elastic.co',
+  }),
+});
+
+export const config: PluginConfigDescriptor<ProductDocBaseConfig> = {
+  schema: configSchema,
+  exposeToBrowser: {},
+};
+
+export type ProductDocBaseConfig = TypeOf<typeof configSchema>;
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/index.ts
new file mode 100644
index 0000000000000..805a0f2ea8c41
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/index.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { PluginInitializer, PluginInitializerContext } from '@kbn/core/server';
+import type { ProductDocBaseConfig } from './config';
+import type {
+  ProductDocBaseSetupContract,
+  ProductDocBaseStartContract,
+  ProductDocBaseSetupDependencies,
+  ProductDocBaseStartDependencies,
+} from './types';
+import { ProductDocBasePlugin } from './plugin';
+
+export { config } from './config';
+
+export type { ProductDocBaseSetupContract, ProductDocBaseStartContract };
+export type { SearchApi as ProductDocSearchAPI } from './services/search/types';
+
+export const plugin: PluginInitializer<
+  ProductDocBaseSetupContract,
+  ProductDocBaseStartContract,
+  ProductDocBaseSetupDependencies,
+  ProductDocBaseStartDependencies
+> = async (pluginInitializerContext: PluginInitializerContext<ProductDocBaseConfig>) =>
+  new ProductDocBasePlugin(pluginInitializerContext);
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/plugin.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/plugin.test.ts
new file mode 100644
index 0000000000000..bd5d6a720dd71
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/plugin.test.ts
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { coreMock } from '@kbn/core/server/mocks';
+import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
+import { taskManagerMock } from '@kbn/task-manager-plugin/server/mocks';
+import { productDocInstallStatusSavedObjectTypeName } from '../common/consts';
+import { ProductDocBasePlugin } from './plugin';
+import { ProductDocBaseSetupDependencies, ProductDocBaseStartDependencies } from './types';
+
+jest.mock('./services/package_installer');
+jest.mock('./services/search');
+jest.mock('./services/doc_install_status');
+jest.mock('./routes');
+jest.mock('./tasks');
+import { registerRoutes } from './routes';
+import { PackageInstaller } from './services/package_installer';
+import { registerTaskDefinitions, scheduleEnsureUpToDateTask } from './tasks';
+
+const PackageInstallMock = PackageInstaller as jest.Mock;
+
+describe('ProductDocBasePlugin', () => {
+  let initContext: ReturnType<typeof coreMock.createPluginInitializerContext>;
+  let plugin: ProductDocBasePlugin;
+  let pluginSetupDeps: ProductDocBaseSetupDependencies;
+  let pluginStartDeps: ProductDocBaseStartDependencies;
+
+  beforeEach(() => {
+    initContext = coreMock.createPluginInitializerContext();
+    plugin = new ProductDocBasePlugin(initContext);
+    pluginSetupDeps = {
+      taskManager: taskManagerMock.createSetup(),
+    };
+    pluginStartDeps = {
+      licensing: licensingMock.createStart(),
+      taskManager: taskManagerMock.createStart(),
+    };
+
+    PackageInstallMock.mockReturnValue({ ensureUpToDate: jest.fn().mockResolvedValue({}) });
+  });
+
+  afterEach(() => {
+    (scheduleEnsureUpToDateTask as jest.Mock).mockReset();
+  });
+
+  describe('#setup', () => {
+    it('register the routes', () => {
+      plugin.setup(coreMock.createSetup(), pluginSetupDeps);
+
+      expect(registerRoutes).toHaveBeenCalledTimes(1);
+    });
+    it('register the product-doc SO type', () => {
+      const coreSetup = coreMock.createSetup();
+      plugin.setup(coreSetup, pluginSetupDeps);
+
+      expect(coreSetup.savedObjects.registerType).toHaveBeenCalledTimes(1);
+      expect(coreSetup.savedObjects.registerType).toHaveBeenCalledWith(
+        expect.objectContaining({
+          name: productDocInstallStatusSavedObjectTypeName,
+        })
+      );
+    });
+    it('register the task definitions', () => {
+      plugin.setup(coreMock.createSetup(), pluginSetupDeps);
+
+      expect(registerTaskDefinitions).toHaveBeenCalledTimes(3);
+    });
+  });
+
+  describe('#start', () => {
+    it('returns a contract with the expected shape', () => {
+      plugin.setup(coreMock.createSetup(), pluginSetupDeps);
+      const startContract = plugin.start(coreMock.createStart(), pluginStartDeps);
+      expect(startContract).toEqual({
+        management: {
+          getStatus: expect.any(Function),
+          install: expect.any(Function),
+          uninstall: expect.any(Function),
+          update: expect.any(Function),
+        },
+        search: expect.any(Function),
+      });
+    });
+
+    it('schedules the update task', () => {
+      plugin.setup(coreMock.createSetup(), pluginSetupDeps);
+      plugin.start(coreMock.createStart(), pluginStartDeps);
+
+      expect(scheduleEnsureUpToDateTask).toHaveBeenCalledTimes(1);
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/plugin.ts b/x-pack/plugins/ai_infra/product_doc_base/server/plugin.ts
new file mode 100644
index 0000000000000..c8ed100cabb16
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/plugin.ts
@@ -0,0 +1,133 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import Path from 'path';
+import type { Logger } from '@kbn/logging';
+import { getDataPath } from '@kbn/utils';
+import type { CoreSetup, CoreStart, Plugin, PluginInitializerContext } from '@kbn/core/server';
+import { SavedObjectsClient } from '@kbn/core/server';
+import { productDocInstallStatusSavedObjectTypeName } from '../common/consts';
+import type { ProductDocBaseConfig } from './config';
+import {
+  ProductDocBaseSetupContract,
+  ProductDocBaseStartContract,
+  ProductDocBaseSetupDependencies,
+  ProductDocBaseStartDependencies,
+  InternalServices,
+} from './types';
+import { productDocInstallStatusSavedObjectType } from './saved_objects';
+import { PackageInstaller } from './services/package_installer';
+import { InferenceEndpointManager } from './services/inference_endpoint';
+import { ProductDocInstallClient } from './services/doc_install_status';
+import { DocumentationManager } from './services/doc_manager';
+import { SearchService } from './services/search';
+import { registerRoutes } from './routes';
+import { registerTaskDefinitions } from './tasks';
+
+export class ProductDocBasePlugin
+  implements
+    Plugin<
+      ProductDocBaseSetupContract,
+      ProductDocBaseStartContract,
+      ProductDocBaseSetupDependencies,
+      ProductDocBaseStartDependencies
+    >
+{
+  private logger: Logger;
+  private internalServices?: InternalServices;
+
+  constructor(private readonly context: PluginInitializerContext<ProductDocBaseConfig>) {
+    this.logger = context.logger.get();
+  }
+  setup(
+    coreSetup: CoreSetup<ProductDocBaseStartDependencies, ProductDocBaseStartContract>,
+    { taskManager }: ProductDocBaseSetupDependencies
+  ): ProductDocBaseSetupContract {
+    const getServices = () => {
+      if (!this.internalServices) {
+        throw new Error('getServices called before #start');
+      }
+      return this.internalServices;
+    };
+
+    coreSetup.savedObjects.registerType(productDocInstallStatusSavedObjectType);
+
+    registerTaskDefinitions({
+      taskManager,
+      getServices,
+    });
+
+    const router = coreSetup.http.createRouter();
+    registerRoutes({
+      router,
+      getServices,
+    });
+
+    return {};
+  }
+
+  start(
+    core: CoreStart,
+    { licensing, taskManager }: ProductDocBaseStartDependencies
+  ): ProductDocBaseStartContract {
+    const soClient = new SavedObjectsClient(
+      core.savedObjects.createInternalRepository([productDocInstallStatusSavedObjectTypeName])
+    );
+    const productDocClient = new ProductDocInstallClient({ soClient });
+
+    const endpointManager = new InferenceEndpointManager({
+      esClient: core.elasticsearch.client.asInternalUser,
+      logger: this.logger.get('endpoint-manager'),
+    });
+
+    const packageInstaller = new PackageInstaller({
+      esClient: core.elasticsearch.client.asInternalUser,
+      productDocClient,
+      endpointManager,
+      kibanaVersion: this.context.env.packageInfo.version,
+      artifactsFolder: Path.join(getDataPath(), 'ai-kb-artifacts'),
+      artifactRepositoryUrl: this.context.config.get().artifactRepositoryUrl,
+      logger: this.logger.get('package-installer'),
+    });
+
+    const searchService = new SearchService({
+      esClient: core.elasticsearch.client.asInternalUser,
+      logger: this.logger.get('search-service'),
+    });
+
+    const documentationManager = new DocumentationManager({
+      logger: this.logger.get('doc-manager'),
+      docInstallClient: productDocClient,
+      licensing,
+      taskManager,
+      auditService: core.security.audit,
+    });
+
+    this.internalServices = {
+      logger: this.logger,
+      packageInstaller,
+      installClient: productDocClient,
+      documentationManager,
+      licensing,
+      taskManager,
+    };
+
+    documentationManager.update().catch((err) => {
+      this.logger.error(`Error scheduling product documentation update task: ${err.message}`);
+    });
+
+    return {
+      management: {
+        install: documentationManager.install.bind(documentationManager),
+        update: documentationManager.update.bind(documentationManager),
+        uninstall: documentationManager.uninstall.bind(documentationManager),
+        getStatus: documentationManager.getStatus.bind(documentationManager),
+      },
+      search: searchService.search.bind(searchService),
+    };
+  }
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/routes/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/routes/index.ts
new file mode 100644
index 0000000000000..66660c199d819
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/routes/index.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IRouter } from '@kbn/core/server';
+import { registerInstallationRoutes } from './installation';
+import type { InternalServices } from '../types';
+
+export const registerRoutes = ({
+  router,
+  getServices,
+}: {
+  router: IRouter;
+  getServices: () => InternalServices;
+}) => {
+  registerInstallationRoutes({ getServices, router });
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/routes/installation.ts b/x-pack/plugins/ai_infra/product_doc_base/server/routes/installation.ts
new file mode 100644
index 0000000000000..dbede9f7d94d3
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/routes/installation.ts
@@ -0,0 +1,115 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IRouter } from '@kbn/core/server';
+import {
+  INSTALLATION_STATUS_API_PATH,
+  INSTALL_ALL_API_PATH,
+  UNINSTALL_ALL_API_PATH,
+  InstallationStatusResponse,
+  PerformInstallResponse,
+  UninstallResponse,
+} from '../../common/http_api/installation';
+import type { InternalServices } from '../types';
+
+export const registerInstallationRoutes = ({
+  router,
+  getServices,
+}: {
+  router: IRouter;
+  getServices: () => InternalServices;
+}) => {
+  router.get(
+    {
+      path: INSTALLATION_STATUS_API_PATH,
+      validate: false,
+      options: {
+        access: 'internal',
+        security: {
+          authz: {
+            requiredPrivileges: ['manage_llm_product_doc'],
+          },
+        },
+      },
+    },
+    async (ctx, req, res) => {
+      const { installClient, documentationManager } = getServices();
+      const installStatus = await installClient.getInstallationStatus();
+      const { status: overallStatus } = await documentationManager.getStatus();
+
+      return res.ok<InstallationStatusResponse>({
+        body: {
+          perProducts: installStatus,
+          overall: overallStatus,
+        },
+      });
+    }
+  );
+
+  router.post(
+    {
+      path: INSTALL_ALL_API_PATH,
+      validate: false,
+      options: {
+        access: 'internal',
+        security: {
+          authz: {
+            requiredPrivileges: ['manage_llm_product_doc'],
+          },
+        },
+        timeout: { idleSocket: 20 * 60 * 1000 }, // install can take time.
+      },
+    },
+    async (ctx, req, res) => {
+      const { documentationManager } = getServices();
+
+      await documentationManager.install({
+        request: req,
+        force: false,
+        wait: true,
+      });
+
+      // check status after installation in case of failure
+      const { status } = await documentationManager.getStatus();
+
+      return res.ok<PerformInstallResponse>({
+        body: {
+          installed: status === 'installed',
+        },
+      });
+    }
+  );
+
+  router.post(
+    {
+      path: UNINSTALL_ALL_API_PATH,
+      validate: false,
+      options: {
+        access: 'internal',
+        security: {
+          authz: {
+            requiredPrivileges: ['manage_llm_product_doc'],
+          },
+        },
+      },
+    },
+    async (ctx, req, res) => {
+      const { documentationManager } = getServices();
+
+      await documentationManager.uninstall({
+        request: req,
+        wait: true,
+      });
+
+      return res.ok<UninstallResponse>({
+        body: {
+          success: true,
+        },
+      });
+    }
+  );
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/saved_objects/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/saved_objects/index.ts
new file mode 100644
index 0000000000000..f87c6d37eb66f
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/saved_objects/index.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export {
+  productDocInstallStatusSavedObjectType,
+  type ProductDocInstallStatusAttributes,
+} from './product_doc_install';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/saved_objects/product_doc_install.ts b/x-pack/plugins/ai_infra/product_doc_base/server/saved_objects/product_doc_install.ts
new file mode 100644
index 0000000000000..47cf7eb50cdd1
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/saved_objects/product_doc_install.ts
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectsType } from '@kbn/core/server';
+import type { ProductName } from '@kbn/product-doc-common';
+import { productDocInstallStatusSavedObjectTypeName } from '../../common/consts';
+import type { InstallationStatus } from '../../common/install_status';
+
+/**
+ * Interface describing the raw attributes of the product doc install SO type.
+ * Contains more fields than the mappings, which only list
+ * indexed fields.
+ */
+export interface ProductDocInstallStatusAttributes {
+  product_name: ProductName;
+  product_version: string;
+  installation_status: InstallationStatus;
+  last_installation_date?: number;
+  last_installation_failure_reason?: string;
+  index_name?: string;
+}
+
+export const productDocInstallStatusSavedObjectType: SavedObjectsType<ProductDocInstallStatusAttributes> =
+  {
+    name: productDocInstallStatusSavedObjectTypeName,
+    hidden: true,
+    namespaceType: 'agnostic',
+    mappings: {
+      dynamic: false,
+      properties: {
+        product_name: { type: 'keyword' },
+        product_version: { type: 'keyword' },
+        installation_status: { type: 'keyword' },
+        last_installation_date: { type: 'date' },
+        index_name: { type: 'keyword' },
+      },
+    },
+    management: {
+      importableAndExportable: false,
+    },
+    modelVersions: {},
+  };
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/index.ts
new file mode 100644
index 0000000000000..d55cb303b1908
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { ProductDocInstallClient } from './product_doc_install_service';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/model_conversion.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/model_conversion.test.ts
new file mode 100644
index 0000000000000..6460d8452dc2b
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/model_conversion.test.ts
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObject } from '@kbn/core/server';
+import type { ProductDocInstallStatusAttributes } from '../../saved_objects';
+import { soToModel } from './model_conversion';
+
+const createObj = (
+  attrs: ProductDocInstallStatusAttributes
+): SavedObject<ProductDocInstallStatusAttributes> => {
+  return {
+    id: 'some-id',
+    type: 'product-doc-install-status',
+    attributes: attrs,
+    references: [],
+  };
+};
+
+describe('soToModel', () => {
+  it('converts the SO to the expected shape', () => {
+    const input = createObj({
+      product_name: 'kibana',
+      product_version: '8.16',
+      installation_status: 'installed',
+      last_installation_date: 9000,
+      index_name: '.kibana',
+    });
+
+    const output = soToModel(input);
+
+    expect(output).toEqual({
+      id: 'some-id',
+      productName: 'kibana',
+      productVersion: '8.16',
+      indexName: '.kibana',
+      installationStatus: 'installed',
+      lastInstallationDate: expect.any(Date),
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/model_conversion.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/model_conversion.ts
new file mode 100644
index 0000000000000..cf77bb9222a15
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/model_conversion.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObject } from '@kbn/core/server';
+import type { ProductDocInstallStatus } from '../../../common/install_status';
+import type { ProductDocInstallStatusAttributes } from '../../saved_objects';
+
+export const soToModel = (
+  so: SavedObject<ProductDocInstallStatusAttributes>
+): ProductDocInstallStatus => {
+  return {
+    id: so.id,
+    productName: so.attributes.product_name,
+    productVersion: so.attributes.product_version,
+    installationStatus: so.attributes.installation_status,
+    indexName: so.attributes.index_name,
+    lastInstallationDate: so.attributes.last_installation_date
+      ? new Date(so.attributes.last_installation_date)
+      : undefined,
+    lastInstallationFailureReason: so.attributes.last_installation_failure_reason,
+  };
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/product_doc_install_service.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/product_doc_install_service.test.ts
new file mode 100644
index 0000000000000..81249038a1294
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/product_doc_install_service.test.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectsFindResult } from '@kbn/core/server';
+import { DocumentationProduct } from '@kbn/product-doc-common';
+import type { ProductDocInstallStatusAttributes as TypeAttributes } from '../../saved_objects';
+import { savedObjectsClientMock } from '@kbn/core/server/mocks';
+import { ProductDocInstallClient } from './product_doc_install_service';
+
+const createObj = (attrs: TypeAttributes): SavedObjectsFindResult<TypeAttributes> => {
+  return {
+    id: attrs.product_name,
+    type: 'type',
+    references: [],
+    attributes: attrs,
+    score: 42,
+  };
+};
+
+describe('ProductDocInstallClient', () => {
+  let soClient: ReturnType<typeof savedObjectsClientMock.create>;
+  let service: ProductDocInstallClient;
+
+  beforeEach(() => {
+    soClient = savedObjectsClientMock.create();
+    service = new ProductDocInstallClient({ soClient });
+  });
+
+  describe('getInstallationStatus', () => {
+    it('returns the installation status based on existing entries', async () => {
+      soClient.find.mockResolvedValue({
+        saved_objects: [
+          createObj({
+            product_name: 'kibana',
+            product_version: '8.15',
+            installation_status: 'installed',
+          }),
+          createObj({
+            product_name: 'elasticsearch',
+            product_version: '8.15',
+            installation_status: 'installing',
+          }),
+        ],
+        total: 2,
+        per_page: 100,
+        page: 1,
+      });
+
+      const installStatus = await service.getInstallationStatus();
+
+      expect(Object.keys(installStatus).sort()).toEqual(Object.keys(DocumentationProduct).sort());
+      expect(installStatus.kibana).toEqual({
+        status: 'installed',
+        version: '8.15',
+      });
+      expect(installStatus.security).toEqual({
+        status: 'uninstalled',
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/product_doc_install_service.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/product_doc_install_service.ts
new file mode 100644
index 0000000000000..24625ebc51586
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/product_doc_install_service.ts
@@ -0,0 +1,89 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectsClientContract } from '@kbn/core/server';
+import { SavedObjectsErrorHelpers } from '@kbn/core-saved-objects-server';
+import { ProductName, DocumentationProduct } from '@kbn/product-doc-common';
+import type { ProductInstallState } from '../../../common/install_status';
+import { productDocInstallStatusSavedObjectTypeName as typeName } from '../../../common/consts';
+import type { ProductDocInstallStatusAttributes as TypeAttributes } from '../../saved_objects';
+
+export class ProductDocInstallClient {
+  private soClient: SavedObjectsClientContract;
+
+  constructor({ soClient }: { soClient: SavedObjectsClientContract }) {
+    this.soClient = soClient;
+  }
+
+  async getInstallationStatus(): Promise<Record<ProductName, ProductInstallState>> {
+    const response = await this.soClient.find<TypeAttributes>({
+      type: typeName,
+      perPage: 100,
+    });
+
+    const installStatus = Object.values(DocumentationProduct).reduce((memo, product) => {
+      memo[product] = { status: 'uninstalled' };
+      return memo;
+    }, {} as Record<ProductName, ProductInstallState>);
+
+    response.saved_objects.forEach(({ attributes }) => {
+      installStatus[attributes.product_name as ProductName] = {
+        status: attributes.installation_status,
+        version: attributes.product_version,
+      };
+    });
+
+    return installStatus;
+  }
+
+  async setInstallationStarted(fields: { productName: ProductName; productVersion: string }) {
+    const { productName, productVersion } = fields;
+    const objectId = getObjectIdFromProductName(productName);
+    const attributes = {
+      product_name: productName,
+      product_version: productVersion,
+      installation_status: 'installing' as const,
+      last_installation_failure_reason: '',
+    };
+    await this.soClient.update<TypeAttributes>(typeName, objectId, attributes, {
+      upsert: attributes,
+    });
+  }
+
+  async setInstallationSuccessful(productName: ProductName, indexName: string) {
+    const objectId = getObjectIdFromProductName(productName);
+    await this.soClient.update<TypeAttributes>(typeName, objectId, {
+      installation_status: 'installed',
+      index_name: indexName,
+    });
+  }
+
+  async setInstallationFailed(productName: ProductName, failureReason: string) {
+    const objectId = getObjectIdFromProductName(productName);
+    await this.soClient.update<TypeAttributes>(typeName, objectId, {
+      installation_status: 'error',
+      last_installation_failure_reason: failureReason,
+    });
+  }
+
+  async setUninstalled(productName: ProductName) {
+    const objectId = getObjectIdFromProductName(productName);
+    try {
+      await this.soClient.update<TypeAttributes>(typeName, objectId, {
+        installation_status: 'uninstalled',
+        last_installation_failure_reason: '',
+      });
+    } catch (e) {
+      if (!SavedObjectsErrorHelpers.isNotFoundError(e)) {
+        throw e;
+      }
+    }
+  }
+}
+
+const getObjectIdFromProductName = (productName: ProductName) =>
+  `kb-product-doc-${productName}-status`.toLowerCase();
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/service.mock.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/service.mock.ts
new file mode 100644
index 0000000000000..c2a0adbac9f29
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_install_status/service.mock.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ProductDocInstallClient } from './product_doc_install_service';
+
+export type InstallClientMock = jest.Mocked<ProductDocInstallClient>;
+
+const createInstallClientMock = (): InstallClientMock => {
+  return {
+    getInstallationStatus: jest.fn(),
+    setInstallationStarted: jest.fn(),
+    setInstallationSuccessful: jest.fn(),
+    setInstallationFailed: jest.fn(),
+    setUninstalled: jest.fn(),
+  } as unknown as InstallClientMock;
+};
+
+export const installClientMock = {
+  create: createInstallClientMock,
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/check_license.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/check_license.ts
new file mode 100644
index 0000000000000..d4af5b7ebdb22
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/check_license.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ILicense } from '@kbn/licensing-plugin/server';
+
+export const checkLicense = (license: ILicense): boolean => {
+  const result = license.check('elastic documentation', 'enterprise');
+  return result.state === 'valid';
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/doc_manager.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/doc_manager.test.ts
new file mode 100644
index 0000000000000..0be913ee6dd71
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/doc_manager.test.ts
@@ -0,0 +1,247 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { loggerMock, MockedLogger } from '@kbn/logging-mocks';
+import { securityServiceMock, httpServerMock } from '@kbn/core/server/mocks';
+import { taskManagerMock } from '@kbn/task-manager-plugin/server/mocks';
+import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
+import type { ProductDocInstallClient } from '../doc_install_status';
+import { DocumentationManager } from './doc_manager';
+
+jest.mock('../../tasks');
+import {
+  scheduleInstallAllTask,
+  scheduleUninstallAllTask,
+  scheduleEnsureUpToDateTask,
+  getTaskStatus,
+  waitUntilTaskCompleted,
+} from '../../tasks';
+
+const scheduleInstallAllTaskMock = scheduleInstallAllTask as jest.MockedFn<
+  typeof scheduleInstallAllTask
+>;
+const scheduleUninstallAllTaskMock = scheduleUninstallAllTask as jest.MockedFn<
+  typeof scheduleUninstallAllTask
+>;
+const scheduleEnsureUpToDateTaskMock = scheduleEnsureUpToDateTask as jest.MockedFn<
+  typeof scheduleEnsureUpToDateTask
+>;
+const waitUntilTaskCompletedMock = waitUntilTaskCompleted as jest.MockedFn<
+  typeof waitUntilTaskCompleted
+>;
+const getTaskStatusMock = getTaskStatus as jest.MockedFn<typeof getTaskStatus>;
+
+describe('DocumentationManager', () => {
+  let logger: MockedLogger;
+  let taskManager: ReturnType<typeof taskManagerMock.createStart>;
+  let licensing: ReturnType<typeof licensingMock.createStart>;
+  let auditService: ReturnType<typeof securityServiceMock.createStart>['audit'];
+  let docInstallClient: jest.Mocked<ProductDocInstallClient>;
+
+  let docManager: DocumentationManager;
+
+  beforeEach(() => {
+    logger = loggerMock.create();
+    taskManager = taskManagerMock.createStart();
+    licensing = licensingMock.createStart();
+    auditService = securityServiceMock.createStart().audit;
+
+    docInstallClient = {
+      getInstallationStatus: jest.fn(),
+    } as unknown as jest.Mocked<ProductDocInstallClient>;
+
+    docManager = new DocumentationManager({
+      logger,
+      taskManager,
+      licensing,
+      auditService,
+      docInstallClient,
+    });
+  });
+
+  afterEach(() => {
+    scheduleInstallAllTaskMock.mockReset();
+    scheduleUninstallAllTaskMock.mockReset();
+    scheduleEnsureUpToDateTaskMock.mockReset();
+    waitUntilTaskCompletedMock.mockReset();
+    getTaskStatusMock.mockReset();
+  });
+
+  describe('#install', () => {
+    beforeEach(() => {
+      licensing.getLicense.mockResolvedValue(
+        licensingMock.createLicense({ license: { type: 'enterprise' } })
+      );
+
+      getTaskStatusMock.mockResolvedValue('not_scheduled');
+
+      docInstallClient.getInstallationStatus.mockResolvedValue({
+        kibana: { status: 'uninstalled' },
+      } as Awaited<ReturnType<ProductDocInstallClient['getInstallationStatus']>>);
+    });
+
+    it('calls `scheduleInstallAllTask`', async () => {
+      await docManager.install({});
+
+      expect(scheduleInstallAllTaskMock).toHaveBeenCalledTimes(1);
+      expect(scheduleInstallAllTaskMock).toHaveBeenCalledWith({
+        taskManager,
+        logger,
+      });
+
+      expect(waitUntilTaskCompletedMock).not.toHaveBeenCalled();
+    });
+
+    it('calls waitUntilTaskCompleted if wait=true', async () => {
+      await docManager.install({ wait: true });
+
+      expect(scheduleInstallAllTaskMock).toHaveBeenCalledTimes(1);
+      expect(waitUntilTaskCompletedMock).toHaveBeenCalledTimes(1);
+    });
+
+    it('does not call scheduleInstallAllTask if already installed and not force', async () => {
+      docInstallClient.getInstallationStatus.mockResolvedValue({
+        kibana: { status: 'installed' },
+      } as Awaited<ReturnType<ProductDocInstallClient['getInstallationStatus']>>);
+
+      await docManager.install({ wait: true });
+
+      expect(scheduleInstallAllTaskMock).not.toHaveBeenCalled();
+      expect(waitUntilTaskCompletedMock).not.toHaveBeenCalled();
+    });
+
+    it('records an audit log when request is provided', async () => {
+      const request = httpServerMock.createKibanaRequest();
+
+      const auditLog = auditService.withoutRequest;
+      auditService.asScoped = jest.fn(() => auditLog);
+
+      await docManager.install({ force: false, wait: false, request });
+
+      expect(auditLog.log).toHaveBeenCalledTimes(1);
+      expect(auditLog.log).toHaveBeenCalledWith({
+        message: expect.any(String),
+        event: {
+          action: 'product_documentation_create',
+          category: ['database'],
+          type: ['creation'],
+          outcome: 'unknown',
+        },
+      });
+    });
+
+    it('throws an error if license level is not sufficient', async () => {
+      licensing.getLicense.mockResolvedValue(
+        licensingMock.createLicense({ license: { type: 'basic' } })
+      );
+
+      await expect(
+        docManager.install({ force: false, wait: false })
+      ).rejects.toThrowErrorMatchingInlineSnapshot(
+        `"Elastic documentation requires an enterprise license"`
+      );
+    });
+  });
+
+  describe('#update', () => {
+    beforeEach(() => {
+      getTaskStatusMock.mockResolvedValue('not_scheduled');
+
+      docInstallClient.getInstallationStatus.mockResolvedValue({
+        kibana: { status: 'uninstalled' },
+      } as Awaited<ReturnType<ProductDocInstallClient['getInstallationStatus']>>);
+    });
+
+    it('calls `scheduleEnsureUpToDateTask`', async () => {
+      await docManager.update({});
+
+      expect(scheduleEnsureUpToDateTaskMock).toHaveBeenCalledTimes(1);
+      expect(scheduleEnsureUpToDateTaskMock).toHaveBeenCalledWith({
+        taskManager,
+        logger,
+      });
+
+      expect(waitUntilTaskCompletedMock).not.toHaveBeenCalled();
+    });
+
+    it('calls waitUntilTaskCompleted if wait=true', async () => {
+      await docManager.update({ wait: true });
+
+      expect(scheduleEnsureUpToDateTaskMock).toHaveBeenCalledTimes(1);
+      expect(waitUntilTaskCompletedMock).toHaveBeenCalledTimes(1);
+    });
+
+    it('records an audit log when request is provided', async () => {
+      const request = httpServerMock.createKibanaRequest();
+
+      const auditLog = auditService.withoutRequest;
+      auditService.asScoped = jest.fn(() => auditLog);
+
+      await docManager.update({ wait: false, request });
+
+      expect(auditLog.log).toHaveBeenCalledTimes(1);
+      expect(auditLog.log).toHaveBeenCalledWith({
+        message: expect.any(String),
+        event: {
+          action: 'product_documentation_update',
+          category: ['database'],
+          type: ['change'],
+          outcome: 'unknown',
+        },
+      });
+    });
+  });
+
+  describe('#uninstall', () => {
+    beforeEach(() => {
+      getTaskStatusMock.mockResolvedValue('not_scheduled');
+
+      docInstallClient.getInstallationStatus.mockResolvedValue({
+        kibana: { status: 'uninstalled' },
+      } as Awaited<ReturnType<ProductDocInstallClient['getInstallationStatus']>>);
+    });
+
+    it('calls `scheduleUninstallAllTask`', async () => {
+      await docManager.uninstall({});
+
+      expect(scheduleUninstallAllTaskMock).toHaveBeenCalledTimes(1);
+      expect(scheduleUninstallAllTaskMock).toHaveBeenCalledWith({
+        taskManager,
+        logger,
+      });
+
+      expect(waitUntilTaskCompletedMock).not.toHaveBeenCalled();
+    });
+
+    it('calls waitUntilTaskCompleted if wait=true', async () => {
+      await docManager.uninstall({ wait: true });
+
+      expect(scheduleUninstallAllTaskMock).toHaveBeenCalledTimes(1);
+      expect(waitUntilTaskCompletedMock).toHaveBeenCalledTimes(1);
+    });
+
+    it('records an audit log when request is provided', async () => {
+      const request = httpServerMock.createKibanaRequest();
+
+      const auditLog = auditService.withoutRequest;
+      auditService.asScoped = jest.fn(() => auditLog);
+
+      await docManager.uninstall({ wait: false, request });
+
+      expect(auditLog.log).toHaveBeenCalledTimes(1);
+      expect(auditLog.log).toHaveBeenCalledWith({
+        message: expect.any(String),
+        event: {
+          action: 'product_documentation_delete',
+          category: ['database'],
+          type: ['deletion'],
+          outcome: 'unknown',
+        },
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/doc_manager.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/doc_manager.ts
new file mode 100644
index 0000000000000..40dc53e19ceea
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/doc_manager.ts
@@ -0,0 +1,204 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { CoreAuditService } from '@kbn/core/server';
+import { type TaskManagerStartContract, TaskStatus } from '@kbn/task-manager-plugin/server';
+import type { LicensingPluginStart } from '@kbn/licensing-plugin/server';
+import type { InstallationStatus } from '../../../common/install_status';
+import type { ProductDocInstallClient } from '../doc_install_status';
+import {
+  INSTALL_ALL_TASK_ID,
+  scheduleInstallAllTask,
+  scheduleUninstallAllTask,
+  scheduleEnsureUpToDateTask,
+  getTaskStatus,
+  waitUntilTaskCompleted,
+} from '../../tasks';
+import { checkLicense } from './check_license';
+import type {
+  DocumentationManagerAPI,
+  DocGetStatusResponse,
+  DocInstallOptions,
+  DocUninstallOptions,
+  DocUpdateOptions,
+} from './types';
+
+const TEN_MIN_IN_MS = 10 * 60 * 1000;
+
+/**
+ * High-level installation service, handling product documentation
+ * installation as unary operations, abstracting away the fact
+ * that documentation is composed of multiple entities.
+ */
+export class DocumentationManager implements DocumentationManagerAPI {
+  private logger: Logger;
+  private taskManager: TaskManagerStartContract;
+  private licensing: LicensingPluginStart;
+  private docInstallClient: ProductDocInstallClient;
+  private auditService: CoreAuditService;
+
+  constructor({
+    logger,
+    taskManager,
+    licensing,
+    docInstallClient,
+    auditService,
+  }: {
+    logger: Logger;
+    taskManager: TaskManagerStartContract;
+    licensing: LicensingPluginStart;
+    docInstallClient: ProductDocInstallClient;
+    auditService: CoreAuditService;
+  }) {
+    this.logger = logger;
+    this.taskManager = taskManager;
+    this.licensing = licensing;
+    this.docInstallClient = docInstallClient;
+    this.auditService = auditService;
+  }
+
+  async install(options: DocInstallOptions = {}): Promise<void> {
+    const { request, force = false, wait = false } = options;
+
+    const { status } = await this.getStatus();
+    if (!force && status === 'installed') {
+      return;
+    }
+
+    const license = await this.licensing.getLicense();
+    if (!checkLicense(license)) {
+      throw new Error('Elastic documentation requires an enterprise license');
+    }
+
+    const taskId = await scheduleInstallAllTask({
+      taskManager: this.taskManager,
+      logger: this.logger,
+    });
+
+    if (request) {
+      this.auditService.asScoped(request).log({
+        message: `User is requesting installation of product documentation for AI Assistants. Task ID=[${taskId}]`,
+        event: {
+          action: 'product_documentation_create',
+          category: ['database'],
+          type: ['creation'],
+          outcome: 'unknown',
+        },
+      });
+    }
+
+    if (wait) {
+      await waitUntilTaskCompleted({
+        taskManager: this.taskManager,
+        taskId,
+        timeout: TEN_MIN_IN_MS,
+      });
+    }
+  }
+
+  async update(options: DocUpdateOptions = {}): Promise<void> {
+    const { request, wait = false } = options;
+
+    const taskId = await scheduleEnsureUpToDateTask({
+      taskManager: this.taskManager,
+      logger: this.logger,
+    });
+
+    if (request) {
+      this.auditService.asScoped(request).log({
+        message: `User is requesting update of product documentation for AI Assistants. Task ID=[${taskId}]`,
+        event: {
+          action: 'product_documentation_update',
+          category: ['database'],
+          type: ['change'],
+          outcome: 'unknown',
+        },
+      });
+    }
+
+    if (wait) {
+      await waitUntilTaskCompleted({
+        taskManager: this.taskManager,
+        taskId,
+        timeout: TEN_MIN_IN_MS,
+      });
+    }
+  }
+
+  async uninstall(options: DocUninstallOptions = {}): Promise<void> {
+    const { request, wait = false } = options;
+
+    const taskId = await scheduleUninstallAllTask({
+      taskManager: this.taskManager,
+      logger: this.logger,
+    });
+
+    if (request) {
+      this.auditService.asScoped(request).log({
+        message: `User is requesting deletion of product documentation for AI Assistants. Task ID=[${taskId}]`,
+        event: {
+          action: 'product_documentation_delete',
+          category: ['database'],
+          type: ['deletion'],
+          outcome: 'unknown',
+        },
+      });
+    }
+
+    if (wait) {
+      await waitUntilTaskCompleted({
+        taskManager: this.taskManager,
+        taskId,
+        timeout: TEN_MIN_IN_MS,
+      });
+    }
+  }
+
+  async getStatus(): Promise<DocGetStatusResponse> {
+    const taskStatus = await getTaskStatus({
+      taskManager: this.taskManager,
+      taskId: INSTALL_ALL_TASK_ID,
+    });
+    if (taskStatus !== 'not_scheduled') {
+      const status = convertTaskStatus(taskStatus);
+      if (status !== 'unknown') {
+        return { status };
+      }
+    }
+
+    const installStatus = await this.docInstallClient.getInstallationStatus();
+    const overallStatus = getOverallStatus(Object.values(installStatus).map((v) => v.status));
+    return { status: overallStatus };
+  }
+}
+
+const convertTaskStatus = (taskStatus: TaskStatus): InstallationStatus | 'unknown' => {
+  switch (taskStatus) {
+    case TaskStatus.Idle:
+    case TaskStatus.Claiming:
+    case TaskStatus.Running:
+      return 'installing';
+    case TaskStatus.Failed:
+      return 'error';
+    case TaskStatus.Unrecognized:
+    case TaskStatus.DeadLetter:
+    case TaskStatus.ShouldDelete:
+    default:
+      return 'unknown';
+  }
+};
+
+const getOverallStatus = (statuses: InstallationStatus[]): InstallationStatus => {
+  const statusOrder: InstallationStatus[] = ['error', 'installing', 'uninstalled', 'installed'];
+  for (const status of statusOrder) {
+    if (statuses.includes(status)) {
+      return status;
+    }
+  }
+  return 'installed';
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/index.ts
new file mode 100644
index 0000000000000..588b5e2f5cc65
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/index.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { DocumentationManager } from './doc_manager';
+export type {
+  DocumentationManagerAPI,
+  DocUninstallOptions,
+  DocInstallOptions,
+  DocUpdateOptions,
+  DocGetStatusResponse,
+} from './types';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/types.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/types.ts
new file mode 100644
index 0000000000000..5a954a5ffb0fd
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/doc_manager/types.ts
@@ -0,0 +1,98 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { KibanaRequest } from '@kbn/core/server';
+import type { InstallationStatus } from '../../../common/install_status';
+
+/**
+ * APIs to manage the product documentation.
+ */
+export interface DocumentationManagerAPI {
+  /**
+   * Install the product documentation.
+   * By default, will only try to install if not already present.
+   * Can use the `force` option to forcefully reinstall.
+   */
+  install(options?: DocInstallOptions): Promise<void>;
+  /**
+   * Update the product documentation to the latest version.
+   * No-op if the product documentation is not currently installed.
+   */
+  update(options?: DocUpdateOptions): Promise<void>;
+  /**
+   * Uninstall the product documentation.
+   * No-op if the product documentation is not currently installed.
+   */
+  uninstall(options?: DocUninstallOptions): Promise<void>;
+  /**
+   * Returns the overall installation status of the documentation.
+   */
+  getStatus(): Promise<DocGetStatusResponse>;
+}
+
+/**
+ * Return type for {@link DocumentationManagerAPI.getStatus}
+ */
+export interface DocGetStatusResponse {
+  status: InstallationStatus;
+}
+
+/**
+ * Options for {@link DocumentationManagerAPI.install}
+ */
+export interface DocInstallOptions {
+  /**
+   * When the operation was requested by a user, the request that initiated it.
+   *
+   * If not provided, the call will be considered as being done on behalf of system.
+   */
+  request?: KibanaRequest;
+  /**
+   * If true, will reinstall the documentation even if already present.
+   * Defaults to `false`
+   */
+  force?: boolean;
+  /**
+   * If true, the returned promise will wait until the update task has completed before resolving.
+   * Defaults to `false`
+   */
+  wait?: boolean;
+}
+
+/**
+ * Options for {@link DocumentationManagerAPI.uninstall}
+ */
+export interface DocUninstallOptions {
+  /**
+   * When the operation was requested by a user, the request that initiated it.
+   *
+   * If not provided, the call will be considered as being done on behalf of system.
+   */
+  request?: KibanaRequest;
+  /**
+   * If true, the returned promise will wait until the update task has completed before resolving.
+   * Defaults to `false`
+   */
+  wait?: boolean;
+}
+
+/**
+ * Options for {@link DocumentationManagerAPI.update}
+ */
+export interface DocUpdateOptions {
+  /**
+   * When the operation was requested by a user, the request that initiated it.
+   *
+   * If not provided, the call will be considered as being done on behalf of system.
+   */
+  request?: KibanaRequest;
+  /**
+   * If true, the returned promise will wait until the update task has completed before resolving.
+   * Defaults to `false`
+   */
+  wait?: boolean;
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/endpoint_manager.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/endpoint_manager.test.ts
new file mode 100644
index 0000000000000..e5dabaaa9b7f7
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/endpoint_manager.test.ts
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { InferenceEndpointManager } from './endpoint_manager';
+
+jest.mock('./utils');
+import { installElser, getModelInstallStatus, waitUntilModelDeployed } from './utils';
+const installElserMock = installElser as jest.MockedFn<typeof installElser>;
+const getModelInstallStatusMock = getModelInstallStatus as jest.MockedFn<
+  typeof getModelInstallStatus
+>;
+const waitUntilModelDeployedMock = waitUntilModelDeployed as jest.MockedFn<
+  typeof waitUntilModelDeployed
+>;
+
+describe('InferenceEndpointManager', () => {
+  let logger: MockedLogger;
+  let esClient: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+  let endpointManager: InferenceEndpointManager;
+
+  beforeEach(() => {
+    logger = loggerMock.create();
+    esClient = elasticsearchServiceMock.createElasticsearchClient();
+
+    endpointManager = new InferenceEndpointManager({ esClient, logger });
+  });
+
+  afterEach(() => {
+    installElserMock.mockReset();
+    getModelInstallStatusMock.mockReset();
+    waitUntilModelDeployedMock.mockReset();
+  });
+
+  describe('#ensureInternalElserInstalled', () => {
+    it('installs ELSER if not already installed', async () => {
+      getModelInstallStatusMock.mockResolvedValue({ installed: true });
+
+      await endpointManager.ensureInternalElserInstalled();
+
+      expect(installElserMock).not.toHaveBeenCalled();
+      expect(waitUntilModelDeployedMock).toHaveBeenCalledTimes(1);
+    });
+    it('does not install ELSER if already present', async () => {
+      getModelInstallStatusMock.mockResolvedValue({ installed: false });
+
+      await endpointManager.ensureInternalElserInstalled();
+
+      expect(installElserMock).toHaveBeenCalledTimes(1);
+      expect(waitUntilModelDeployedMock).toHaveBeenCalledTimes(1);
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/endpoint_manager.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/endpoint_manager.ts
new file mode 100644
index 0000000000000..4f7467501d61d
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/endpoint_manager.ts
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { internalElserInferenceId } from '../../../common/consts';
+import { installElser, getModelInstallStatus, waitUntilModelDeployed } from './utils';
+
+export class InferenceEndpointManager {
+  private readonly log: Logger;
+  private readonly esClient: ElasticsearchClient;
+
+  constructor({ logger, esClient }: { logger: Logger; esClient: ElasticsearchClient }) {
+    this.log = logger;
+    this.esClient = esClient;
+  }
+
+  async ensureInternalElserInstalled() {
+    const { installed } = await getModelInstallStatus({
+      inferenceId: internalElserInferenceId,
+      client: this.esClient,
+      log: this.log,
+    });
+    if (!installed) {
+      await installElser({
+        inferenceId: internalElserInferenceId,
+        client: this.esClient,
+        log: this.log,
+      });
+    }
+
+    await waitUntilModelDeployed({
+      modelId: internalElserInferenceId,
+      client: this.esClient,
+      log: this.log,
+    });
+  }
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/index.ts
new file mode 100644
index 0000000000000..e4098ff58fe51
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { InferenceEndpointManager } from './endpoint_manager';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/service.mock.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/service.mock.ts
new file mode 100644
index 0000000000000..e9715c4ad2acd
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/service.mock.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { InferenceEndpointManager } from './endpoint_manager';
+
+export type InferenceEndpointManagerMock = jest.Mocked<InferenceEndpointManager>;
+
+const createMock = (): InferenceEndpointManagerMock => {
+  return {
+    ensureInternalElserInstalled: jest.fn(),
+  } as unknown as InferenceEndpointManagerMock;
+};
+
+export const inferenceManagerMock = {
+  create: createMock,
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/get_model_install_status.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/get_model_install_status.ts
new file mode 100644
index 0000000000000..be6caa34d0ad1
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/get_model_install_status.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { InferenceTaskType } from '@elastic/elasticsearch/lib/api/types';
+import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+
+export const getModelInstallStatus = async ({
+  inferenceId,
+  taskType = 'sparse_embedding',
+  client,
+}: {
+  inferenceId: string;
+  taskType?: InferenceTaskType;
+  client: ElasticsearchClient;
+  log: Logger;
+}) => {
+  const getInferenceRes = await client.inference.get(
+    {
+      task_type: taskType,
+      inference_id: inferenceId,
+    },
+    { ignore: [404] }
+  );
+
+  const installed = (getInferenceRes.endpoints ?? []).some(
+    (endpoint) => endpoint.inference_id === inferenceId
+  );
+
+  return { installed };
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/index.ts
new file mode 100644
index 0000000000000..089997557f301
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/index.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { waitUntilModelDeployed } from './wait_until_model_deployed';
+export { getModelInstallStatus } from './get_model_install_status';
+export { installElser } from './install_elser';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/install_elser.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/install_elser.ts
new file mode 100644
index 0000000000000..0e92d765a3d17
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/install_elser.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+
+export const installElser = async ({
+  inferenceId,
+  client,
+  log,
+}: {
+  inferenceId: string;
+  client: ElasticsearchClient;
+  log: Logger;
+}) => {
+  await client.inference.put(
+    {
+      task_type: 'sparse_embedding',
+      inference_id: inferenceId,
+      inference_config: {
+        service: 'elasticsearch',
+        service_settings: {
+          num_allocations: 1,
+          num_threads: 1,
+          model_id: '.elser_model_2',
+        },
+        task_settings: {},
+      },
+    },
+    { requestTimeout: 5 * 60 * 1000 }
+  );
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/wait_until_model_deployed.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/wait_until_model_deployed.ts
new file mode 100644
index 0000000000000..83775ed80f5a0
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/inference_endpoint/utils/wait_until_model_deployed.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+
+export const waitUntilModelDeployed = async ({
+  modelId,
+  client,
+  log,
+  maxRetries = 20,
+  delay = 2000,
+}: {
+  modelId: string;
+  client: ElasticsearchClient;
+  log: Logger;
+  maxRetries?: number;
+  delay?: number;
+}) => {
+  for (let i = 0; i < maxRetries; i++) {
+    const statsRes = await client.ml.getTrainedModelsStats({
+      model_id: modelId,
+    });
+    const deploymentStats = statsRes.trained_model_stats[0]?.deployment_stats;
+    if (!deploymentStats || deploymentStats.nodes.length === 0) {
+      log.debug(`ML model [${modelId}] was not deployed - attempt ${i + 1} of ${maxRetries}`);
+      await sleep(delay);
+      continue;
+    }
+    return;
+  }
+
+  throw new Error(`Timeout waiting for ML model ${modelId} to be deployed`);
+};
+
+const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/index.ts
new file mode 100644
index 0000000000000..a9edb7c38fdaa
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { PackageInstaller } from './package_installer';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.test.mocks.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.test.mocks.ts
new file mode 100644
index 0000000000000..3b7b7c234800f
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.test.mocks.ts
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const validateArtifactArchiveMock = jest.fn();
+export const fetchArtifactVersionsMock = jest.fn();
+export const createIndexMock = jest.fn();
+export const populateIndexMock = jest.fn();
+
+jest.doMock('./steps', () => {
+  const actual = jest.requireActual('./steps');
+  return {
+    ...actual,
+    validateArtifactArchive: validateArtifactArchiveMock,
+    fetchArtifactVersions: fetchArtifactVersionsMock,
+    createIndex: createIndexMock,
+    populateIndex: populateIndexMock,
+  };
+});
+
+export const downloadToDiskMock = jest.fn();
+export const openZipArchiveMock = jest.fn();
+export const loadMappingFileMock = jest.fn();
+
+jest.doMock('./utils', () => {
+  const actual = jest.requireActual('./utils');
+  return {
+    ...actual,
+    downloadToDisk: downloadToDiskMock,
+    openZipArchive: openZipArchiveMock,
+    loadMappingFile: loadMappingFileMock,
+  };
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.test.ts
new file mode 100644
index 0000000000000..e68bd0e9c5058
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.test.ts
@@ -0,0 +1,255 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  downloadToDiskMock,
+  createIndexMock,
+  populateIndexMock,
+  loadMappingFileMock,
+  openZipArchiveMock,
+  validateArtifactArchiveMock,
+  fetchArtifactVersionsMock,
+} from './package_installer.test.mocks';
+
+import {
+  getArtifactName,
+  getProductDocIndexName,
+  DocumentationProduct,
+  ProductName,
+} from '@kbn/product-doc-common';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import { installClientMock } from '../doc_install_status/service.mock';
+import { inferenceManagerMock } from '../inference_endpoint/service.mock';
+import type { ProductInstallState } from '../../../common/install_status';
+import { PackageInstaller } from './package_installer';
+
+const artifactsFolder = '/lost';
+const artifactRepositoryUrl = 'https://repository.com';
+const kibanaVersion = '8.16.3';
+
+const callOrder = (fn: { mock: { invocationCallOrder: number[] } }): number => {
+  return fn.mock.invocationCallOrder[0];
+};
+
+describe('PackageInstaller', () => {
+  let logger: MockedLogger;
+  let esClient: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+  let productDocClient: ReturnType<typeof installClientMock.create>;
+  let endpointManager: ReturnType<typeof inferenceManagerMock.create>;
+
+  let packageInstaller: PackageInstaller;
+
+  beforeEach(() => {
+    logger = loggerMock.create();
+    esClient = elasticsearchServiceMock.createElasticsearchClient();
+    productDocClient = installClientMock.create();
+    endpointManager = inferenceManagerMock.create();
+    packageInstaller = new PackageInstaller({
+      artifactsFolder,
+      logger,
+      esClient,
+      productDocClient,
+      endpointManager,
+      artifactRepositoryUrl,
+      kibanaVersion,
+    });
+  });
+
+  afterEach(() => {
+    downloadToDiskMock.mockReset();
+    createIndexMock.mockReset();
+    populateIndexMock.mockReset();
+    loadMappingFileMock.mockReset();
+    openZipArchiveMock.mockReset();
+    validateArtifactArchiveMock.mockReset();
+    fetchArtifactVersionsMock.mockReset();
+  });
+
+  describe('installPackage', () => {
+    it('calls the steps with the right parameters', async () => {
+      const zipArchive = {
+        close: jest.fn(),
+      };
+      openZipArchiveMock.mockResolvedValue(zipArchive);
+
+      const mappings = Symbol('mappings');
+      loadMappingFileMock.mockResolvedValue(mappings);
+
+      await packageInstaller.installPackage({ productName: 'kibana', productVersion: '8.16' });
+
+      const artifactName = getArtifactName({
+        productName: 'kibana',
+        productVersion: '8.16',
+      });
+      const indexName = getProductDocIndexName('kibana');
+      expect(endpointManager.ensureInternalElserInstalled).toHaveBeenCalledTimes(1);
+
+      expect(downloadToDiskMock).toHaveBeenCalledTimes(1);
+      expect(downloadToDiskMock).toHaveBeenCalledWith(
+        `${artifactRepositoryUrl}/${artifactName}`,
+        `${artifactsFolder}/${artifactName}`
+      );
+
+      expect(openZipArchiveMock).toHaveBeenCalledTimes(1);
+      expect(openZipArchiveMock).toHaveBeenCalledWith(`${artifactsFolder}/${artifactName}`);
+
+      expect(loadMappingFileMock).toHaveBeenCalledTimes(1);
+      expect(loadMappingFileMock).toHaveBeenCalledWith(zipArchive);
+
+      expect(createIndexMock).toHaveBeenCalledTimes(1);
+      expect(createIndexMock).toHaveBeenCalledWith({
+        indexName,
+        mappings,
+        esClient,
+        log: logger,
+      });
+
+      expect(populateIndexMock).toHaveBeenCalledTimes(1);
+      expect(populateIndexMock).toHaveBeenCalledWith({
+        indexName,
+        archive: zipArchive,
+        esClient,
+        log: logger,
+      });
+
+      expect(productDocClient.setInstallationSuccessful).toHaveBeenCalledTimes(1);
+      expect(productDocClient.setInstallationSuccessful).toHaveBeenCalledWith('kibana', indexName);
+
+      expect(zipArchive.close).toHaveBeenCalledTimes(1);
+
+      expect(productDocClient.setInstallationFailed).not.toHaveBeenCalled();
+    });
+
+    it('executes the steps in the right order', async () => {
+      await packageInstaller.installPackage({ productName: 'kibana', productVersion: '8.16' });
+
+      expect(callOrder(endpointManager.ensureInternalElserInstalled)).toBeLessThan(
+        callOrder(downloadToDiskMock)
+      );
+      expect(callOrder(downloadToDiskMock)).toBeLessThan(callOrder(openZipArchiveMock));
+      expect(callOrder(openZipArchiveMock)).toBeLessThan(callOrder(loadMappingFileMock));
+      expect(callOrder(loadMappingFileMock)).toBeLessThan(callOrder(createIndexMock));
+      expect(callOrder(createIndexMock)).toBeLessThan(callOrder(populateIndexMock));
+      expect(callOrder(populateIndexMock)).toBeLessThan(
+        callOrder(productDocClient.setInstallationSuccessful)
+      );
+    });
+
+    it('closes the archive and calls setInstallationFailed if the installation fails', async () => {
+      const zipArchive = {
+        close: jest.fn(),
+      };
+      openZipArchiveMock.mockResolvedValue(zipArchive);
+
+      populateIndexMock.mockImplementation(async () => {
+        throw new Error('something bad');
+      });
+
+      await expect(
+        packageInstaller.installPackage({ productName: 'kibana', productVersion: '8.16' })
+      ).rejects.toThrowError();
+
+      expect(productDocClient.setInstallationSuccessful).not.toHaveBeenCalled();
+
+      expect(zipArchive.close).toHaveBeenCalledTimes(1);
+
+      expect(logger.error).toHaveBeenCalledTimes(1);
+      expect(logger.error).toHaveBeenCalledWith(
+        expect.stringContaining('Error during documentation installation')
+      );
+
+      expect(productDocClient.setInstallationFailed).toHaveBeenCalledTimes(1);
+      expect(productDocClient.setInstallationFailed).toHaveBeenCalledWith(
+        'kibana',
+        'something bad'
+      );
+    });
+  });
+
+  describe('installALl', () => {
+    it('installs all the packages to their latest version', async () => {
+      jest.spyOn(packageInstaller, 'installPackage');
+
+      fetchArtifactVersionsMock.mockResolvedValue({
+        kibana: ['8.15', '8.16'],
+        elasticsearch: ['8.15'],
+      });
+
+      await packageInstaller.installAll({});
+
+      expect(packageInstaller.installPackage).toHaveBeenCalledTimes(2);
+
+      expect(packageInstaller.installPackage).toHaveBeenCalledWith({
+        productName: 'kibana',
+        productVersion: '8.16',
+      });
+      expect(packageInstaller.installPackage).toHaveBeenCalledWith({
+        productName: 'elasticsearch',
+        productVersion: '8.15',
+      });
+    });
+  });
+
+  describe('ensureUpToDate', () => {
+    it('updates the installed packages to the latest version', async () => {
+      fetchArtifactVersionsMock.mockResolvedValue({
+        kibana: ['8.15', '8.16'],
+        security: ['8.15', '8.16'],
+        elasticsearch: ['8.15'],
+      });
+
+      productDocClient.getInstallationStatus.mockResolvedValue({
+        kibana: { status: 'installed', version: '8.15' },
+        security: { status: 'installed', version: '8.16' },
+        elasticsearch: { status: 'uninstalled' },
+      } as Record<ProductName, ProductInstallState>);
+
+      jest.spyOn(packageInstaller, 'installPackage');
+
+      await packageInstaller.ensureUpToDate({});
+
+      expect(packageInstaller.installPackage).toHaveBeenCalledTimes(1);
+      expect(packageInstaller.installPackage).toHaveBeenCalledWith({
+        productName: 'kibana',
+        productVersion: '8.16',
+      });
+    });
+  });
+
+  describe('uninstallPackage', () => {
+    it('performs the uninstall steps', async () => {
+      await packageInstaller.uninstallPackage({ productName: 'kibana' });
+
+      expect(esClient.indices.delete).toHaveBeenCalledTimes(1);
+      expect(esClient.indices.delete).toHaveBeenCalledWith(
+        {
+          index: getProductDocIndexName('kibana'),
+        },
+        expect.objectContaining({ ignore: [404] })
+      );
+
+      expect(productDocClient.setUninstalled).toHaveBeenCalledTimes(1);
+      expect(productDocClient.setUninstalled).toHaveBeenCalledWith('kibana');
+    });
+  });
+
+  describe('uninstallAll', () => {
+    it('calls uninstall for all packages', async () => {
+      jest.spyOn(packageInstaller, 'uninstallPackage');
+
+      await packageInstaller.uninstallAll();
+
+      expect(packageInstaller.uninstallPackage).toHaveBeenCalledTimes(
+        Object.keys(DocumentationProduct).length
+      );
+      Object.values(DocumentationProduct).forEach((productName) => {
+        expect(packageInstaller.uninstallPackage).toHaveBeenCalledWith({ productName });
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.ts
new file mode 100644
index 0000000000000..7739219c15dc6
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/package_installer.ts
@@ -0,0 +1,218 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import {
+  getArtifactName,
+  getProductDocIndexName,
+  DocumentationProduct,
+  type ProductName,
+} from '@kbn/product-doc-common';
+import type { ProductDocInstallClient } from '../doc_install_status';
+import type { InferenceEndpointManager } from '../inference_endpoint';
+import { downloadToDisk, openZipArchive, loadMappingFile, type ZipArchive } from './utils';
+import { majorMinor, latestVersion } from './utils/semver';
+import {
+  validateArtifactArchive,
+  fetchArtifactVersions,
+  createIndex,
+  populateIndex,
+} from './steps';
+
+interface PackageInstallerOpts {
+  artifactsFolder: string;
+  logger: Logger;
+  esClient: ElasticsearchClient;
+  productDocClient: ProductDocInstallClient;
+  endpointManager: InferenceEndpointManager;
+  artifactRepositoryUrl: string;
+  kibanaVersion: string;
+}
+
+export class PackageInstaller {
+  private readonly log: Logger;
+  private readonly artifactsFolder: string;
+  private readonly esClient: ElasticsearchClient;
+  private readonly productDocClient: ProductDocInstallClient;
+  private readonly endpointManager: InferenceEndpointManager;
+  private readonly artifactRepositoryUrl: string;
+  private readonly currentVersion: string;
+
+  constructor({
+    artifactsFolder,
+    logger,
+    esClient,
+    productDocClient,
+    endpointManager,
+    artifactRepositoryUrl,
+    kibanaVersion,
+  }: PackageInstallerOpts) {
+    this.esClient = esClient;
+    this.productDocClient = productDocClient;
+    this.artifactsFolder = artifactsFolder;
+    this.endpointManager = endpointManager;
+    this.artifactRepositoryUrl = artifactRepositoryUrl;
+    this.currentVersion = majorMinor(kibanaVersion);
+    this.log = logger;
+  }
+
+  /**
+   * Make sure that the currently installed doc packages are up to date.
+   * Will not upgrade products that are not already installed
+   */
+  async ensureUpToDate({}: {}) {
+    const [repositoryVersions, installStatuses] = await Promise.all([
+      fetchArtifactVersions({
+        artifactRepositoryUrl: this.artifactRepositoryUrl,
+      }),
+      this.productDocClient.getInstallationStatus(),
+    ]);
+
+    const toUpdate: Array<{
+      productName: ProductName;
+      productVersion: string;
+    }> = [];
+    Object.entries(installStatuses).forEach(([productName, productState]) => {
+      if (productState.status === 'uninstalled') {
+        return;
+      }
+      const availableVersions = repositoryVersions[productName as ProductName];
+      if (!availableVersions || !availableVersions.length) {
+        return;
+      }
+      const selectedVersion = selectVersion(this.currentVersion, availableVersions);
+      if (productState.version !== selectedVersion) {
+        toUpdate.push({
+          productName: productName as ProductName,
+          productVersion: selectedVersion,
+        });
+      }
+    });
+
+    for (const { productName, productVersion } of toUpdate) {
+      await this.installPackage({
+        productName,
+        productVersion,
+      });
+    }
+  }
+
+  async installAll({}: {}) {
+    const repositoryVersions = await fetchArtifactVersions({
+      artifactRepositoryUrl: this.artifactRepositoryUrl,
+    });
+    const allProducts = Object.values(DocumentationProduct) as ProductName[];
+    for (const productName of allProducts) {
+      const availableVersions = repositoryVersions[productName];
+      if (!availableVersions || !availableVersions.length) {
+        this.log.warn(`No version found for product [${productName}]`);
+        continue;
+      }
+      const selectedVersion = selectVersion(this.currentVersion, availableVersions);
+
+      await this.installPackage({
+        productName,
+        productVersion: selectedVersion,
+      });
+    }
+  }
+
+  async installPackage({
+    productName,
+    productVersion,
+  }: {
+    productName: ProductName;
+    productVersion: string;
+  }) {
+    this.log.info(
+      `Starting installing documentation for product [${productName}] and version [${productVersion}]`
+    );
+
+    productVersion = majorMinor(productVersion);
+
+    await this.uninstallPackage({ productName });
+
+    let zipArchive: ZipArchive | undefined;
+    try {
+      await this.productDocClient.setInstallationStarted({
+        productName,
+        productVersion,
+      });
+
+      await this.endpointManager.ensureInternalElserInstalled();
+
+      const artifactFileName = getArtifactName({ productName, productVersion });
+      const artifactUrl = `${this.artifactRepositoryUrl}/${artifactFileName}`;
+      const artifactPath = `${this.artifactsFolder}/${artifactFileName}`;
+
+      this.log.debug(`Downloading from [${artifactUrl}] to [${artifactPath}]`);
+      await downloadToDisk(artifactUrl, artifactPath);
+
+      zipArchive = await openZipArchive(artifactPath);
+
+      validateArtifactArchive(zipArchive);
+
+      const mappings = await loadMappingFile(zipArchive);
+
+      const indexName = getProductDocIndexName(productName);
+
+      await createIndex({
+        indexName,
+        mappings,
+        esClient: this.esClient,
+        log: this.log,
+      });
+
+      await populateIndex({
+        indexName,
+        archive: zipArchive,
+        esClient: this.esClient,
+        log: this.log,
+      });
+      await this.productDocClient.setInstallationSuccessful(productName, indexName);
+
+      this.log.info(
+        `Documentation installation successful for product [${productName}] and version [${productVersion}]`
+      );
+    } catch (e) {
+      this.log.error(
+        `Error during documentation installation of product [${productName}]/[${productVersion}] : ${e.message}`
+      );
+
+      await this.productDocClient.setInstallationFailed(productName, e.message);
+      throw e;
+    } finally {
+      zipArchive?.close();
+    }
+  }
+
+  async uninstallPackage({ productName }: { productName: ProductName }) {
+    const indexName = getProductDocIndexName(productName);
+    await this.esClient.indices.delete(
+      {
+        index: indexName,
+      },
+      { ignore: [404] }
+    );
+
+    await this.productDocClient.setUninstalled(productName);
+  }
+
+  async uninstallAll() {
+    const allProducts = Object.values(DocumentationProduct);
+    for (const productName of allProducts) {
+      await this.uninstallPackage({ productName });
+    }
+  }
+}
+
+const selectVersion = (currentVersion: string, availableVersions: string[]): string => {
+  return availableVersions.includes(currentVersion)
+    ? currentVersion
+    : latestVersion(availableVersions);
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/create_index.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/create_index.test.ts
new file mode 100644
index 0000000000000..fca8b5283c300
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/create_index.test.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { createIndex } from './create_index';
+import { internalElserInferenceId } from '../../../../common/consts';
+
+describe('createIndex', () => {
+  let log: MockedLogger;
+  let esClient: ElasticsearchClient;
+
+  beforeEach(() => {
+    log = loggerMock.create();
+    esClient = elasticsearchServiceMock.createElasticsearchClient();
+  });
+
+  it('calls esClient.indices.create with the right parameters', async () => {
+    const mappings: MappingTypeMapping = {
+      properties: {},
+    };
+    const indexName = '.some-index';
+
+    await createIndex({
+      indexName,
+      mappings,
+      log,
+      esClient,
+    });
+
+    expect(esClient.indices.create).toHaveBeenCalledTimes(1);
+    expect(esClient.indices.create).toHaveBeenCalledWith({
+      index: indexName,
+      mappings,
+      settings: {
+        number_of_shards: 1,
+        auto_expand_replicas: '0-1',
+      },
+    });
+  });
+
+  it('rewrites the inference_id attribute of semantic_text fields in the mapping', async () => {
+    const mappings: MappingTypeMapping = {
+      properties: {
+        semantic: {
+          type: 'semantic_text',
+          inference_id: '.elser',
+        },
+        bool: {
+          type: 'boolean',
+        },
+      },
+    };
+
+    await createIndex({
+      indexName: '.some-index',
+      mappings,
+      log,
+      esClient,
+    });
+
+    expect(esClient.indices.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        mappings: {
+          properties: {
+            semantic: {
+              type: 'semantic_text',
+              inference_id: internalElserInferenceId,
+            },
+            bool: {
+              type: 'boolean',
+            },
+          },
+        },
+      })
+    );
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/create_index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/create_index.ts
new file mode 100644
index 0000000000000..decd62e556ba5
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/create_index.ts
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import type { MappingTypeMapping, MappingProperty } from '@elastic/elasticsearch/lib/api/types';
+import { internalElserInferenceId } from '../../../../common/consts';
+
+export const createIndex = async ({
+  esClient,
+  indexName,
+  mappings,
+  log,
+}: {
+  esClient: ElasticsearchClient;
+  indexName: string;
+  mappings: MappingTypeMapping;
+  log: Logger;
+}) => {
+  log.debug(`Creating index ${indexName}`);
+
+  overrideInferenceId(mappings, internalElserInferenceId);
+
+  await esClient.indices.create({
+    index: indexName,
+    mappings,
+    settings: {
+      number_of_shards: 1,
+      auto_expand_replicas: '0-1',
+    },
+  });
+};
+
+const overrideInferenceId = (mappings: MappingTypeMapping, inferenceId: string) => {
+  const recursiveOverride = (current: MappingTypeMapping | MappingProperty) => {
+    if ('type' in current && current.type === 'semantic_text') {
+      current.inference_id = inferenceId;
+    }
+    if ('properties' in current && current.properties) {
+      for (const prop of Object.values(current.properties)) {
+        recursiveOverride(prop);
+      }
+    }
+  };
+  recursiveOverride(mappings);
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/fetch_artifact_versions.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/fetch_artifact_versions.test.ts
new file mode 100644
index 0000000000000..805008ccab698
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/fetch_artifact_versions.test.ts
@@ -0,0 +1,129 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import fetch, { Response } from 'node-fetch';
+import { fetchArtifactVersions } from './fetch_artifact_versions';
+import { getArtifactName, DocumentationProduct, ProductName } from '@kbn/product-doc-common';
+
+jest.mock('node-fetch');
+const fetchMock = fetch as jest.MockedFn<typeof fetch>;
+
+const createResponse = ({
+  artifactNames,
+  truncated = false,
+}: {
+  artifactNames: string[];
+  truncated?: boolean;
+}) => {
+  return `
+  <ListBucketResult xmlns="http://doc.s3.amazonaws.com/2006-03-01">
+    <Name>kibana-ai-assistant-kb-artifacts</Name>
+    <Prefix/>
+    <Marker/>
+    <IsTruncated>${truncated}</IsTruncated>
+    ${artifactNames.map(
+      (artifactName) => `
+       <Contents>
+        <Key>${artifactName}</Key>
+        <Generation>1728486063097626</Generation>
+        <MetaGeneration>1</MetaGeneration>
+        <LastModified>2024-10-09T15:01:03.137Z</LastModified>
+        <ETag>"e0584955969eccf2a16b8829f768cb1f"</ETag>
+        <Size>36781438</Size>
+      </Contents>`
+    )}
+  </ListBucketResult>
+  `;
+};
+
+const artifactRepositoryUrl = 'https://lost.com';
+
+const expectVersions = (
+  versions: Partial<Record<ProductName, string[]>>
+): Record<ProductName, string[]> => {
+  const response = {} as Record<ProductName, string[]>;
+  Object.values(DocumentationProduct).forEach((productName) => {
+    response[productName] = [];
+  });
+  return {
+    ...response,
+    ...versions,
+  };
+};
+
+describe('fetchArtifactVersions', () => {
+  beforeEach(() => {
+    fetchMock.mockReset();
+  });
+
+  const mockResponse = (responseText: string) => {
+    const response = {
+      text: () => Promise.resolve(responseText),
+    };
+    fetchMock.mockResolvedValue(response as Response);
+  };
+
+  it('calls fetch with the right parameters', async () => {
+    mockResponse(createResponse({ artifactNames: [] }));
+
+    await fetchArtifactVersions({ artifactRepositoryUrl });
+
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    expect(fetchMock).toHaveBeenCalledWith(`${artifactRepositoryUrl}?max-keys=1000`);
+  });
+
+  it('returns the list of versions from the repository', async () => {
+    const artifactNames = [
+      getArtifactName({ productName: 'kibana', productVersion: '8.16' }),
+      getArtifactName({ productName: 'elasticsearch', productVersion: '8.16' }),
+    ];
+    mockResponse(createResponse({ artifactNames }));
+
+    const versions = await fetchArtifactVersions({ artifactRepositoryUrl });
+
+    expect(versions).toEqual(
+      expectVersions({
+        kibana: ['8.16'],
+        elasticsearch: ['8.16'],
+      })
+    );
+  });
+
+  it('retrieve all versions for each product', async () => {
+    const artifactNames = [
+      getArtifactName({ productName: 'kibana', productVersion: '8.15' }),
+      getArtifactName({ productName: 'kibana', productVersion: '8.16' }),
+      getArtifactName({ productName: 'kibana', productVersion: '8.17' }),
+      getArtifactName({ productName: 'elasticsearch', productVersion: '8.16' }),
+      getArtifactName({ productName: 'elasticsearch', productVersion: '9.0' }),
+    ];
+    mockResponse(createResponse({ artifactNames }));
+
+    const versions = await fetchArtifactVersions({ artifactRepositoryUrl });
+
+    expect(versions).toEqual(
+      expectVersions({
+        kibana: ['8.15', '8.16', '8.17'],
+        elasticsearch: ['8.16', '9.0'],
+      })
+    );
+  });
+
+  it('throws an error if the response is truncated', async () => {
+    mockResponse(createResponse({ artifactNames: [], truncated: true }));
+
+    await expect(fetchArtifactVersions({ artifactRepositoryUrl })).rejects.toThrowError(
+      /bucket content is truncated/
+    );
+  });
+
+  it('throws an error if the response is not valid xml', async () => {
+    mockResponse('some plain text');
+
+    await expect(fetchArtifactVersions({ artifactRepositoryUrl })).rejects.toThrowError();
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/fetch_artifact_versions.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/fetch_artifact_versions.ts
new file mode 100644
index 0000000000000..69c6db2d5d8ae
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/fetch_artifact_versions.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import fetch from 'node-fetch';
+import { parseString } from 'xml2js';
+import { type ProductName, DocumentationProduct, parseArtifactName } from '@kbn/product-doc-common';
+
+type ArtifactAvailableVersions = Record<ProductName, string[]>;
+
+export const fetchArtifactVersions = async ({
+  artifactRepositoryUrl,
+}: {
+  artifactRepositoryUrl: string;
+}): Promise<ArtifactAvailableVersions> => {
+  const res = await fetch(`${artifactRepositoryUrl}?max-keys=1000`);
+  const xml = await res.text();
+  return new Promise((resolve, reject) => {
+    parseString(xml, (err, result: ListBucketResponse) => {
+      if (err) {
+        reject(err);
+      }
+
+      // 6 artifacts per minor stack version means we have a few decades before facing this problem
+      if (result.ListBucketResult.IsTruncated?.includes('true')) {
+        throw new Error('bucket content is truncated, cannot retrieve all versions');
+      }
+
+      const allowedProductNames: ProductName[] = Object.values(DocumentationProduct);
+
+      const record: ArtifactAvailableVersions = {} as ArtifactAvailableVersions;
+      allowedProductNames.forEach((product) => {
+        record[product] = [];
+      });
+
+      result.ListBucketResult.Contents?.forEach((contentEntry) => {
+        const artifactName = contentEntry.Key[0];
+        const parsed = parseArtifactName(artifactName);
+        if (parsed) {
+          const { productName, productVersion } = parsed;
+          record[productName]!.push(productVersion);
+        }
+      });
+
+      resolve(record);
+    });
+  });
+};
+
+interface ListBucketResponse {
+  ListBucketResult: {
+    Name?: string[];
+    IsTruncated?: string[];
+    Contents?: Array<{ Key: string[] }>;
+  };
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/index.ts
new file mode 100644
index 0000000000000..3c84fc9cccf1a
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/index.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { createIndex } from './create_index';
+export { populateIndex } from './populate_index';
+export { validateArtifactArchive } from './validate_artifact_archive';
+export { fetchArtifactVersions } from './fetch_artifact_versions';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/populate_index.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/populate_index.test.ts
new file mode 100644
index 0000000000000..2f301f9928e9a
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/populate_index.test.ts
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { times } from 'lodash';
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { internalElserInferenceId } from '../../../../common/consts';
+import type { ZipArchive } from '../utils/zip_archive';
+import { populateIndex } from './populate_index';
+
+const createMockArchive = (entries: Record<string, string>): ZipArchive => {
+  return {
+    hasEntry: (entryPath) => Object.keys(entries).includes(entryPath),
+    getEntryPaths: () => Object.keys(entries),
+    getEntryContent: async (entryPath) => Buffer.from(entries[entryPath]),
+    close: () => undefined,
+  };
+};
+
+const createContentFile = (count: number, offset: number = 0): string => {
+  return times(count)
+    .map((i) => JSON.stringify({ idx: offset + i }))
+    .join('\n');
+};
+
+describe('populateIndex', () => {
+  let log: MockedLogger;
+  let esClient: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+
+  beforeEach(() => {
+    log = loggerMock.create();
+    esClient = elasticsearchServiceMock.createElasticsearchClient();
+  });
+
+  it('calls `esClient.bulk` once per content file', async () => {
+    const archive = createMockArchive({
+      'content/content-0.ndjson': createContentFile(2),
+      'content/content-1.ndjson': createContentFile(2),
+    });
+
+    await populateIndex({
+      indexName: '.foo',
+      archive,
+      log,
+      esClient,
+    });
+
+    expect(esClient.bulk).toHaveBeenCalledTimes(2);
+  });
+
+  it('calls `esClient.bulk` with the right payload', async () => {
+    const archive = createMockArchive({
+      'content/content-0.ndjson': createContentFile(2),
+    });
+
+    await populateIndex({
+      indexName: '.foo',
+      archive,
+      log,
+      esClient,
+    });
+
+    expect(esClient.bulk).toHaveBeenCalledTimes(1);
+    expect(esClient.bulk).toHaveBeenCalledWith({
+      refresh: false,
+      operations: [
+        { index: { _index: '.foo' } },
+        { idx: 0 },
+        { index: { _index: '.foo' } },
+        { idx: 1 },
+      ],
+    });
+  });
+
+  it('rewrites the inference_id of semantic fields', async () => {
+    const archive = createMockArchive({
+      'content/content-0.ndjson': JSON.stringify({
+        semantic: { text: 'foo', inference: { inference_id: '.some-inference' } },
+      }),
+    });
+
+    await populateIndex({
+      indexName: '.foo',
+      archive,
+      log,
+      esClient,
+    });
+
+    expect(esClient.bulk).toHaveBeenCalledTimes(1);
+    expect(esClient.bulk).toHaveBeenCalledWith({
+      refresh: false,
+      operations: [
+        { index: { _index: '.foo' } },
+        {
+          semantic: {
+            inference: {
+              inference_id: internalElserInferenceId,
+            },
+            text: 'foo',
+          },
+        },
+      ],
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/populate_index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/populate_index.ts
new file mode 100644
index 0000000000000..017757ca90b99
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/populate_index.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { BulkRequest } from '@elastic/elasticsearch/lib/api/types';
+import type { Logger } from '@kbn/logging';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import { isArtifactContentFilePath } from '@kbn/product-doc-common';
+import { internalElserInferenceId } from '../../../../common/consts';
+import type { ZipArchive } from '../utils/zip_archive';
+
+export const populateIndex = async ({
+  esClient,
+  indexName,
+  archive,
+  log,
+}: {
+  esClient: ElasticsearchClient;
+  indexName: string;
+  archive: ZipArchive;
+  log: Logger;
+}) => {
+  log.debug(`Starting populating index ${indexName}`);
+
+  const contentEntries = archive.getEntryPaths().filter(isArtifactContentFilePath);
+
+  for (let i = 0; i < contentEntries.length; i++) {
+    const entryPath = contentEntries[i];
+    log.debug(`Indexing content for entry ${entryPath}`);
+    const contentBuffer = await archive.getEntryContent(entryPath);
+    await indexContentFile({ indexName, esClient, contentBuffer });
+  }
+
+  log.debug(`Done populating index ${indexName}`);
+};
+
+const indexContentFile = async ({
+  indexName,
+  contentBuffer,
+  esClient,
+}: {
+  indexName: string;
+  contentBuffer: Buffer;
+  esClient: ElasticsearchClient;
+}) => {
+  const fileContent = contentBuffer.toString('utf-8');
+  const lines = fileContent.split('\n');
+
+  const documents = lines
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0)
+    .map((line) => {
+      return JSON.parse(line);
+    })
+    .map((doc) => rewriteInferenceId(doc, internalElserInferenceId));
+
+  const operations = documents.reduce((ops, document) => {
+    ops!.push(...[{ index: { _index: indexName } }, document]);
+    return ops;
+  }, [] as BulkRequest['operations']);
+
+  const response = await esClient.bulk({
+    refresh: false,
+    operations,
+  });
+
+  if (response.errors) {
+    const error = response.items.find((item) => item.index?.error)?.index?.error ?? 'unknown error';
+    throw new Error(`Error indexing documents: ${JSON.stringify(error)}`);
+  }
+};
+
+const rewriteInferenceId = (document: Record<string, any>, inferenceId: string) => {
+  // we don't need to handle nested fields, we don't have any and won't.
+  Object.values(document).forEach((field) => {
+    if (field.inference) {
+      field.inference.inference_id = inferenceId;
+    }
+  });
+  return document;
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/validate_artifact_archive.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/validate_artifact_archive.test.ts
new file mode 100644
index 0000000000000..607277aaf3466
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/validate_artifact_archive.test.ts
@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ZipArchive } from '../utils/zip_archive';
+import { validateArtifactArchive } from './validate_artifact_archive';
+
+const createMockArchive = (entryPaths: string[]): ZipArchive => {
+  return {
+    hasEntry: (entryPath) => entryPaths.includes(entryPath),
+    getEntryPaths: () => entryPaths,
+    getEntryContent: () => {
+      throw new Error('non implemented');
+    },
+    close: () => undefined,
+  };
+};
+
+describe('validateArtifactArchive', () => {
+  it('validates that the archive contains all the mandatory files', () => {
+    const archive = createMockArchive([
+      'manifest.json',
+      'mappings.json',
+      'content/content-1.ndjson',
+    ]);
+
+    const validation = validateArtifactArchive(archive);
+
+    expect(validation).toEqual({ valid: true });
+  });
+
+  it('does not validate if the archive does not contain a manifest', () => {
+    const archive = createMockArchive(['something.txt']);
+
+    const validation = validateArtifactArchive(archive);
+
+    expect(validation).toMatchInlineSnapshot(`
+      Object {
+        "error": "Manifest file not found",
+        "valid": false,
+      }
+    `);
+  });
+
+  it('does not validate  if the archive does not contain mappings', () => {
+    const archive = createMockArchive(['manifest.json']);
+
+    const validation = validateArtifactArchive(archive);
+
+    expect(validation).toMatchInlineSnapshot(`
+      Object {
+        "error": "Mapping file not found",
+        "valid": false,
+      }
+    `);
+  });
+
+  it('does not validate  if the archive does not contain content files', () => {
+    const archive = createMockArchive(['manifest.json', 'mappings.json']);
+
+    const validation = validateArtifactArchive(archive);
+
+    expect(validation).toMatchInlineSnapshot(`
+      Object {
+        "error": "No content files were found",
+        "valid": false,
+      }
+    `);
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/validate_artifact_archive.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/validate_artifact_archive.ts
new file mode 100644
index 0000000000000..471d7c080c481
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/steps/validate_artifact_archive.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isArtifactContentFilePath } from '@kbn/product-doc-common';
+import type { ZipArchive } from '../utils/zip_archive';
+
+type ValidationResult = { valid: true } | { valid: false; error: string };
+
+export const validateArtifactArchive = (archive: ZipArchive): ValidationResult => {
+  if (!archive.hasEntry('manifest.json')) {
+    return { valid: false, error: 'Manifest file not found' };
+  }
+  if (!archive.hasEntry('mappings.json')) {
+    return { valid: false, error: 'Mapping file not found' };
+  }
+  if (!archive.getEntryPaths().some(isArtifactContentFilePath)) {
+    return { valid: false, error: 'No content files were found' };
+  }
+  return { valid: true };
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/archive_accessors.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/archive_accessors.test.ts
new file mode 100644
index 0000000000000..9d42be652d74d
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/archive_accessors.test.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+import type { ArtifactManifest } from '@kbn/product-doc-common';
+import type { ZipArchive } from './zip_archive';
+import { loadManifestFile, loadMappingFile } from './archive_accessors';
+
+const createMockArchive = (entries: Record<string, string>): ZipArchive => {
+  return {
+    hasEntry: (entryPath) => Object.keys(entries).includes(entryPath),
+    getEntryPaths: () => Object.keys(entries),
+    getEntryContent: async (entryPath) => Buffer.from(entries[entryPath]),
+    close: () => undefined,
+  };
+};
+
+describe('loadManifestFile', () => {
+  it('parses the manifest from the archive', async () => {
+    const manifest: ArtifactManifest = {
+      formatVersion: '1.0.0',
+      productName: 'kibana',
+      productVersion: '8.16',
+    };
+    const archive = createMockArchive({ 'manifest.json': JSON.stringify(manifest) });
+
+    const parsedManifest = await loadManifestFile(archive);
+
+    expect(parsedManifest).toEqual(manifest);
+  });
+
+  it('throws if the archive does not contain the manifest', async () => {
+    const archive = createMockArchive({});
+
+    await expect(loadManifestFile(archive)).rejects.toThrowErrorMatchingInlineSnapshot(
+      `"Could not load archive file: \\"manifest.json\\" not found in archive"`
+    );
+  });
+
+  it('throws if the manifest cannot be parsed', async () => {
+    const archive = createMockArchive({ 'manifest.json': '{}}}{' });
+
+    await expect(loadManifestFile(archive)).rejects.toThrowError();
+  });
+});
+
+describe('loadMappingFile', () => {
+  it('parses the manifest from the archive', async () => {
+    const mappings: MappingTypeMapping = {
+      properties: {
+        foo: { type: 'text' },
+      },
+    };
+    const archive = createMockArchive({ 'mappings.json': JSON.stringify(mappings) });
+
+    const parsedMappings = await loadMappingFile(archive);
+
+    expect(parsedMappings).toEqual(mappings);
+  });
+
+  it('throws if the archive does not contain the manifest', async () => {
+    const archive = createMockArchive({});
+
+    await expect(loadMappingFile(archive)).rejects.toThrowErrorMatchingInlineSnapshot(
+      `"Could not load archive file: \\"mappings.json\\" not found in archive"`
+    );
+  });
+
+  it('throws if the manifest cannot be parsed', async () => {
+    const archive = createMockArchive({ 'mappings.json': '{}}}{' });
+
+    await expect(loadMappingFile(archive)).rejects.toThrowError();
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/archive_accessors.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/archive_accessors.ts
new file mode 100644
index 0000000000000..a4ec4f4418f3c
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/archive_accessors.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+import type { ArtifactManifest } from '@kbn/product-doc-common';
+import type { ZipArchive } from './zip_archive';
+
+const manifestEntryPath = 'manifest.json';
+const mappingsEntryPath = 'mappings.json';
+
+export const loadManifestFile = async (archive: ZipArchive): Promise<ArtifactManifest> => {
+  return await parseEntryContent<ArtifactManifest>(manifestEntryPath, archive);
+};
+
+export const loadMappingFile = async (archive: ZipArchive): Promise<MappingTypeMapping> => {
+  return await parseEntryContent<MappingTypeMapping>(mappingsEntryPath, archive);
+};
+
+const parseEntryContent = async <T>(entryPath: string, archive: ZipArchive): Promise<T> => {
+  if (!archive.hasEntry(entryPath)) {
+    throw new Error(`Could not load archive file: "${entryPath}" not found in archive`);
+  }
+  try {
+    const buffer = await archive.getEntryContent(entryPath);
+    return JSON.parse(buffer.toString('utf-8'));
+  } catch (e) {
+    throw new Error(`Could not parse archive file: ${e}`);
+  }
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/download.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/download.ts
new file mode 100644
index 0000000000000..ea5357792ef5f
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/download.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createWriteStream } from 'fs';
+import { mkdir } from 'fs/promises';
+import Path from 'path';
+import fetch from 'node-fetch';
+
+export const downloadToDisk = async (fileUrl: string, filePath: string) => {
+  const dirPath = Path.dirname(filePath);
+  await mkdir(dirPath, { recursive: true });
+  const res = await fetch(fileUrl);
+  const fileStream = createWriteStream(filePath);
+  await new Promise((resolve, reject) => {
+    res.body.pipe(fileStream);
+    res.body.on('error', reject);
+    fileStream.on('finish', resolve);
+  });
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/index.ts
new file mode 100644
index 0000000000000..a612a8c6e9f46
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/index.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { downloadToDisk } from './download';
+export { openZipArchive, type ZipArchive } from './zip_archive';
+export { loadManifestFile, loadMappingFile } from './archive_accessors';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/semver.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/semver.test.ts
new file mode 100644
index 0000000000000..9bc20f2eecdbd
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/semver.test.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { latestVersion, majorMinor } from './semver';
+
+describe('majorMinor', () => {
+  it('returns the version in a {major.minor} format', () => {
+    expect(majorMinor('9.17.5')).toEqual('9.17');
+  });
+  it('ignores qualifiers', () => {
+    expect(majorMinor('10.42.9000-snap')).toEqual('10.42');
+  });
+  it('accepts {major.minor} format as input', () => {
+    expect(majorMinor('8.16')).toEqual('8.16');
+  });
+});
+
+describe('latestVersion', () => {
+  it('returns the highest version from the list', () => {
+    expect(latestVersion(['7.16.3', '8.1.4', '6.14.2'])).toEqual('8.1.4');
+  });
+  it('accepts versions in a {major.minor} format', () => {
+    expect(latestVersion(['9.16', '9.3'])).toEqual('9.16');
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/semver.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/semver.ts
new file mode 100644
index 0000000000000..b4e38215af90e
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/semver.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import Semver from 'semver';
+
+export const latestVersion = (versions: string[]): string => {
+  let latest: string = versions[0];
+  for (let i = 1; i < versions.length; i++) {
+    const current = versions[i];
+    if (Semver.gt(Semver.coerce(current)!, Semver.coerce(latest)!)) {
+      latest = current;
+    }
+  }
+  return latest;
+};
+
+export const majorMinor = (version: string): string => {
+  const parsed = Semver.coerce(version);
+  if (!parsed) {
+    throw new Error(`Not a valid semver version: [${version}]`);
+  }
+  return `${parsed.major}.${parsed.minor}`;
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/test_data/test_archive_1.zip b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/test_data/test_archive_1.zip
new file mode 100644
index 0000000000000..fce195d2c4db2
Binary files /dev/null and b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/test_data/test_archive_1.zip differ
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/zip_archive.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/zip_archive.test.ts
new file mode 100644
index 0000000000000..71cd5891c5e5d
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/zip_archive.test.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import Path from 'path';
+import { openZipArchive, ZipArchive } from './zip_archive';
+
+const ZIP_PATH = Path.resolve(__dirname, './test_data/test_archive_1.zip');
+
+describe('ZipArchive', () => {
+  let archive: ZipArchive;
+
+  beforeAll(async () => {
+    archive = await openZipArchive(ZIP_PATH);
+  });
+
+  afterAll(() => {
+    archive?.close();
+  });
+
+  test('#getEntryPaths returns the path of all entries', () => {
+    expect(archive.getEntryPaths().sort()).toEqual([
+      'nested/',
+      'nested/nested_1.txt',
+      'text_1.txt',
+      'text_2.txt',
+      'text_3.txt',
+    ]);
+  });
+
+  test('#hasEntry returns true if the entry exists, false otherwise', () => {
+    expect(archive.hasEntry('nested/nested_1.txt')).toBe(true);
+    expect(archive.hasEntry('not_an_entry')).toBe(false);
+  });
+
+  test('#getEntryContent returns the content of the entry', async () => {
+    const buffer = await archive.getEntryContent('text_1.txt');
+    expect(buffer.toString('utf-8')).toEqual('text_1');
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/zip_archive.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/zip_archive.ts
new file mode 100644
index 0000000000000..dbc4ec1b3e41f
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/package_installer/utils/zip_archive.ts
@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import yauzl from 'yauzl';
+
+export interface ZipArchive {
+  hasEntry(entryPath: string): boolean;
+  getEntryPaths(): string[];
+  getEntryContent(entryPath: string): Promise<Buffer>;
+  close(): void;
+}
+
+export const openZipArchive = async (archivePath: string): Promise<ZipArchive> => {
+  return new Promise<ZipArchive>((resolve, reject) => {
+    const entries: yauzl.Entry[] = [];
+    yauzl.open(archivePath, { lazyEntries: true, autoClose: false }, (err, zipFile) => {
+      if (err || !zipFile) {
+        return reject(err ?? 'No zip file');
+      }
+
+      zipFile!.on('entry', (entry) => {
+        entries.push(entry);
+        zipFile.readEntry();
+      });
+
+      zipFile.on('end', () => {
+        const archive = new ZipArchiveImpl(entries, zipFile);
+        resolve(archive);
+      });
+
+      zipFile.on('close', () => {});
+
+      zipFile.readEntry();
+    });
+  });
+};
+
+class ZipArchiveImpl implements ZipArchive {
+  private readonly zipFile: yauzl.ZipFile;
+  private readonly entries: Map<string, yauzl.Entry>;
+
+  constructor(entries: yauzl.Entry[], zipFile: yauzl.ZipFile) {
+    this.zipFile = zipFile;
+    this.entries = new Map(entries.map((entry) => [entry.fileName, entry]));
+  }
+
+  hasEntry(entryPath: string) {
+    return this.entries.has(entryPath);
+  }
+
+  getEntryPaths() {
+    return [...this.entries.keys()];
+  }
+
+  getEntryContent(entryPath: string) {
+    const foundEntry = this.entries.get(entryPath);
+    if (!foundEntry) {
+      throw new Error(`Entry ${entryPath} not found in archive`);
+    }
+    return getZipEntryContent(this.zipFile, foundEntry);
+  }
+
+  close() {
+    this.zipFile.close();
+  }
+}
+
+const getZipEntryContent = async (zipFile: yauzl.ZipFile, entry: yauzl.Entry): Promise<Buffer> => {
+  return new Promise((resolve, reject) => {
+    zipFile.openReadStream(entry, (err, readStream) => {
+      if (err) {
+        return reject(err);
+      } else {
+        const chunks: Buffer[] = [];
+        readStream!.on('data', (chunk: Buffer) => {
+          chunks.push(chunk);
+        });
+        readStream!.on('end', () => {
+          resolve(Buffer.concat(chunks));
+        });
+        readStream!.on('error', () => {
+          reject();
+        });
+      }
+    });
+  });
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/index.ts
new file mode 100644
index 0000000000000..3e5ac95ae4edf
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { SearchService } from './search_service';
+export type { DocSearchOptions, DocSearchResult, DocSearchResponse, SearchApi } from './types';
diff --git a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/perform_semantic_search.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/perform_search.ts
similarity index 78%
rename from x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/perform_semantic_search.ts
rename to x-pack/plugins/ai_infra/product_doc_base/server/services/search/perform_search.ts
index 373a6b8755429..03c3b72f86f92 100644
--- a/x-pack/packages/ai-infra/product-doc-artifact-builder/src/tasks/perform_semantic_search.ts
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/perform_search.ts
@@ -5,29 +5,27 @@
  * 2.0.
  */
 
-import type { Client } from '@elastic/elasticsearch';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import type { ProductDocumentationAttributes } from '@kbn/product-doc-common';
 
 // https://search-labs.elastic.co/search-labs/blog/elser-rag-search-for-relevance
 
-export const performSemanticSearch = async ({
+export const performSearch = async ({
   searchQuery,
+  size,
   index,
   client,
 }: {
   searchQuery: string;
-  index: string;
-  client: Client;
+  size: number;
+  index: string | string[];
+  client: ElasticsearchClient;
 }) => {
-  const results = await client.search({
+  const results = await client.search<ProductDocumentationAttributes>({
     index,
-    size: 3,
+    size,
     query: {
       bool: {
-        filter: {
-          bool: {
-            must: [{ term: { version: '8.15' } }],
-          },
-        },
         should: [
           {
             multi_match: {
@@ -37,7 +35,7 @@ export const performSemanticSearch = async ({
               fields: [
                 'content_title',
                 'content_body.text',
-                'ai_subtitle.text',
+                'ai_subtitle',
                 'ai_summary.text',
                 'ai_questions_answered.text',
                 'ai_tags',
@@ -65,12 +63,6 @@ export const performSemanticSearch = async ({
               query: searchQuery,
             },
           },
-          {
-            semantic: {
-              field: 'ai_subtitle',
-              query: searchQuery,
-            },
-          },
           {
             semantic: {
               field: 'ai_summary',
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/search_service.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/search_service.test.ts
new file mode 100644
index 0000000000000..c8053ca981e71
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/search_service.test.ts
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { loggerMock, type MockedLogger } from '@kbn/logging-mocks';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { SearchService } from './search_service';
+import { getIndicesForProductNames } from './utils';
+
+import { performSearch } from './perform_search';
+jest.mock('./perform_search');
+const performSearchMock = performSearch as jest.MockedFn<typeof performSearch>;
+
+describe('SearchService', () => {
+  let logger: MockedLogger;
+  let esClient: ReturnType<typeof elasticsearchServiceMock.createElasticsearchClient>;
+  let service: SearchService;
+
+  beforeEach(() => {
+    logger = loggerMock.create();
+    esClient = elasticsearchServiceMock.createElasticsearchClient();
+    service = new SearchService({ logger, esClient });
+
+    performSearchMock.mockResolvedValue([]);
+  });
+
+  afterEach(() => {
+    performSearchMock.mockReset();
+  });
+
+  describe('#search', () => {
+    it('calls `performSearch` with the right parameters', async () => {
+      await service.search({
+        query: 'What is Kibana?',
+        products: ['kibana'],
+        max: 42,
+      });
+
+      expect(performSearchMock).toHaveBeenCalledTimes(1);
+      expect(performSearchMock).toHaveBeenCalledWith({
+        searchQuery: 'What is Kibana?',
+        size: 42,
+        index: getIndicesForProductNames(['kibana']),
+        client: esClient,
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/search_service.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/search_service.ts
new file mode 100644
index 0000000000000..a0b1e4fd4a836
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/search_service.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import { getIndicesForProductNames, mapResult } from './utils';
+import { performSearch } from './perform_search';
+import type { DocSearchOptions, DocSearchResponse } from './types';
+
+export class SearchService {
+  private readonly log: Logger;
+  private readonly esClient: ElasticsearchClient;
+
+  constructor({ logger, esClient }: { logger: Logger; esClient: ElasticsearchClient }) {
+    this.log = logger;
+    this.esClient = esClient;
+  }
+
+  async search(options: DocSearchOptions): Promise<DocSearchResponse> {
+    const { query, max = 3, products } = options;
+    this.log.debug(`performing search - query=[${query}]`);
+    const results = await performSearch({
+      searchQuery: query,
+      size: max,
+      index: getIndicesForProductNames(products),
+      client: this.esClient,
+    });
+
+    return {
+      results: results.map(mapResult),
+    };
+  }
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/types.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/types.ts
new file mode 100644
index 0000000000000..fb474bbf4deab
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/types.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ProductName } from '@kbn/product-doc-common';
+
+export interface DocSearchOptions {
+  query: string;
+  max?: number;
+  products?: ProductName[];
+}
+
+export interface DocSearchResult {
+  title: string;
+  content: string;
+  url: string;
+  productName: ProductName;
+}
+
+export interface DocSearchResponse {
+  results: DocSearchResult[];
+}
+
+export type SearchApi = (options: DocSearchOptions) => Promise<DocSearchResponse>;
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/get_indices_for_product_names.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/get_indices_for_product_names.test.ts
new file mode 100644
index 0000000000000..0293d086d4f13
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/get_indices_for_product_names.test.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { productDocIndexPattern, getProductDocIndexName } from '@kbn/product-doc-common';
+import { getIndicesForProductNames } from './get_indices_for_product_names';
+
+describe('getIndicesForProductNames', () => {
+  it('returns the index pattern when product names are not specified', () => {
+    expect(getIndicesForProductNames(undefined)).toEqual(productDocIndexPattern);
+    expect(getIndicesForProductNames([])).toEqual(productDocIndexPattern);
+  });
+  it('returns individual index names when product names are specified', () => {
+    expect(getIndicesForProductNames(['kibana', 'elasticsearch'])).toEqual([
+      getProductDocIndexName('kibana'),
+      getProductDocIndexName('elasticsearch'),
+    ]);
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/get_indices_for_product_names.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/get_indices_for_product_names.ts
new file mode 100644
index 0000000000000..e97ed9cea3611
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/get_indices_for_product_names.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  productDocIndexPattern,
+  getProductDocIndexName,
+  type ProductName,
+} from '@kbn/product-doc-common';
+
+export const getIndicesForProductNames = (
+  productNames: ProductName[] | undefined
+): string | string[] => {
+  if (!productNames || !productNames.length) {
+    return productDocIndexPattern;
+  }
+  return productNames.map(getProductDocIndexName);
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/index.ts
new file mode 100644
index 0000000000000..1a6a2eaa24a99
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { getIndicesForProductNames } from './get_indices_for_product_names';
+export { mapResult } from './map_result';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/map_result.test.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/map_result.test.ts
new file mode 100644
index 0000000000000..56e8ce4875cc5
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/map_result.test.ts
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SearchHit } from '@elastic/elasticsearch/lib/api/types';
+import type { ProductDocumentationAttributes } from '@kbn/product-doc-common';
+import { mapResult } from './map_result';
+
+const createHit = (
+  attrs: ProductDocumentationAttributes
+): SearchHit<ProductDocumentationAttributes> => {
+  return {
+    _index: '.foo',
+    _source: attrs,
+  };
+};
+
+describe('mapResult', () => {
+  it('returns the expected shape', () => {
+    const input = createHit({
+      content_title: 'content_title',
+      content_body: { text: 'content_body' },
+      product_name: 'kibana',
+      root_type: 'documentation',
+      slug: 'foo.html',
+      url: 'http://lost.com/foo.html',
+      version: '8.16',
+      ai_subtitle: 'ai_subtitle',
+      ai_summary: { text: 'ai_summary' },
+      ai_questions_answered: { text: ['question A'] },
+      ai_tags: ['foo', 'bar', 'test'],
+    });
+
+    const output = mapResult(input);
+
+    expect(output).toEqual({
+      content: 'content_body',
+      productName: 'kibana',
+      title: 'content_title',
+      url: 'http://lost.com/foo.html',
+    });
+  });
+});
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/map_result.ts b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/map_result.ts
new file mode 100644
index 0000000000000..f4f66b2111827
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/services/search/utils/map_result.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SearchHit } from '@elastic/elasticsearch/lib/api/types';
+import type { ProductDocumentationAttributes } from '@kbn/product-doc-common';
+import type { DocSearchResult } from '../types';
+
+export const mapResult = (docHit: SearchHit<ProductDocumentationAttributes>): DocSearchResult => {
+  return {
+    title: docHit._source!.content_title,
+    content: docHit._source!.content_body.text,
+    url: docHit._source!.url,
+    productName: docHit._source!.product_name,
+  };
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/tasks/ensure_up_to_date.ts b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/ensure_up_to_date.ts
new file mode 100644
index 0000000000000..d971561914ff1
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/ensure_up_to_date.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type {
+  TaskManagerSetupContract,
+  TaskManagerStartContract,
+} from '@kbn/task-manager-plugin/server';
+import type { InternalServices } from '../types';
+import { isTaskCurrentlyRunningError } from './utils';
+
+export const ENSURE_DOC_UP_TO_DATE_TASK_TYPE = 'ProductDocBase:EnsureUpToDate';
+export const ENSURE_DOC_UP_TO_DATE_TASK_ID = 'ProductDocBase:EnsureUpToDate';
+
+export const registerEnsureUpToDateTaskDefinition = ({
+  getServices,
+  taskManager,
+}: {
+  getServices: () => InternalServices;
+  taskManager: TaskManagerSetupContract;
+}) => {
+  taskManager.registerTaskDefinitions({
+    [ENSURE_DOC_UP_TO_DATE_TASK_TYPE]: {
+      title: 'Ensure product documentation up to date task',
+      timeout: '10m',
+      maxAttempts: 3,
+      createTaskRunner: (context) => {
+        return {
+          async run() {
+            const { packageInstaller } = getServices();
+            return packageInstaller.ensureUpToDate({});
+          },
+        };
+      },
+      stateSchemaByVersion: {},
+    },
+  });
+};
+
+export const scheduleEnsureUpToDateTask = async ({
+  taskManager,
+  logger,
+}: {
+  taskManager: TaskManagerStartContract;
+  logger: Logger;
+}) => {
+  try {
+    await taskManager.ensureScheduled({
+      id: ENSURE_DOC_UP_TO_DATE_TASK_ID,
+      taskType: ENSURE_DOC_UP_TO_DATE_TASK_TYPE,
+      params: {},
+      state: {},
+      scope: ['productDoc'],
+    });
+
+    await taskManager.runSoon(ENSURE_DOC_UP_TO_DATE_TASK_ID);
+
+    logger.info(`Task ${ENSURE_DOC_UP_TO_DATE_TASK_ID} scheduled to run soon`);
+  } catch (e) {
+    if (!isTaskCurrentlyRunningError(e)) {
+      throw e;
+    }
+  }
+
+  return ENSURE_DOC_UP_TO_DATE_TASK_ID;
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/tasks/index.ts b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/index.ts
new file mode 100644
index 0000000000000..0b5833055fd8b
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/index.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TaskManagerSetupContract } from '@kbn/task-manager-plugin/server';
+import type { InternalServices } from '../types';
+import { registerEnsureUpToDateTaskDefinition } from './ensure_up_to_date';
+import { registerInstallAllTaskDefinition } from './install_all';
+import { registerUninstallAllTaskDefinition } from './uninstall_all';
+
+export const registerTaskDefinitions = ({
+  getServices,
+  taskManager,
+}: {
+  getServices: () => InternalServices;
+  taskManager: TaskManagerSetupContract;
+}) => {
+  registerEnsureUpToDateTaskDefinition({ getServices, taskManager });
+  registerInstallAllTaskDefinition({ getServices, taskManager });
+  registerUninstallAllTaskDefinition({ getServices, taskManager });
+};
+
+export { scheduleEnsureUpToDateTask, ENSURE_DOC_UP_TO_DATE_TASK_ID } from './ensure_up_to_date';
+export { scheduleInstallAllTask, INSTALL_ALL_TASK_ID } from './install_all';
+export { scheduleUninstallAllTask, UNINSTALL_ALL_TASK_ID } from './uninstall_all';
+export { waitUntilTaskCompleted, getTaskStatus } from './utils';
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/tasks/install_all.ts b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/install_all.ts
new file mode 100644
index 0000000000000..0d2cc48fb06bb
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/install_all.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type {
+  TaskManagerSetupContract,
+  TaskManagerStartContract,
+} from '@kbn/task-manager-plugin/server';
+import type { InternalServices } from '../types';
+import { isTaskCurrentlyRunningError } from './utils';
+
+export const INSTALL_ALL_TASK_TYPE = 'ProductDocBase:InstallAll';
+export const INSTALL_ALL_TASK_ID = 'ProductDocBase:InstallAll';
+
+export const registerInstallAllTaskDefinition = ({
+  getServices,
+  taskManager,
+}: {
+  getServices: () => InternalServices;
+  taskManager: TaskManagerSetupContract;
+}) => {
+  taskManager.registerTaskDefinitions({
+    [INSTALL_ALL_TASK_TYPE]: {
+      title: 'Install all product documentation artifacts',
+      timeout: '10m',
+      maxAttempts: 3,
+      createTaskRunner: (context) => {
+        return {
+          async run() {
+            const { packageInstaller } = getServices();
+            return packageInstaller.installAll({});
+          },
+        };
+      },
+      stateSchemaByVersion: {},
+    },
+  });
+};
+
+export const scheduleInstallAllTask = async ({
+  taskManager,
+  logger,
+}: {
+  taskManager: TaskManagerStartContract;
+  logger: Logger;
+}) => {
+  try {
+    await taskManager.ensureScheduled({
+      id: INSTALL_ALL_TASK_ID,
+      taskType: INSTALL_ALL_TASK_TYPE,
+      params: {},
+      state: {},
+      scope: ['productDoc'],
+    });
+
+    await taskManager.runSoon(INSTALL_ALL_TASK_ID);
+
+    logger.info(`Task ${INSTALL_ALL_TASK_ID} scheduled to run soon`);
+  } catch (e) {
+    if (!isTaskCurrentlyRunningError(e)) {
+      throw e;
+    }
+  }
+
+  return INSTALL_ALL_TASK_ID;
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/tasks/uninstall_all.ts b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/uninstall_all.ts
new file mode 100644
index 0000000000000..6a88fec205ddd
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/uninstall_all.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type {
+  TaskManagerSetupContract,
+  TaskManagerStartContract,
+} from '@kbn/task-manager-plugin/server';
+import type { InternalServices } from '../types';
+import { isTaskCurrentlyRunningError } from './utils';
+
+export const UNINSTALL_ALL_TASK_TYPE = 'ProductDocBase:UninstallAll';
+export const UNINSTALL_ALL_TASK_ID = 'ProductDocBase:UninstallAll';
+
+export const registerUninstallAllTaskDefinition = ({
+  getServices,
+  taskManager,
+}: {
+  getServices: () => InternalServices;
+  taskManager: TaskManagerSetupContract;
+}) => {
+  taskManager.registerTaskDefinitions({
+    [UNINSTALL_ALL_TASK_TYPE]: {
+      title: 'Uninstall all product documentation artifacts',
+      timeout: '10m',
+      maxAttempts: 3,
+      createTaskRunner: (context) => {
+        return {
+          async run() {
+            const { packageInstaller } = getServices();
+            return packageInstaller.uninstallAll();
+          },
+        };
+      },
+      stateSchemaByVersion: {},
+    },
+  });
+};
+
+export const scheduleUninstallAllTask = async ({
+  taskManager,
+  logger,
+}: {
+  taskManager: TaskManagerStartContract;
+  logger: Logger;
+}) => {
+  try {
+    await taskManager.ensureScheduled({
+      id: UNINSTALL_ALL_TASK_ID,
+      taskType: UNINSTALL_ALL_TASK_TYPE,
+      params: {},
+      state: {},
+      scope: ['productDoc'],
+    });
+
+    await taskManager.runSoon(UNINSTALL_ALL_TASK_ID);
+
+    logger.info(`Task ${UNINSTALL_ALL_TASK_ID} scheduled to run soon`);
+  } catch (e) {
+    if (!isTaskCurrentlyRunningError(e)) {
+      throw e;
+    }
+  }
+
+  return UNINSTALL_ALL_TASK_ID;
+};
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/tasks/utils.ts b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/utils.ts
new file mode 100644
index 0000000000000..e32ea02a11b0c
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/tasks/utils.ts
@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { SavedObjectsErrorHelpers } from '@kbn/core/server';
+import type { TaskManagerStartContract } from '@kbn/task-manager-plugin/server';
+
+export const getTaskStatus = async ({
+  taskManager,
+  taskId,
+}: {
+  taskManager: TaskManagerStartContract;
+  taskId: string;
+}) => {
+  try {
+    const taskInstance = await taskManager.get(taskId);
+    return taskInstance.status;
+  } catch (e) {
+    // not found means the task was completed and the entry removed
+    if (SavedObjectsErrorHelpers.isNotFoundError(e)) {
+      return 'not_scheduled';
+    }
+    throw e;
+  }
+};
+
+export const isTaskCurrentlyRunningError = (err: Error): boolean => {
+  return err.message?.includes('currently running');
+};
+
+export const waitUntilTaskCompleted = async ({
+  taskManager,
+  taskId,
+  timeout = 120_000,
+  interval = 5_000,
+}: {
+  taskManager: TaskManagerStartContract;
+  taskId: string;
+  timeout?: number;
+  interval?: number;
+}): Promise<void> => {
+  const start = Date.now();
+  const max = start + timeout;
+  let now = start;
+  while (now < max) {
+    try {
+      const taskInstance = await taskManager.get(taskId);
+      const { status } = taskInstance;
+      if (status === 'idle' || status === 'claiming' || status === 'running') {
+        await sleep(interval);
+        now = Date.now();
+      } else {
+        return;
+      }
+    } catch (e) {
+      if (SavedObjectsErrorHelpers.isNotFoundError(e)) {
+        // not found means the task was completed and the entry removed
+        return;
+      }
+    }
+  }
+
+  throw new Error(`Timeout waiting for task ${taskId} to complete.`);
+};
+
+const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
diff --git a/x-pack/plugins/ai_infra/product_doc_base/server/types.ts b/x-pack/plugins/ai_infra/product_doc_base/server/types.ts
new file mode 100644
index 0000000000000..f00943b696708
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/server/types.ts
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/logging';
+import type { LicensingPluginStart } from '@kbn/licensing-plugin/server';
+import type {
+  TaskManagerSetupContract,
+  TaskManagerStartContract,
+} from '@kbn/task-manager-plugin/server';
+import type { SearchApi } from './services/search';
+import type { ProductDocInstallClient } from './services/doc_install_status';
+import type { PackageInstaller } from './services/package_installer';
+import type { DocumentationManager, DocumentationManagerAPI } from './services/doc_manager';
+
+/* eslint-disable @typescript-eslint/no-empty-interface*/
+
+export interface ProductDocBaseSetupDependencies {
+  taskManager: TaskManagerSetupContract;
+}
+
+export interface ProductDocBaseStartDependencies {
+  licensing: LicensingPluginStart;
+  taskManager: TaskManagerStartContract;
+}
+
+export interface ProductDocBaseSetupContract {}
+
+export interface ProductDocBaseStartContract {
+  search: SearchApi;
+  management: DocumentationManagerAPI;
+}
+
+export interface InternalServices {
+  logger: Logger;
+  installClient: ProductDocInstallClient;
+  packageInstaller: PackageInstaller;
+  documentationManager: DocumentationManager;
+  licensing: LicensingPluginStart;
+  taskManager: TaskManagerStartContract;
+}
diff --git a/x-pack/plugins/ai_infra/product_doc_base/tsconfig.json b/x-pack/plugins/ai_infra/product_doc_base/tsconfig.json
new file mode 100644
index 0000000000000..9a2d1969556bf
--- /dev/null
+++ b/x-pack/plugins/ai_infra/product_doc_base/tsconfig.json
@@ -0,0 +1,29 @@
+{
+  "extends": "../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types"
+  },
+  "include": [
+    "../../../../typings/**/*",
+    "common/**/*",
+    "public/**/*",
+    "typings/**/*",
+    "public/**/*.json",
+    "server/**/*",
+    "scripts/**/*",
+    ".storybook/**/*"
+  ],
+  "exclude": ["target/**/*", ".storybook/**/*.js"],
+  "kbn_references": [
+    "@kbn/core",
+    "@kbn/logging",
+    "@kbn/config-schema",
+    "@kbn/product-doc-common",
+    "@kbn/core-saved-objects-server",
+    "@kbn/utils",
+    "@kbn/core-http-browser",
+    "@kbn/logging-mocks",
+    "@kbn/licensing-plugin",
+    "@kbn/task-manager-plugin",
+  ]
+}
diff --git a/x-pack/plugins/cloud_defend/server/routes/policies/policies.ts b/x-pack/plugins/cloud_defend/server/routes/policies/policies.ts
index ad40dcf3b693f..48a86733dc0e4 100644
--- a/x-pack/plugins/cloud_defend/server/routes/policies/policies.ts
+++ b/x-pack/plugins/cloud_defend/server/routes/policies/policies.ts
@@ -60,8 +60,10 @@ export const defineGetPoliciesRoute = (router: CloudDefendRouter) =>
     .get({
       access: 'internal',
       path: POLICIES_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-defend-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-defend-read'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/cloud_defend/server/routes/status/status.ts b/x-pack/plugins/cloud_defend/server/routes/status/status.ts
index ff422638f1c8b..d7ba84d2d2108 100644
--- a/x-pack/plugins/cloud_defend/server/routes/status/status.ts
+++ b/x-pack/plugins/cloud_defend/server/routes/status/status.ts
@@ -218,8 +218,10 @@ export const defineGetCloudDefendStatusRoute = (router: CloudDefendRouter) =>
     .get({
       access: 'internal',
       path: STATUS_ROUTE_PATH,
-      options: {
-        tags: ['access:cloud-defend-read'],
+      security: {
+        authz: {
+          requiredPrivileges: ['cloud-defend-read'],
+        },
       },
     })
     .addVersion({ version: '1', validate: {} }, async (context, request, response) => {
diff --git a/x-pack/plugins/elastic_assistant/common/anonymization/index.ts b/x-pack/plugins/elastic_assistant/common/anonymization/index.ts
index ebef2dff8bdef..9b8007a9129bf 100644
--- a/x-pack/plugins/elastic_assistant/common/anonymization/index.ts
+++ b/x-pack/plugins/elastic_assistant/common/anonymization/index.ts
@@ -9,6 +9,7 @@
 export const DEFAULT_ALLOW = [
   '_id',
   '@timestamp',
+  'agent.id',
   'cloud.availability_zone',
   'cloud.provider',
   'cloud.region',
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/defend_insights_schema.mock.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/defend_insights_schema.mock.ts
new file mode 100644
index 0000000000000..d25b8bb09b13d
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/defend_insights_schema.mock.ts
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { estypes } from '@elastic/elasticsearch';
+import { DefendInsightStatus, DefendInsightType } from '@kbn/elastic-assistant-common';
+
+import type { EsDefendInsightSchema } from '../ai_assistant_data_clients/defend_insights/types';
+
+export const getDefendInsightsSearchEsMock = () => {
+  const searchResponse: estypes.SearchResponse<EsDefendInsightSchema> = {
+    took: 0,
+    timed_out: false,
+    _shards: {
+      total: 1,
+      successful: 1,
+      skipped: 0,
+      failed: 0,
+    },
+    hits: {
+      total: {
+        value: 1,
+        relation: 'eq',
+      },
+      max_score: 1,
+      hits: [
+        {
+          _index: '.kibana-elastic-ai-assistant-defend-insights-default',
+          _id: '655c52ec-49ee-4d20-87e5-7edd6d8f84e8',
+          _score: 1,
+          _source: {
+            '@timestamp': '2024-09-24T10:48:46.847Z',
+            created_at: '2024-09-24T10:48:46.847Z',
+            users: [
+              {
+                id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0',
+                name: 'elastic',
+              },
+            ],
+            status: DefendInsightStatus.Enum.succeeded,
+            api_config: {
+              action_type_id: '.bedrock',
+              connector_id: 'ac4e19d1-e2e2-49af-bf4b-59428473101c',
+              model: 'anthropic.claude-3-5-sonnet-20240620-v1:0',
+            },
+            endpoint_ids: ['6e09ec1c-644c-4148-a02d-be451c35400d'],
+            insight_type: DefendInsightType.Enum.incompatible_antivirus,
+            insights: [
+              {
+                group: 'windows_defenders',
+                events: [],
+              },
+            ],
+            updated_at: '2024-09-24T10:48:59.952Z',
+            last_viewed_at: '2024-09-24T10:49:53.522Z',
+            namespace: 'default',
+            id: '655c52ec-49ee-4d20-87e5-7edd6d8f84e8',
+            generation_intervals: [
+              {
+                date: '2024-09-24T10:48:59.952Z',
+                duration_ms: 13113,
+              },
+            ],
+            average_interval_ms: 13113,
+            replacements: [
+              {
+                uuid: '2009c67b-89b8-43d9-b502-2c32f71875a0',
+                value: 'root',
+              },
+              {
+                uuid: '9f7f91b6-6853-48b7-bfb8-403f5efb2364',
+                value: 'joey-dev-default-3539',
+              },
+              {
+                uuid: 'c08e4851-7234-408a-8083-7fd5740e4255',
+                value: 'syslog',
+              },
+              {
+                uuid: '826c58bd-1466-42fd-af1f-9094c155811b',
+                value: 'messagebus',
+              },
+              {
+                uuid: '1f8e3668-c7d7-4fdb-8195-3f337dfe10bf',
+                value: 'polkitd',
+              },
+              {
+                uuid: 'e101d201-c675-47f3-b488-77bd0ce71920',
+                value: 'systemd-network',
+              },
+              {
+                uuid: '0144102f-d69c-43a3-bf3b-04bde7d1b4e8',
+                value: 'systemd-resolve',
+              },
+              {
+                uuid: '00c5a919-949e-4031-956e-3eeb071e9210',
+                value: 'systemd-timesync',
+              },
+            ],
+            events_context_count: 100,
+          },
+        },
+      ],
+    },
+  };
+  return searchResponse;
+};
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
index b62cd24e938eb..26db891242884 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
@@ -11,10 +11,16 @@ import {
   ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID,
   CAPABILITIES,
 } from '../../common/constants';
+import type {
+  DefendInsightsGetRequestQuery,
+  DefendInsightsPostRequestBody,
+} from '@kbn/elastic-assistant-common';
 import {
   AttackDiscoveryPostRequestBody,
   ConversationCreateProps,
   ConversationUpdateProps,
+  DEFEND_INSIGHTS,
+  DEFEND_INSIGHTS_BY_ID,
   ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION,
   ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_FIND,
   ELASTIC_AI_ASSISTANT_CONVERSATIONS_URL,
@@ -235,3 +241,24 @@ export const postAttackDiscoveryRequest = (body: AttackDiscoveryPostRequestBody)
     path: ATTACK_DISCOVERY,
     body,
   });
+
+export const getDefendInsightRequest = (insightId: string) =>
+  requestMock.create({
+    method: 'get',
+    path: DEFEND_INSIGHTS_BY_ID,
+    params: { id: insightId },
+  });
+
+export const getDefendInsightsRequest = (queryParams: DefendInsightsGetRequestQuery) =>
+  requestMock.create({
+    method: 'get',
+    path: DEFEND_INSIGHTS,
+    query: queryParams,
+  });
+
+export const postDefendInsightsRequest = (body: DefendInsightsPostRequestBody) =>
+  requestMock.create({
+    method: 'post',
+    path: DEFEND_INSIGHTS,
+    body,
+  });
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
index 19d98633a83c9..77bd6b00105b6 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
@@ -28,6 +28,7 @@ import {
 } from '../ai_assistant_data_clients/knowledge_base';
 import { defaultAssistantFeatures } from '@kbn/elastic-assistant-common';
 import { AttackDiscoveryDataClient } from '../lib/attack_discovery/persistence';
+import { DefendInsightsDataClient } from '../ai_assistant_data_clients/defend_insights';
 import { authenticatedUser } from './user';
 
 export const createMockClients = () => {
@@ -47,6 +48,7 @@ export const createMockClients = () => {
       getAIAssistantKnowledgeBaseDataClient: knowledgeBaseDataClientMock.create(),
       getAIAssistantPromptsDataClient: dataClientMock.create(),
       getAttackDiscoveryDataClient: attackDiscoveryDataClientMock.create(),
+      getDefendInsightsDataClient: dataClientMock.create(),
       getAIAssistantAnonymizationFieldsDataClient: dataClientMock.create(),
       getSpaceId: jest.fn(),
       getCurrentUser: jest.fn(),
@@ -125,6 +127,10 @@ const createElasticAssistantRequestContextMock = (
       () => clients.elasticAssistant.getAttackDiscoveryDataClient
     ) as unknown as jest.MockInstance<Promise<AttackDiscoveryDataClient | null>, [], unknown> &
       (() => Promise<AttackDiscoveryDataClient | null>),
+    getDefendInsightsDataClient: jest.fn(
+      () => clients.elasticAssistant.getDefendInsightsDataClient
+    ) as unknown as jest.MockInstance<Promise<DefendInsightsDataClient | null>, [], unknown> &
+      (() => Promise<DefendInsightsDataClient | null>),
     getAIAssistantKnowledgeBaseDataClient: jest.fn(
       () => clients.elasticAssistant.getAIAssistantKnowledgeBaseDataClient
     ) as unknown as jest.MockInstance<
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/field_maps_configuration.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/field_maps_configuration.ts
new file mode 100644
index 0000000000000..5769ab4557102
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/field_maps_configuration.ts
@@ -0,0 +1,174 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { FieldMap } from '@kbn/data-stream-adapter';
+
+export const defendInsightsFieldMap: FieldMap = {
+  '@timestamp': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  users: {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'users.id': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'users.name': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  id: {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  last_viewed_at: {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  updated_at: {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  created_at: {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  endpoint_ids: {
+    type: 'keyword',
+    array: true,
+    required: false,
+  },
+  insight_type: {
+    type: 'keyword',
+    required: true,
+  },
+  insights: {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'insights.group': {
+    type: 'keyword',
+    array: true,
+    required: true,
+  },
+  'insights.events': {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'insights.events.endpoint_id': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'insights.events.id': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'insights.events.value': {
+    type: 'text',
+    array: false,
+    required: true,
+  },
+  replacements: {
+    type: 'object',
+    array: false,
+    required: false,
+  },
+  'replacements.value': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'replacements.uuid': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  api_config: {
+    type: 'object',
+    array: false,
+    required: true,
+  },
+  'api_config.connector_id': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'api_config.action_type_id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'api_config.default_system_prompt_id': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'api_config.provider': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'api_config.model': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  events_context_count: {
+    type: 'integer',
+    array: false,
+    required: false,
+  },
+  status: {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  namespace: {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  average_interval_ms: {
+    type: 'integer',
+    array: false,
+    required: false,
+  },
+  failure_reason: {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  generation_intervals: {
+    type: 'nested',
+    array: true,
+    required: false,
+  },
+  'generation_intervals.date': {
+    type: 'date',
+    array: false,
+    required: true,
+  },
+  'generation_intervals.duration_ms': {
+    type: 'integer',
+    array: false,
+    required: true,
+  },
+} as const;
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/get_defend_insight.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/get_defend_insight.test.ts
new file mode 100644
index 0000000000000..415487534a1b6
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/get_defend_insight.test.ts
@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AuthenticatedUser } from '@kbn/core-security-common';
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+
+import { getDefendInsightsSearchEsMock } from '../../__mocks__/defend_insights_schema.mock';
+import { getDefendInsight } from './get_defend_insight';
+
+const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+const mockLogger = loggerMock.create();
+
+const mockResponse = getDefendInsightsSearchEsMock();
+
+const user = {
+  username: 'test_user',
+  profile_uid: '1234',
+  authentication_realm: {
+    type: 'my_realm_type',
+    name: 'my_realm_name',
+  },
+} as AuthenticatedUser;
+const mockRequest = {
+  esClient: mockEsClient,
+  index: 'defend-insights-index',
+  id: 'insight-id',
+  user,
+  logger: mockLogger,
+};
+describe('getDefendInsight', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should get defend insight by id successfully', async () => {
+    mockEsClient.search.mockResolvedValueOnce(mockResponse);
+
+    const response = await getDefendInsight(mockRequest);
+
+    expect(response).not.toBeNull();
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).not.toHaveBeenCalled();
+  });
+
+  it('should return null if no defend insights found', async () => {
+    mockEsClient.search.mockResolvedValueOnce({ ...mockResponse, hits: { hits: [] } });
+
+    const response = await getDefendInsight(mockRequest);
+
+    expect(response).toBeNull();
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).not.toHaveBeenCalled();
+  });
+
+  it('should throw error on elasticsearch search failure', async () => {
+    mockEsClient.search.mockRejectedValueOnce(new Error('Elasticsearch error'));
+
+    await expect(getDefendInsight(mockRequest)).rejects.toThrowError('Elasticsearch error');
+
+    expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+    expect(mockLogger.error).toHaveBeenCalledTimes(1);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/get_defend_insight.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/get_defend_insight.ts
new file mode 100644
index 0000000000000..4eeef2afd8738
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/get_defend_insight.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server';
+import { DefendInsightsResponse } from '@kbn/elastic-assistant-common';
+
+import { EsDefendInsightSchema } from './types';
+import { transformESSearchToDefendInsights } from './helpers';
+
+export interface GetDefendInsightParams {
+  esClient: ElasticsearchClient;
+  logger: Logger;
+  index: string;
+  id: string;
+  user: AuthenticatedUser;
+}
+
+export const getDefendInsight = async ({
+  esClient,
+  logger,
+  index,
+  id,
+  user,
+}: GetDefendInsightParams): Promise<DefendInsightsResponse | null> => {
+  const filterByUser = [
+    {
+      nested: {
+        path: 'users',
+        query: {
+          bool: {
+            must: [
+              {
+                match: user.profile_uid
+                  ? { 'users.id': user.profile_uid }
+                  : { 'users.name': user.username },
+              },
+            ],
+          },
+        },
+      },
+    },
+  ];
+  try {
+    const response = await esClient.search<EsDefendInsightSchema>({
+      query: {
+        bool: {
+          must: [
+            {
+              bool: {
+                should: [
+                  {
+                    term: {
+                      _id: id,
+                    },
+                  },
+                ],
+              },
+            },
+            ...filterByUser,
+          ],
+        },
+      },
+      _source: true,
+      ignore_unavailable: true,
+      index,
+      seq_no_primary_term: true,
+    });
+    const insights = transformESSearchToDefendInsights(response);
+    return insights[0] ?? null;
+  } catch (err) {
+    logger.error(`Error fetching Defend insight: ${err} with id: ${id}`);
+    throw err;
+  }
+};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/helpers.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/helpers.test.ts
new file mode 100644
index 0000000000000..8e0793218154a
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/helpers.test.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { DefendInsightsGetRequestQuery } from '@kbn/elastic-assistant-common';
+
+import { DefendInsightType, DefendInsightStatus } from '@kbn/elastic-assistant-common';
+
+import { queryParamsToEsQuery } from './helpers';
+
+describe('defend insights data client helpers', () => {
+  describe('queryParamsToEsQuery', () => {
+    let queryParams: DefendInsightsGetRequestQuery;
+    let expectedQuery: object[];
+
+    function getDefaultQueryParams(): DefendInsightsGetRequestQuery {
+      return {
+        ids: ['insight-id1', 'insight-id2'],
+        endpoint_ids: ['endpoint-id1', 'endpoint-id2'],
+        connector_id: 'connector-id1',
+        type: DefendInsightType.Enum.incompatible_antivirus,
+        status: DefendInsightStatus.Enum.succeeded,
+      };
+    }
+
+    function getDefaultExpectedQuery(): object[] {
+      return [
+        { terms: { _id: queryParams.ids } },
+        { terms: { endpoint_ids: queryParams.endpoint_ids } },
+        { term: { 'api_config.connector_id': queryParams.connector_id } },
+        { term: { insight_type: queryParams.type } },
+        { term: { status: queryParams.status } },
+      ];
+    }
+
+    beforeEach(() => {
+      queryParams = getDefaultQueryParams();
+      expectedQuery = getDefaultExpectedQuery();
+    });
+
+    it('should correctly convert valid query parameters to Elasticsearch query format', () => {
+      const result = queryParamsToEsQuery(queryParams);
+      expect(result).toEqual(expectedQuery);
+    });
+
+    it('should ignore invalid query parameters', () => {
+      const badParams = {
+        ...queryParams,
+        invalid_param: 'invalid value',
+      };
+
+      const result = queryParamsToEsQuery(badParams);
+      expect(result).toEqual(expectedQuery);
+    });
+
+    it('should handle empty query parameters', () => {
+      const result = queryParamsToEsQuery({});
+      expect(result).toEqual([]);
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/helpers.ts
new file mode 100644
index 0000000000000..b8164f53d9815
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/helpers.ts
@@ -0,0 +1,221 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { get as _get, isArray } from 'lodash';
+
+import type { estypes } from '@elastic/elasticsearch';
+import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
+import type { AuthenticatedUser } from '@kbn/core/server';
+import type {
+  DefendInsightCreateProps,
+  DefendInsightUpdateProps,
+  DefendInsightsResponse,
+  DefendInsightsGetRequestQuery,
+} from '@kbn/elastic-assistant-common';
+
+import type {
+  CreateDefendInsightSchema,
+  EsDefendInsightSchema,
+  UpdateDefendInsightSchema,
+} from './types';
+
+export const transformESSearchToDefendInsights = (
+  response: estypes.SearchResponse<EsDefendInsightSchema>
+): DefendInsightsResponse[] => {
+  return response.hits.hits
+    .filter((hit) => hit._source !== undefined)
+    .map((hit) => {
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+      const insightSchema = hit._source!;
+      const defendInsight: DefendInsightsResponse = {
+        timestamp: insightSchema['@timestamp'],
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        id: hit._id!,
+        backingIndex: hit._index,
+        createdAt: insightSchema.created_at,
+        updatedAt: insightSchema.updated_at,
+        lastViewedAt: insightSchema.last_viewed_at,
+        users:
+          insightSchema.users?.map((user) => ({
+            id: user.id,
+            name: user.name,
+          })) ?? [],
+        namespace: insightSchema.namespace,
+        status: insightSchema.status,
+        eventsContextCount: insightSchema.events_context_count,
+        apiConfig: {
+          connectorId: insightSchema.api_config.connector_id,
+          actionTypeId: insightSchema.api_config.action_type_id,
+          defaultSystemPromptId: insightSchema.api_config.default_system_prompt_id,
+          model: insightSchema.api_config.model,
+          provider: insightSchema.api_config.provider,
+        },
+        endpointIds: insightSchema.endpoint_ids,
+        insightType: insightSchema.insight_type,
+        insights: insightSchema.insights.map((insight) => ({
+          group: insight.group,
+          events: insight.events?.map((event) => ({
+            id: event.id,
+            endpointId: event.endpoint_id,
+            value: event.value,
+          })),
+        })),
+        replacements: insightSchema.replacements?.reduce((acc: Record<string, string>, r) => {
+          acc[r.uuid] = r.value;
+          return acc;
+        }, {}),
+        generationIntervals:
+          insightSchema.generation_intervals?.map((interval) => ({
+            date: interval.date,
+            durationMs: interval.duration_ms,
+          })) ?? [],
+        averageIntervalMs: insightSchema.average_interval_ms ?? 0,
+        failureReason: insightSchema.failure_reason,
+      };
+
+      return defendInsight;
+    });
+};
+
+export const transformToCreateScheme = (
+  createdAt: string,
+  spaceId: string,
+  user: AuthenticatedUser,
+  {
+    endpointIds,
+    insightType,
+    insights,
+    apiConfig,
+    eventsContextCount,
+    replacements,
+    status,
+  }: DefendInsightCreateProps
+): CreateDefendInsightSchema => {
+  return {
+    '@timestamp': createdAt,
+    created_at: createdAt,
+    users: [
+      {
+        id: user.profile_uid,
+        name: user.username,
+      },
+    ],
+    status,
+    api_config: {
+      action_type_id: apiConfig.actionTypeId,
+      connector_id: apiConfig.connectorId,
+      default_system_prompt_id: apiConfig.defaultSystemPromptId,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    },
+    events_context_count: eventsContextCount,
+    endpoint_ids: endpointIds,
+    insight_type: insightType,
+    insights: insights?.map((insight) => ({
+      group: insight.group,
+      events: insight.events?.map((event) => ({
+        id: event.id,
+        endpoint_id: event.endpointId,
+        value: event.value,
+      })),
+    })),
+    updated_at: createdAt,
+    last_viewed_at: createdAt,
+    replacements: replacements
+      ? Object.keys(replacements).map((key) => ({
+          uuid: key,
+          value: replacements[key],
+        }))
+      : undefined,
+    namespace: spaceId,
+  };
+};
+
+export const transformToUpdateScheme = (
+  updatedAt: string,
+  {
+    eventsContextCount,
+    apiConfig,
+    insights,
+    failureReason,
+    generationIntervals,
+    id,
+    replacements,
+    lastViewedAt,
+    status,
+  }: DefendInsightUpdateProps
+): UpdateDefendInsightSchema => {
+  const averageIntervalMsObj =
+    generationIntervals && generationIntervals.length > 0
+      ? {
+          average_interval_ms: Math.trunc(
+            generationIntervals.reduce((acc, interval) => acc + interval.durationMs, 0) /
+              generationIntervals.length
+          ),
+          generation_intervals: generationIntervals.map((interval) => ({
+            date: interval.date,
+            duration_ms: interval.durationMs,
+          })),
+        }
+      : {};
+  return {
+    events_context_count: eventsContextCount,
+    ...(apiConfig
+      ? {
+          api_config: {
+            action_type_id: apiConfig.actionTypeId,
+            connector_id: apiConfig.connectorId,
+            default_system_prompt_id: apiConfig.defaultSystemPromptId,
+            model: apiConfig.model,
+            provider: apiConfig.provider,
+          },
+        }
+      : {}),
+    ...(insights
+      ? {
+          insights: insights.map((insight) => ({
+            group: insight.group,
+            events: insight.events?.map((event) => ({
+              id: event.id,
+              endpoint_id: event.endpointId,
+              value: event.value,
+            })),
+          })),
+        }
+      : {}),
+    failure_reason: failureReason,
+    id,
+    replacements: replacements
+      ? Object.keys(replacements).map((key) => ({
+          uuid: key,
+          value: replacements[key],
+        }))
+      : undefined,
+    ...(status ? { status } : {}),
+    // only update updated_at time if this is not an update to last_viewed_at
+    ...(lastViewedAt ? { last_viewed_at: lastViewedAt } : { updated_at: updatedAt }),
+    ...averageIntervalMsObj,
+  };
+};
+
+const validParams = new Set(['ids', 'endpoint_ids', 'connector_id', 'type', 'status']);
+const paramKeyMap = { ids: '_id', connector_id: 'api_config.connector_id', type: 'insight_type' };
+export function queryParamsToEsQuery(
+  queryParams: DefendInsightsGetRequestQuery
+): QueryDslQueryContainer[] {
+  return Object.entries(queryParams).reduce((acc: object[], [k, v]) => {
+    if (!validParams.has(k)) {
+      return acc;
+    }
+
+    const filterKey = isArray(v) ? 'terms' : 'term';
+    const paramKey = _get(paramKeyMap, k, k);
+    const next = { [filterKey]: { [paramKey]: v } };
+
+    return [...acc, next];
+  }, []);
+}
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/index.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/index.test.ts
new file mode 100644
index 0000000000000..704ee9b962554
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/index.test.ts
@@ -0,0 +1,410 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import type { AuthenticatedUser } from '@kbn/core-security-common';
+import type {
+  DefendInsightCreateProps,
+  DefendInsightsUpdateProps,
+  DefendInsightsGetRequestQuery,
+  DefendInsightsResponse,
+} from '@kbn/elastic-assistant-common';
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { DefendInsightStatus, DefendInsightType } from '@kbn/elastic-assistant-common';
+
+import type { AIAssistantDataClientParams } from '..';
+
+import { getDefendInsightsSearchEsMock } from '../../__mocks__/defend_insights_schema.mock';
+import { getDefendInsight } from './get_defend_insight';
+import {
+  queryParamsToEsQuery,
+  transformESSearchToDefendInsights,
+  transformToUpdateScheme,
+} from './helpers';
+import { DefendInsightsDataClient } from '.';
+
+jest.mock('./get_defend_insight');
+jest.mock('./helpers', () => {
+  const original = jest.requireActual('./helpers');
+  return {
+    ...original,
+    queryParamsToEsQuery: jest.fn(),
+  };
+});
+
+describe('DefendInsightsDataClient', () => {
+  const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+  const mockLogger = loggerMock.create();
+  const mockGetDefendInsight = jest.mocked(getDefendInsight);
+  let user: AuthenticatedUser;
+  let dataClientParams: AIAssistantDataClientParams;
+  let dataClient: DefendInsightsDataClient;
+
+  function getDefaultUser(): AuthenticatedUser {
+    return {
+      username: 'test_user',
+      profile_uid: '1234',
+      authentication_realm: {
+        type: 'my_realm_type',
+        name: 'my_realm_name',
+      },
+    } as AuthenticatedUser;
+  }
+
+  function getDefaultDataClientParams(): AIAssistantDataClientParams {
+    return {
+      logger: mockLogger,
+      currentUser: user,
+      elasticsearchClientPromise: new Promise((resolve) => resolve(mockEsClient)),
+      indexPatternsResourceName: 'defend-insights-index',
+      kibanaVersion: '9.0.0',
+      spaceId: 'space-1',
+    } as AIAssistantDataClientParams;
+  }
+
+  beforeEach(() => {
+    user = getDefaultUser();
+    dataClientParams = getDefaultDataClientParams();
+    dataClient = new DefendInsightsDataClient(dataClientParams);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('getDefendInsight', () => {
+    it('should correctly get defend insight', async () => {
+      const id = 'some-id';
+      mockGetDefendInsight.mockResolvedValueOnce({ id } as DefendInsightsResponse);
+      const response = await dataClient.getDefendInsight({ id, authenticatedUser: user });
+
+      expect(mockGetDefendInsight).toHaveBeenCalledTimes(1);
+      expect(response).not.toBeNull();
+      expect(response!.id).toEqual(id);
+    });
+  });
+
+  describe('createDefendInsight', () => {
+    const defendInsightCreate: DefendInsightCreateProps = {
+      endpointIds: [],
+      insightType: DefendInsightType.Enum.incompatible_antivirus,
+      insights: [],
+      apiConfig: {
+        actionTypeId: 'action-type-id',
+        connectorId: 'connector-id',
+        defaultSystemPromptId: 'default-prompt-id',
+        model: 'model-name',
+        provider: 'OpenAI',
+      },
+      eventsContextCount: 10,
+      replacements: { key1: 'value1', key2: 'value2' },
+      status: DefendInsightStatus.Enum.running,
+    };
+
+    it('should create defend insight successfully', async () => {
+      const id = 'created-id';
+      // @ts-expect-error not full response interface
+      mockEsClient.create.mockResolvedValueOnce({ _id: id });
+      mockGetDefendInsight.mockResolvedValueOnce({ id } as DefendInsightsResponse);
+
+      const response = await dataClient.createDefendInsight({
+        defendInsightCreate,
+        authenticatedUser: user,
+      });
+      expect(mockEsClient.create).toHaveBeenCalledTimes(1);
+      expect(mockGetDefendInsight).toHaveBeenCalledTimes(1);
+      expect(response).not.toBeNull();
+      expect(response!.id).toEqual(id);
+    });
+
+    it('should throw error on elasticsearch create failure', async () => {
+      mockEsClient.create.mockRejectedValueOnce(new Error('Elasticsearch error'));
+      const responsePromise = dataClient.createDefendInsight({
+        defendInsightCreate,
+        authenticatedUser: user,
+      });
+      await expect(responsePromise).rejects.toThrowError('Elasticsearch error');
+      expect(mockEsClient.create).toHaveBeenCalledTimes(1);
+      expect(mockGetDefendInsight).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('findDefendInsightsByParams', () => {
+    let mockQueryParamsToEsQuery: Function;
+    let queryParams: DefendInsightsGetRequestQuery;
+    let expectedTermFilters: object[];
+
+    function getDefaultQueryParams() {
+      return {
+        ids: ['insight-id1', 'insight-id2'],
+        endpoint_ids: ['endpoint-id1', 'endpoint-id2'],
+        connector_id: 'connector-id1',
+        type: DefendInsightType.Enum.incompatible_antivirus,
+        status: DefendInsightStatus.Enum.succeeded,
+      };
+    }
+
+    function getDefaultExpectedTermFilters() {
+      return [
+        { terms: { _id: queryParams.ids } },
+        { terms: { endpoint_ids: queryParams.endpoint_ids } },
+        { term: { 'api_config.connector_id': queryParams.connector_id } },
+        { term: { insight_type: queryParams.type } },
+        { term: { status: queryParams.status } },
+      ];
+    }
+
+    beforeEach(() => {
+      queryParams = getDefaultQueryParams();
+      expectedTermFilters = getDefaultExpectedTermFilters();
+      mockQueryParamsToEsQuery = jest
+        .mocked(queryParamsToEsQuery)
+        .mockReturnValueOnce(expectedTermFilters);
+    });
+
+    it('should return defend insights successfully', async () => {
+      const mockResponse = getDefendInsightsSearchEsMock();
+      mockEsClient.search.mockResolvedValueOnce(mockResponse);
+
+      const result = await dataClient.findDefendInsightsByParams({
+        params: queryParams,
+        authenticatedUser: user,
+      });
+      const expectedResult = transformESSearchToDefendInsights(mockResponse);
+
+      expect(mockQueryParamsToEsQuery).toHaveBeenCalledTimes(1);
+      expect(mockQueryParamsToEsQuery).toHaveBeenCalledWith(queryParams);
+      expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+      expect(mockEsClient.search).toHaveBeenCalledWith(
+        expect.objectContaining({
+          index: `${dataClientParams.indexPatternsResourceName}-${dataClientParams.spaceId}`,
+          size: 10,
+          sort: [
+            {
+              '@timestamp': 'desc',
+            },
+          ],
+          query: {
+            bool: {
+              must: [
+                ...expectedTermFilters,
+                {
+                  nested: {
+                    path: 'users',
+                    query: {
+                      bool: {
+                        must: [
+                          {
+                            match: { 'users.id': user.profile_uid },
+                          },
+                        ],
+                      },
+                    },
+                  },
+                },
+              ],
+            },
+          },
+        })
+      );
+      expect(result).toEqual(expectedResult);
+    });
+
+    it('should log and throw an error if search fails', async () => {
+      const mockError = new Error('Search failed');
+      mockEsClient.search.mockRejectedValue(mockError);
+
+      await expect(
+        dataClient.findDefendInsightsByParams({
+          params: queryParams,
+          authenticatedUser: user,
+        })
+      ).rejects.toThrow(mockError);
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        `error fetching Defend insights: ${mockError} with params: ${JSON.stringify(queryParams)}`
+      );
+    });
+  });
+
+  describe('findAllDefendInsights', () => {
+    it('should correctly query ES', async () => {
+      const mockResponse = getDefendInsightsSearchEsMock();
+      mockEsClient.search.mockResolvedValueOnce(mockResponse);
+      const searchParams = {
+        query: {
+          bool: {
+            must: [
+              {
+                nested: {
+                  path: 'users',
+                  query: {
+                    bool: {
+                      must: [
+                        {
+                          match: { 'users.id': user.profile_uid },
+                        },
+                      ],
+                    },
+                  },
+                },
+              },
+            ],
+          },
+        },
+        size: 10000,
+        _source: true,
+        ignore_unavailable: true,
+        index: `${dataClientParams.indexPatternsResourceName}-${dataClientParams.spaceId}`,
+        seq_no_primary_term: true,
+      };
+
+      const response = await dataClient.findAllDefendInsights({
+        authenticatedUser: user,
+      });
+      expect(response).not.toBeNull();
+      expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+      expect(mockEsClient.search).toHaveBeenCalledWith(searchParams);
+    });
+
+    it('should throw error on elasticsearch search failure', async () => {
+      mockEsClient.search.mockRejectedValueOnce(new Error('Elasticsearch error'));
+      await expect(
+        dataClient.findAllDefendInsights({
+          authenticatedUser: user,
+        })
+      ).rejects.toThrowError('Elasticsearch error');
+      expect(mockEsClient.search).toHaveBeenCalledTimes(1);
+      expect(mockLogger.error).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  describe('updateDefendInsights', () => {
+    let defendInsightsUpdateProps: DefendInsightsUpdateProps;
+
+    function getDefaultProps() {
+      return [
+        {
+          id: 'insight-id1',
+          backingIndex: 'defend-insights-index',
+          status: DefendInsightStatus.Enum.succeeded,
+          insights: [
+            {
+              group: 'windows_defender',
+              events: [
+                {
+                  id: 'event-id-1',
+                  endpointId: 'endpoint-id-1',
+                  value: '/windows/defender/scan.exe',
+                },
+              ],
+            },
+          ],
+        },
+      ];
+    }
+
+    beforeEach(async () => {
+      defendInsightsUpdateProps = getDefaultProps();
+    });
+
+    it('should update defend insights successfully', async () => {
+      // ensure startTime is before updatedAt timestamp
+      const startTime = new Date().getTime() - 1;
+      const mockResponse: DefendInsightsResponse[] = [
+        { id: defendInsightsUpdateProps[0].id } as DefendInsightsResponse,
+      ];
+
+      const findDefendInsightsByParamsSpy = jest.spyOn(dataClient, 'findDefendInsightsByParams');
+      findDefendInsightsByParamsSpy.mockResolvedValueOnce(mockResponse);
+
+      const result = await dataClient.updateDefendInsights({
+        defendInsightsUpdateProps,
+        authenticatedUser: user,
+      });
+      const expectedDoc = transformToUpdateScheme('', defendInsightsUpdateProps[0]);
+      delete expectedDoc.updated_at;
+
+      expect(mockEsClient.bulk).toHaveBeenCalledTimes(1);
+      expect(mockEsClient.bulk).toHaveBeenCalledWith({
+        body: [
+          {
+            update: {
+              _index: defendInsightsUpdateProps[0].backingIndex,
+              _id: defendInsightsUpdateProps[0].id,
+            },
+          },
+          {
+            doc: expect.objectContaining({ ...expectedDoc }),
+          },
+        ],
+        refresh: 'wait_for',
+      });
+      const updatedAt = (mockEsClient.bulk.mock.calls[0][0] as { body: any[] }).body[1].doc
+        .updated_at;
+      expect(new Date(updatedAt).getTime()).toBeGreaterThan(startTime);
+      expect(dataClient.findDefendInsightsByParams).toHaveBeenCalledTimes(1);
+      expect(dataClient.findDefendInsightsByParams).toHaveBeenCalledWith({
+        params: { ids: [defendInsightsUpdateProps[0].id] },
+        authenticatedUser: user,
+      });
+      expect(result).toEqual(mockResponse);
+    });
+
+    it('should log a warning and throw an error if update fails', async () => {
+      const mockError = new Error('Update failed');
+      mockEsClient.bulk.mockRejectedValue(mockError);
+
+      await expect(
+        dataClient.updateDefendInsights({
+          defendInsightsUpdateProps,
+          authenticatedUser: user,
+        })
+      ).rejects.toThrow(mockError);
+
+      expect(mockLogger.warn).toHaveBeenCalledWith(
+        `error updating Defend insights: ${mockError} for IDs: ${defendInsightsUpdateProps[0].id}`
+      );
+    });
+  });
+
+  describe('updateDefendInsight', () => {
+    it('correctly calls updateDefendInsights', async () => {
+      const defendInsightUpdateProps = {
+        id: 'insight-id1',
+        backingIndex: 'defend-insights-index',
+        status: DefendInsightStatus.Enum.succeeded,
+        insights: [
+          {
+            group: 'windows_defender',
+            events: [
+              {
+                id: 'event-id-1',
+                endpointId: 'endpoint-id-1',
+                value: '/windows/defender/scan.exe',
+              },
+            ],
+          },
+        ],
+      };
+      const updateDefendInsightsSpy = jest.spyOn(dataClient, 'updateDefendInsights');
+      updateDefendInsightsSpy.mockResolvedValueOnce([]);
+      await dataClient.updateDefendInsight({
+        defendInsightUpdateProps,
+        authenticatedUser: user,
+      });
+
+      expect(updateDefendInsightsSpy).toHaveBeenCalledTimes(1);
+      expect(updateDefendInsightsSpy).toHaveBeenCalledWith({
+        defendInsightsUpdateProps: [defendInsightUpdateProps],
+        authenticatedUser: user,
+      });
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/index.ts
new file mode 100644
index 0000000000000..b5cbbd6cd18a2
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/index.ts
@@ -0,0 +1,286 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { v4 as uuidv4 } from 'uuid';
+
+import type {
+  DefendInsightCreateProps,
+  DefendInsightUpdateProps,
+  DefendInsightsUpdateProps,
+  DefendInsightsResponse,
+  DefendInsightsGetRequestQuery,
+} from '@kbn/elastic-assistant-common';
+import type { AuthenticatedUser } from '@kbn/core-security-common';
+
+import type { AIAssistantDataClientParams } from '..';
+import type { EsDefendInsightSchema } from './types';
+
+import { AIAssistantDataClient } from '..';
+import { getDefendInsight } from './get_defend_insight';
+import {
+  queryParamsToEsQuery,
+  transformESSearchToDefendInsights,
+  transformToCreateScheme,
+  transformToUpdateScheme,
+} from './helpers';
+
+const DEFAULT_PAGE_SIZE = 10;
+
+export class DefendInsightsDataClient extends AIAssistantDataClient {
+  constructor(public readonly options: AIAssistantDataClientParams) {
+    super(options);
+  }
+
+  /**
+   * Fetches a Defend insight
+   * @param options
+   * @param options.id The existing Defend insight id.
+   * @param options.authenticatedUser Current authenticated user.
+   * @returns The Defend insight response
+   */
+  public getDefendInsight = async ({
+    id,
+    authenticatedUser,
+  }: {
+    id: string;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<DefendInsightsResponse | null> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    return getDefendInsight({
+      esClient,
+      logger: this.options.logger,
+      index: this.indexTemplateAndPattern.alias,
+      id,
+      user: authenticatedUser,
+    });
+  };
+
+  /**
+   * Creates a Defend insight, if given at least the "apiConfig"
+   * @param options
+   * @param options.defendInsightCreate
+   * @param options.authenticatedUser
+   * @returns The Defend insight created
+   */
+  public createDefendInsight = async ({
+    defendInsightCreate,
+    authenticatedUser,
+  }: {
+    defendInsightCreate: DefendInsightCreateProps;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<DefendInsightsResponse | null> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    const logger = this.options.logger;
+    const index = this.indexTemplateAndPattern.alias;
+    const user = authenticatedUser;
+    const id = defendInsightCreate?.id || uuidv4();
+    const createdAt = new Date().toISOString();
+
+    const body = transformToCreateScheme(createdAt, this.spaceId, user, defendInsightCreate);
+    try {
+      const response = await esClient.create({
+        body,
+        id,
+        index,
+        refresh: 'wait_for',
+      });
+
+      const createdDefendInsight = await getDefendInsight({
+        esClient,
+        index,
+        id: response._id,
+        logger,
+        user,
+      });
+      return createdDefendInsight;
+    } catch (err) {
+      logger.error(`error creating Defend insight: ${err} with id: ${id}`);
+      throw err;
+    }
+  };
+
+  /**
+   * Find Defend insights by params
+   * @param options
+   * @param options.params
+   * @param options.authenticatedUser
+   * @returns The Defend insights found
+   */
+  public findDefendInsightsByParams = async ({
+    params,
+    authenticatedUser,
+  }: {
+    params: DefendInsightsGetRequestQuery;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<DefendInsightsResponse[]> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    const logger = this.options.logger;
+    const index = this.indexTemplateAndPattern.alias;
+    const user = authenticatedUser;
+    const termFilters = queryParamsToEsQuery(params);
+    const filterByUser = [
+      {
+        nested: {
+          path: 'users',
+          query: {
+            bool: {
+              must: [
+                {
+                  match: user.profile_uid
+                    ? { 'users.id': user.profile_uid }
+                    : { 'users.name': user.username },
+                },
+              ],
+            },
+          },
+        },
+      },
+    ];
+
+    try {
+      const query = {
+        bool: {
+          must: [...termFilters, ...filterByUser],
+        },
+      };
+      const response = await esClient.search<EsDefendInsightSchema>({
+        query,
+        _source: true,
+        ignore_unavailable: true,
+        index,
+        seq_no_primary_term: true,
+        sort: [{ '@timestamp': 'desc' }],
+        size: params.size || DEFAULT_PAGE_SIZE,
+      });
+      return transformESSearchToDefendInsights(response);
+    } catch (err) {
+      logger.error(`error fetching Defend insights: ${err} with params: ${JSON.stringify(params)}`);
+      throw err;
+    }
+  };
+
+  /**
+   * Finds all Defend insight for authenticated user
+   * @param options
+   * @param options.authenticatedUser
+   * @returns The Defend insight
+   */
+  public findAllDefendInsights = async ({
+    authenticatedUser,
+  }: {
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<DefendInsightsResponse[]> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    const logger = this.options.logger;
+    const index = this.indexTemplateAndPattern.alias;
+    const user = authenticatedUser;
+    const MAX_ITEMS = 10000;
+    const filterByUser = [
+      {
+        nested: {
+          path: 'users',
+          query: {
+            bool: {
+              must: [
+                {
+                  match: user.profile_uid
+                    ? { 'users.id': user.profile_uid }
+                    : { 'users.name': user.username },
+                },
+              ],
+            },
+          },
+        },
+      },
+    ];
+
+    try {
+      const response = await esClient.search<EsDefendInsightSchema>({
+        query: {
+          bool: {
+            must: [...filterByUser],
+          },
+        },
+        size: MAX_ITEMS,
+        _source: true,
+        ignore_unavailable: true,
+        index,
+        seq_no_primary_term: true,
+      });
+      const insights = transformESSearchToDefendInsights(response);
+      return insights ?? [];
+    } catch (err) {
+      logger.error(`error fetching Defend insights: ${err}`);
+      throw err;
+    }
+  };
+
+  /**
+   * Updates Defend insights
+   * @param options
+   * @param options.defendInsightsUpdateProps
+   * @param options.authenticatedUser
+   */
+  public updateDefendInsights = async ({
+    defendInsightsUpdateProps,
+    authenticatedUser,
+  }: {
+    defendInsightsUpdateProps: DefendInsightsUpdateProps;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<DefendInsightsResponse[]> => {
+    const esClient = await this.options.elasticsearchClientPromise;
+    const logger = this.options.logger;
+    const updatedAt = new Date().toISOString();
+
+    let ids: string[] = [];
+    const bulkParams = defendInsightsUpdateProps.flatMap((updateProp) => {
+      const index = updateProp.backingIndex;
+      const params = transformToUpdateScheme(updatedAt, updateProp);
+      ids = [...ids, params.id];
+      return [
+        {
+          update: {
+            _index: index,
+            _id: params.id,
+          },
+        },
+        {
+          doc: params,
+        },
+      ];
+    });
+
+    try {
+      await esClient.bulk({ body: bulkParams, refresh: 'wait_for' });
+      return this.findDefendInsightsByParams({ params: { ids }, authenticatedUser });
+    } catch (err) {
+      logger.warn(`error updating Defend insights: ${err} for IDs: ${ids}`);
+      throw err;
+    }
+  };
+
+  /**
+   * Updates a Defend insight
+   * @param options
+   * @param options.defendInsightUpdateProps
+   * @param options.authenticatedUser
+   */
+  public updateDefendInsight = async ({
+    defendInsightUpdateProps,
+    authenticatedUser,
+  }: {
+    defendInsightUpdateProps: DefendInsightUpdateProps;
+    authenticatedUser: AuthenticatedUser;
+  }): Promise<DefendInsightsResponse | null> => {
+    return (
+      await this.updateDefendInsights({
+        defendInsightsUpdateProps: [defendInsightUpdateProps],
+        authenticatedUser,
+      })
+    )[0];
+  };
+}
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/types.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/types.ts
new file mode 100644
index 0000000000000..f04c7ef505c2f
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/defend_insights/types.ts
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  DefendInsightStatus,
+  DefendInsightType,
+  Provider,
+  UUID,
+} from '@kbn/elastic-assistant-common';
+
+import type { EsReplacementSchema } from '../conversations/types';
+
+interface DefendInsightInsightEventSchema {
+  id: string;
+  endpoint_id: string;
+  value: string;
+}
+
+interface DefendInsightInsightSchema {
+  group: string;
+  events?: DefendInsightInsightEventSchema[];
+}
+
+interface BaseDefendInsightSchema {
+  '@timestamp': string;
+  created_at: string;
+  updated_at: string;
+  last_viewed_at: string;
+  status: DefendInsightStatus;
+  events_context_count?: number;
+  endpoint_ids: string[];
+  insight_type: DefendInsightType;
+  insights: DefendInsightInsightSchema[];
+  api_config: {
+    connector_id: string;
+    action_type_id: string;
+    default_system_prompt_id?: string;
+    provider?: Provider;
+    model?: string;
+  };
+  replacements?: EsReplacementSchema[];
+}
+
+export interface EsDefendInsightSchema extends BaseDefendInsightSchema {
+  id: string;
+  namespace: string;
+  failure_reason?: string;
+  users?: Array<{
+    id?: string;
+    name?: string;
+  }>;
+  average_interval_ms?: number;
+  generation_intervals?: Array<{ date: string; duration_ms: number }>;
+}
+
+export interface CreateDefendInsightSchema extends BaseDefendInsightSchema {
+  id?: string | undefined;
+  users: Array<{
+    id?: string;
+    name?: string;
+  }>;
+  namespace: string;
+}
+
+export interface UpdateDefendInsightSchema {
+  id: UUID;
+  '@timestamp'?: string;
+  updated_at?: string;
+  last_viewed_at?: string;
+  status?: DefendInsightStatus;
+  events_context_count?: number;
+  insights?: DefendInsightInsightSchema[];
+  api_config?: {
+    action_type_id?: string;
+    connector_id?: string;
+    default_system_prompt_id?: string;
+    provider?: Provider;
+    model?: string;
+  };
+  replacements?: EsReplacementSchema[];
+  average_interval_ms?: number;
+  generation_intervals?: Array<{ date: string; duration_ms: number }>;
+  failure_reason?: string;
+}
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts
index fb3ffe7442c17..4bfd4da6cfcbf 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts
@@ -141,7 +141,7 @@ describe('AI Assistant Service', () => {
 
       expect(assistantService.isInitialized()).toEqual(true);
 
-      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(5);
+      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(6);
 
       const expectedTemplates = [
         '.kibana-elastic-ai-assistant-component-template-conversations',
@@ -149,6 +149,7 @@ describe('AI Assistant Service', () => {
         '.kibana-elastic-ai-assistant-component-template-prompts',
         '.kibana-elastic-ai-assistant-component-template-anonymization-fields',
         '.kibana-elastic-ai-assistant-component-template-attack-discovery',
+        '.kibana-elastic-ai-assistant-component-template-defend-insights',
       ];
       expectedTemplates.forEach((t, i) => {
         expect(clusterClient.cluster.putComponentTemplate.mock.calls[i][0].name).toEqual(t);
@@ -650,7 +651,7 @@ describe('AI Assistant Service', () => {
         'AI Assistant service initialized',
         async () => assistantService.isInitialized() === true
       );
-      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(7);
+      expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(8);
 
       const expectedTemplates = [
         '.kibana-elastic-ai-assistant-component-template-conversations',
@@ -660,6 +661,7 @@ describe('AI Assistant Service', () => {
         '.kibana-elastic-ai-assistant-component-template-prompts',
         '.kibana-elastic-ai-assistant-component-template-anonymization-fields',
         '.kibana-elastic-ai-assistant-component-template-attack-discovery',
+        '.kibana-elastic-ai-assistant-component-template-defend-insights',
       ];
       expectedTemplates.forEach((t, i) => {
         expect(clusterClient.cluster.putComponentTemplate.mock.calls[i][0].name).toEqual(t);
@@ -684,7 +686,7 @@ describe('AI Assistant Service', () => {
         async () => (await getSpaceResourcesInitialized(assistantService)) === true
       );
 
-      expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledTimes(7);
+      expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledTimes(8);
       const expectedTemplates = [
         '.kibana-elastic-ai-assistant-index-template-conversations',
         '.kibana-elastic-ai-assistant-index-template-conversations',
@@ -693,6 +695,7 @@ describe('AI Assistant Service', () => {
         '.kibana-elastic-ai-assistant-index-template-prompts',
         '.kibana-elastic-ai-assistant-index-template-anonymization-fields',
         '.kibana-elastic-ai-assistant-index-template-attack-discovery',
+        '.kibana-elastic-ai-assistant-index-template-defend-insights',
       ];
       expectedTemplates.forEach((t, i) => {
         expect(clusterClient.indices.putIndexTemplate.mock.calls[i][0].name).toEqual(t);
@@ -716,7 +719,7 @@ describe('AI Assistant Service', () => {
         async () => (await getSpaceResourcesInitialized(assistantService)) === true
       );
 
-      expect(clusterClient.indices.putSettings).toHaveBeenCalledTimes(7);
+      expect(clusterClient.indices.putSettings).toHaveBeenCalledTimes(8);
     });
 
     test('should retry updating index mappings for existing indices for transient ES errors', async () => {
@@ -736,7 +739,7 @@ describe('AI Assistant Service', () => {
         async () => (await getSpaceResourcesInitialized(assistantService)) === true
       );
 
-      expect(clusterClient.indices.putMapping).toHaveBeenCalledTimes(7);
+      expect(clusterClient.indices.putMapping).toHaveBeenCalledTimes(8);
     });
 
     test('should retry creating concrete index for transient ES errors', async () => {
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
index d7eff095b4be5..81ddd69fb67d3 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
@@ -13,6 +13,7 @@ import type { MlPluginSetup } from '@kbn/ml-plugin/server';
 import { Subject } from 'rxjs';
 import { LicensingApiRequestHandlerContext } from '@kbn/licensing-plugin/server';
 import { attackDiscoveryFieldMap } from '../lib/attack_discovery/persistence/field_maps_configuration/field_maps_configuration';
+import { defendInsightsFieldMap } from '../ai_assistant_data_clients/defend_insights/field_maps_configuration';
 import { getDefaultAnonymizationFields } from '../../common/anonymization';
 import { AssistantResourceNames, GetElser } from '../types';
 import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations';
@@ -33,6 +34,7 @@ import {
   GetAIAssistantKnowledgeBaseDataClientParams,
 } from '../ai_assistant_data_clients/knowledge_base';
 import { AttackDiscoveryDataClient } from '../lib/attack_discovery/persistence';
+import { DefendInsightsDataClient } from '../ai_assistant_data_clients/defend_insights';
 import { createGetElserId, createPipeline, pipelineExists } from './helpers';
 import { hasAIAssistantLicense } from '../routes/helpers';
 
@@ -64,7 +66,8 @@ export type CreateDataStream = (params: {
     | 'conversations'
     | 'knowledgeBase'
     | 'prompts'
-    | 'attackDiscovery';
+    | 'attackDiscovery'
+    | 'defendInsights';
   fieldMap: FieldMap;
   kibanaVersion: string;
   spaceId?: string;
@@ -79,6 +82,7 @@ export class AIAssistantService {
   private promptsDataStream: DataStreamSpacesAdapter;
   private anonymizationFieldsDataStream: DataStreamSpacesAdapter;
   private attackDiscoveryDataStream: DataStreamSpacesAdapter;
+  private defendInsightsDataStream: DataStreamSpacesAdapter;
   private resourceInitializationHelper: ResourceInstallationHelper;
   private initPromise: Promise<InitializationPromise>;
   private isKBSetupInProgress: boolean = false;
@@ -112,6 +116,11 @@ export class AIAssistantService {
       kibanaVersion: options.kibanaVersion,
       fieldMap: attackDiscoveryFieldMap,
     });
+    this.defendInsightsDataStream = this.createDataStream({
+      resource: 'defendInsights',
+      kibanaVersion: options.kibanaVersion,
+      fieldMap: defendInsightsFieldMap,
+    });
 
     this.initPromise = this.initializeResources();
 
@@ -222,6 +231,12 @@ export class AIAssistantService {
         logger: this.options.logger,
         pluginStop$: this.options.pluginStop$,
       });
+
+      await this.defendInsightsDataStream.install({
+        esClient,
+        logger: this.options.logger,
+        pluginStop$: this.options.pluginStop$,
+      });
     } catch (error) {
       this.options.logger.warn(`Error initializing AI assistant resources: ${error.message}`);
       this.initialized = false;
@@ -240,6 +255,7 @@ export class AIAssistantService {
       prompts: getResourceName('component-template-prompts'),
       anonymizationFields: getResourceName('component-template-anonymization-fields'),
       attackDiscovery: getResourceName('component-template-attack-discovery'),
+      defendInsights: getResourceName('component-template-defend-insights'),
     },
     aliases: {
       conversations: getResourceName('conversations'),
@@ -247,6 +263,7 @@ export class AIAssistantService {
       prompts: getResourceName('prompts'),
       anonymizationFields: getResourceName('anonymization-fields'),
       attackDiscovery: getResourceName('attack-discovery'),
+      defendInsights: getResourceName('defend-insights'),
     },
     indexPatterns: {
       conversations: getResourceName('conversations*'),
@@ -254,6 +271,7 @@ export class AIAssistantService {
       prompts: getResourceName('prompts*'),
       anonymizationFields: getResourceName('anonymization-fields*'),
       attackDiscovery: getResourceName('attack-discovery*'),
+      defendInsights: getResourceName('defend-insights*'),
     },
     indexTemplate: {
       conversations: getResourceName('index-template-conversations'),
@@ -261,6 +279,7 @@ export class AIAssistantService {
       prompts: getResourceName('index-template-prompts'),
       anonymizationFields: getResourceName('index-template-anonymization-fields'),
       attackDiscovery: getResourceName('index-template-attack-discovery'),
+      defendInsights: getResourceName('index-template-defend-insights'),
     },
     pipelines: {
       knowledgeBase: getResourceName('ingest-pipeline-knowledge-base'),
@@ -393,6 +412,25 @@ export class AIAssistantService {
     });
   }
 
+  public async createDefendInsightsDataClient(
+    opts: CreateAIAssistantClientParams
+  ): Promise<DefendInsightsDataClient | null> {
+    const res = await this.checkResourcesInstallation(opts);
+
+    if (res === null) {
+      return null;
+    }
+
+    return new DefendInsightsDataClient({
+      logger: this.options.logger.get('defendInsights'),
+      currentUser: opts.currentUser,
+      elasticsearchClientPromise: this.options.elasticsearchClientPromise,
+      indexPatternsResourceName: this.resourceNames.aliases.defendInsights,
+      kibanaVersion: this.options.kibanaVersion,
+      spaceId: opts.spaceId,
+    });
+  }
+
   public async createAIAssistantPromptsDataClient(
     opts: CreateAIAssistantClientParams
   ): Promise<AIAssistantDataClient | null> {
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/helpers.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/helpers.ts
index 133419f45d175..9b2d444d643e4 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/helpers.ts
@@ -6,7 +6,7 @@
  */
 
 import { KibanaRequest } from '@kbn/core-http-server';
-import type { Message } from '@kbn/elastic-assistant-common';
+import type { DefendInsightsPostRequestBody, Message } from '@kbn/elastic-assistant-common';
 import { AIMessage, BaseMessage, HumanMessage, SystemMessage } from '@langchain/core/messages';
 import {
   AttackDiscoveryPostRequestBody,
@@ -36,7 +36,7 @@ export const requestHasRequiredAnonymizationParams = (
   request: KibanaRequest<
     unknown,
     unknown,
-    ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody
+    ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody | DefendInsightsPostRequestBody
   >
 ): boolean => {
   const { replacements } = request?.body ?? {};
diff --git a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts
index 1087703ba13a4..92330b4960e76 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts
@@ -411,6 +411,100 @@ export const CREATE_KNOWLEDGE_BASE_ENTRY_ERROR_EVENT: EventTypeOpts<{
   },
 };
 
+export const DEFEND_INSIGHT_SUCCESS_EVENT: EventTypeOpts<{
+  actionTypeId: string;
+  eventsContextCount: number;
+  insightsGenerated: number;
+  durationMs: number;
+  model?: string;
+  provider?: string;
+}> = {
+  eventType: 'defend_insight_success',
+  schema: {
+    actionTypeId: {
+      type: 'keyword',
+      _meta: {
+        description: 'Kibana connector type',
+        optional: false,
+      },
+    },
+    eventsContextCount: {
+      type: 'integer',
+      _meta: {
+        description: 'Number of events sent as context to the LLM',
+        optional: false,
+      },
+    },
+    insightsGenerated: {
+      type: 'integer',
+      _meta: {
+        description: 'Quantity of Defend insights generated',
+        optional: false,
+      },
+    },
+    durationMs: {
+      type: 'integer',
+      _meta: {
+        description: 'Duration of request in ms',
+        optional: false,
+      },
+    },
+    model: {
+      type: 'keyword',
+      _meta: {
+        description: 'LLM model',
+        optional: true,
+      },
+    },
+    provider: {
+      type: 'keyword',
+      _meta: {
+        description: 'OpenAI provider',
+        optional: true,
+      },
+    },
+  },
+};
+
+export const DEFEND_INSIGHT_ERROR_EVENT: EventTypeOpts<{
+  actionTypeId: string;
+  errorMessage: string;
+  model?: string;
+  provider?: string;
+}> = {
+  eventType: 'defend_insight_error',
+  schema: {
+    actionTypeId: {
+      type: 'keyword',
+      _meta: {
+        description: 'Kibana connector type',
+        optional: false,
+      },
+    },
+    errorMessage: {
+      type: 'keyword',
+      _meta: {
+        description: 'Error message from Elasticsearch',
+      },
+    },
+
+    model: {
+      type: 'keyword',
+      _meta: {
+        description: 'LLM model',
+        optional: true,
+      },
+    },
+    provider: {
+      type: 'keyword',
+      _meta: {
+        description: 'OpenAI provider',
+        optional: true,
+      },
+    },
+  },
+};
+
 export const events: Array<EventTypeOpts<{ [key: string]: unknown }>> = [
   KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT,
   KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT,
@@ -420,4 +514,6 @@ export const events: Array<EventTypeOpts<{ [key: string]: unknown }>> = [
   INVOKE_ASSISTANT_ERROR_EVENT,
   ATTACK_DISCOVERY_SUCCESS_EVENT,
   ATTACK_DISCOVERY_ERROR_EVENT,
+  DEFEND_INSIGHT_SUCCESS_EVENT,
+  DEFEND_INSIGHT_ERROR_EVENT,
 ];
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insight.test.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insight.test.ts
new file mode 100644
index 0000000000000..fa3ff15027e23
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insight.test.ts
@@ -0,0 +1,149 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import type { AuthenticatedUser } from '@kbn/core-security-common';
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+
+import type { DefendInsightsDataClient } from '../../ai_assistant_data_clients/defend_insights';
+
+import { transformESSearchToDefendInsights } from '../../ai_assistant_data_clients/defend_insights/helpers';
+import { getDefendInsightsSearchEsMock } from '../../__mocks__/defend_insights_schema.mock';
+import { getDefendInsightRequest } from '../../__mocks__/request';
+import {
+  ElasticAssistantRequestHandlerContextMock,
+  requestContextMock,
+} from '../../__mocks__/request_context';
+import { serverMock } from '../../__mocks__/server';
+import { isDefendInsightsEnabled, updateDefendInsightLastViewedAt } from './helpers';
+import { getDefendInsightRoute } from './get_defend_insight';
+
+jest.mock('./helpers');
+
+describe('getDefendInsightRoute', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let context: ElasticAssistantRequestHandlerContextMock;
+  let mockUser: AuthenticatedUser;
+  let mockDataClient: DefendInsightsDataClient;
+  let mockCurrentInsight: any;
+
+  function getDefaultUser(): AuthenticatedUser {
+    return {
+      username: 'my_username',
+      authentication_realm: {
+        type: 'my_realm_type',
+        name: 'my_realm_name',
+      },
+    } as AuthenticatedUser;
+  }
+
+  function getDefaultDataClient(): DefendInsightsDataClient {
+    return {
+      findDefendInsightByConnectorId: jest.fn(),
+      updateDefendInsight: jest.fn(),
+      createDefendInsight: jest.fn(),
+      getDefendInsight: jest.fn(),
+    } as unknown as DefendInsightsDataClient;
+  }
+
+  beforeEach(() => {
+    const tools = requestContextMock.createTools();
+    context = tools.context;
+    server = serverMock.create();
+    tools.clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient();
+
+    mockUser = getDefaultUser();
+    mockDataClient = getDefaultDataClient();
+    mockCurrentInsight = transformESSearchToDefendInsights(getDefendInsightsSearchEsMock())[0];
+
+    context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser);
+    context.elasticAssistant.getDefendInsightsDataClient.mockResolvedValue(mockDataClient);
+    getDefendInsightRoute(server.router);
+    (updateDefendInsightLastViewedAt as jest.Mock).mockResolvedValue(mockCurrentInsight);
+    (isDefendInsightsEnabled as jest.Mock).mockReturnValue(true);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should handle successful request', async () => {
+    const response = await server.inject(
+      getDefendInsightRequest('insight-id1'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({
+      data: mockCurrentInsight,
+    });
+  });
+
+  it('should 404 if feature flag disabled', async () => {
+    (isDefendInsightsEnabled as jest.Mock).mockReturnValueOnce(false);
+    const response = await server.inject(
+      getDefendInsightRequest('insight-id1'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(404);
+  });
+
+  it('should handle missing authenticated user', async () => {
+    context.elasticAssistant.getCurrentUser.mockReturnValueOnce(null);
+    const response = await server.inject(
+      getDefendInsightRequest('insight-id1'),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(401);
+    expect(response.body).toEqual({
+      message: 'Authenticated user not found',
+      status_code: 401,
+    });
+  });
+
+  it('should handle missing data client', async () => {
+    context.elasticAssistant.getDefendInsightsDataClient.mockResolvedValueOnce(null);
+    const response = await server.inject(
+      getDefendInsightRequest('insight-id1'),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: 'Defend insights data client not initialized',
+      status_code: 500,
+    });
+  });
+
+  it('should handle updateDefendInsightLastViewedAt empty array', async () => {
+    (updateDefendInsightLastViewedAt as jest.Mock).mockResolvedValueOnce([]);
+    const response = await server.inject(
+      getDefendInsightRequest('insight-id1'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({ data: [] });
+  });
+
+  it('should handle updateDefendInsightLastViewedAt error', async () => {
+    (updateDefendInsightLastViewedAt as jest.Mock).mockRejectedValueOnce(new Error('Oh no!'));
+    const response = await server.inject(
+      getDefendInsightRequest('insight-id1'),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: {
+        error: 'Oh no!',
+        success: false,
+      },
+      status_code: 500,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insight.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insight.ts
new file mode 100644
index 0000000000000..5766b3d1b014b
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insight.ts
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IKibanaResponse } from '@kbn/core/server';
+
+import { IRouter, Logger } from '@kbn/core/server';
+import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
+import {
+  DEFEND_INSIGHTS_BY_ID,
+  DefendInsightGetResponse,
+  DefendInsightGetRequestParams,
+  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+} from '@kbn/elastic-assistant-common';
+import { transformError } from '@kbn/securitysolution-es-utils';
+
+import { buildResponse } from '../../lib/build_response';
+import { ElasticAssistantRequestHandlerContext } from '../../types';
+import { isDefendInsightsEnabled, updateDefendInsightLastViewedAt } from './helpers';
+
+export const getDefendInsightRoute = (router: IRouter<ElasticAssistantRequestHandlerContext>) => {
+  router.versioned
+    .get({
+      access: 'internal',
+      path: DEFEND_INSIGHTS_BY_ID,
+      options: {
+        tags: ['access:elasticAssistant'],
+      },
+    })
+    .addVersion(
+      {
+        version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        validate: {
+          request: {
+            params: buildRouteValidationWithZod(DefendInsightGetRequestParams),
+          },
+          response: {
+            200: {
+              body: { custom: buildRouteValidationWithZod(DefendInsightGetResponse) },
+            },
+          },
+        },
+      },
+      async (context, request, response): Promise<IKibanaResponse<DefendInsightGetResponse>> => {
+        const resp = buildResponse(response);
+        const assistantContext = await context.elasticAssistant;
+        const logger: Logger = assistantContext.logger;
+        try {
+          const isEnabled = isDefendInsightsEnabled({
+            request,
+            logger,
+            assistantContext,
+          });
+          if (!isEnabled) {
+            return response.notFound();
+          }
+
+          const dataClient = await assistantContext.getDefendInsightsDataClient();
+          const authenticatedUser = assistantContext.getCurrentUser();
+          if (authenticatedUser == null) {
+            return resp.error({
+              body: `Authenticated user not found`,
+              statusCode: 401,
+            });
+          }
+          if (!dataClient) {
+            return resp.error({
+              body: `Defend insights data client not initialized`,
+              statusCode: 500,
+            });
+          }
+
+          const defendInsight = await updateDefendInsightLastViewedAt({
+            dataClient,
+            id: request.params.id,
+            authenticatedUser,
+          });
+
+          return response.ok({
+            body: { data: defendInsight },
+          });
+        } catch (err) {
+          logger.error(err);
+          const error = transformError(err);
+
+          return resp.error({
+            body: { success: false, error: error.message },
+            statusCode: error.statusCode,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insights.test.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insights.test.ts
new file mode 100644
index 0000000000000..b27d71a690b6c
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insights.test.ts
@@ -0,0 +1,149 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import type { AuthenticatedUser } from '@kbn/core-security-common';
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+
+import type { DefendInsightsDataClient } from '../../ai_assistant_data_clients/defend_insights';
+
+import { transformESSearchToDefendInsights } from '../../ai_assistant_data_clients/defend_insights/helpers';
+import { getDefendInsightsSearchEsMock } from '../../__mocks__/defend_insights_schema.mock';
+import { getDefendInsightsRequest } from '../../__mocks__/request';
+import {
+  ElasticAssistantRequestHandlerContextMock,
+  requestContextMock,
+} from '../../__mocks__/request_context';
+import { serverMock } from '../../__mocks__/server';
+import { isDefendInsightsEnabled, updateDefendInsightsLastViewedAt } from './helpers';
+import { getDefendInsightsRoute } from './get_defend_insights';
+
+jest.mock('./helpers');
+
+describe('getDefendInsightsRoute', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let context: ElasticAssistantRequestHandlerContextMock;
+  let mockUser: AuthenticatedUser;
+  let mockDataClient: DefendInsightsDataClient;
+  let mockCurrentInsights: any;
+
+  function getDefaultUser(): AuthenticatedUser {
+    return {
+      username: 'my_username',
+      authentication_realm: {
+        type: 'my_realm_type',
+        name: 'my_realm_name',
+      },
+    } as AuthenticatedUser;
+  }
+
+  function getDefaultDataClient(): DefendInsightsDataClient {
+    return {
+      findDefendInsightByConnectorId: jest.fn(),
+      updateDefendInsight: jest.fn(),
+      createDefendInsight: jest.fn(),
+      getDefendInsight: jest.fn(),
+    } as unknown as DefendInsightsDataClient;
+  }
+
+  beforeEach(() => {
+    const tools = requestContextMock.createTools();
+    context = tools.context;
+    server = serverMock.create();
+    tools.clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient();
+
+    mockUser = getDefaultUser();
+    mockDataClient = getDefaultDataClient();
+    mockCurrentInsights = transformESSearchToDefendInsights(getDefendInsightsSearchEsMock());
+
+    context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser);
+    context.elasticAssistant.getDefendInsightsDataClient.mockResolvedValue(mockDataClient);
+    getDefendInsightsRoute(server.router);
+    (updateDefendInsightsLastViewedAt as jest.Mock).mockResolvedValue(mockCurrentInsights);
+    (isDefendInsightsEnabled as jest.Mock).mockReturnValue(true);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should handle successful request', async () => {
+    const response = await server.inject(
+      getDefendInsightsRequest({ connector_id: 'connector-id1' }),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({
+      data: mockCurrentInsights,
+    });
+  });
+
+  it('should 404 if feature flag disabled', async () => {
+    (isDefendInsightsEnabled as jest.Mock).mockReturnValueOnce(false);
+    const response = await server.inject(
+      getDefendInsightsRequest({ connector_id: 'connector-id1' }),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(404);
+  });
+
+  it('should handle missing authenticated user', async () => {
+    context.elasticAssistant.getCurrentUser.mockReturnValueOnce(null);
+    const response = await server.inject(
+      getDefendInsightsRequest({ connector_id: 'connector-id1' }),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(401);
+    expect(response.body).toEqual({
+      message: 'Authenticated user not found',
+      status_code: 401,
+    });
+  });
+
+  it('should handle missing data client', async () => {
+    context.elasticAssistant.getDefendInsightsDataClient.mockResolvedValueOnce(null);
+    const response = await server.inject(
+      getDefendInsightsRequest({ connector_id: 'connector-id1' }),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: 'Defend insights data client not initialized',
+      status_code: 500,
+    });
+  });
+
+  it('should handle updateDefendInsightsLastViewedAt empty array', async () => {
+    (updateDefendInsightsLastViewedAt as jest.Mock).mockResolvedValueOnce([]);
+    const response = await server.inject(
+      getDefendInsightsRequest({ connector_id: 'connector-id1' }),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual({ data: [] });
+  });
+
+  it('should handle updateDefendInsightsLastViewedAt error', async () => {
+    (updateDefendInsightsLastViewedAt as jest.Mock).mockRejectedValueOnce(new Error('Oh no!'));
+    const response = await server.inject(
+      getDefendInsightsRequest({ connector_id: 'connector-id1' }),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: {
+        error: 'Oh no!',
+        success: false,
+      },
+      status_code: 500,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insights.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insights.ts
new file mode 100644
index 0000000000000..e980c9be0915d
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/get_defend_insights.ts
@@ -0,0 +1,98 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IKibanaResponse } from '@kbn/core/server';
+
+import { IRouter, Logger } from '@kbn/core/server';
+import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
+import {
+  DEFEND_INSIGHTS,
+  DefendInsightsGetResponse,
+  DefendInsightsGetRequestQuery,
+  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+} from '@kbn/elastic-assistant-common';
+import { transformError } from '@kbn/securitysolution-es-utils';
+
+import { buildResponse } from '../../lib/build_response';
+import { ElasticAssistantRequestHandlerContext } from '../../types';
+import { isDefendInsightsEnabled, updateDefendInsightsLastViewedAt } from './helpers';
+
+export const getDefendInsightsRoute = (router: IRouter<ElasticAssistantRequestHandlerContext>) => {
+  router.versioned
+    .get({
+      access: 'internal',
+      path: DEFEND_INSIGHTS,
+      options: {
+        tags: ['access:elasticAssistant'],
+      },
+    })
+    .addVersion(
+      {
+        version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        validate: {
+          request: {
+            query: buildRouteValidationWithZod(DefendInsightsGetRequestQuery),
+          },
+          response: {
+            200: {
+              body: { custom: buildRouteValidationWithZod(DefendInsightsGetResponse) },
+            },
+          },
+        },
+      },
+      async (context, request, response): Promise<IKibanaResponse<DefendInsightsGetResponse>> => {
+        const resp = buildResponse(response);
+        const assistantContext = await context.elasticAssistant;
+        const logger: Logger = assistantContext.logger;
+        try {
+          const isEnabled = isDefendInsightsEnabled({
+            request,
+            logger,
+            assistantContext,
+          });
+          if (!isEnabled) {
+            return response.notFound();
+          }
+
+          const dataClient = await assistantContext.getDefendInsightsDataClient();
+
+          const authenticatedUser = assistantContext.getCurrentUser();
+          if (authenticatedUser == null) {
+            return resp.error({
+              body: `Authenticated user not found`,
+              statusCode: 401,
+            });
+          }
+          if (!dataClient) {
+            return resp.error({
+              body: `Defend insights data client not initialized`,
+              statusCode: 500,
+            });
+          }
+
+          const defendInsights = await updateDefendInsightsLastViewedAt({
+            dataClient,
+            params: request.query,
+            authenticatedUser,
+          });
+          return response.ok({
+            body: {
+              data: defendInsights,
+            },
+          });
+        } catch (err) {
+          logger.error(err);
+          const error = transformError(err);
+
+          return resp.error({
+            body: { success: false, error: error.message },
+            statusCode: error.statusCode,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/helpers.test.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/helpers.test.ts
new file mode 100644
index 0000000000000..22e89202e638b
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/helpers.test.ts
@@ -0,0 +1,255 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import moment from 'moment';
+
+import {
+  DEFEND_INSIGHTS_TOOL_ID,
+  DefendInsightStatus,
+  DefendInsightType,
+} from '@kbn/elastic-assistant-common';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
+
+import {
+  DEFEND_INSIGHT_ERROR_EVENT,
+  DEFEND_INSIGHT_SUCCESS_EVENT,
+} from '../../lib/telemetry/event_based_telemetry';
+import {
+  getAssistantTool,
+  getAssistantToolParams,
+  handleToolError,
+  updateDefendInsights,
+  updateDefendInsightLastViewedAt,
+} from './helpers';
+
+describe('defend insights route helpers', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('getAssistantTool', () => {
+    it('should return the defend-insights tool', () => {
+      const getRegisteredTools = jest.fn().mockReturnValue([{ id: DEFEND_INSIGHTS_TOOL_ID }]);
+      const result = getAssistantTool(getRegisteredTools, 'pluginName');
+      expect(result).toEqual({ id: DEFEND_INSIGHTS_TOOL_ID });
+    });
+  });
+
+  describe('getAssistantToolParams', () => {
+    it('should return the correct tool params', () => {
+      const params = {
+        endpointIds: ['endpoint-id1'],
+        insightType: DefendInsightType.Enum.incompatible_antivirus,
+        actionsClient: {} as any,
+        anonymizationFields: [],
+        apiConfig: { connectorId: 'connector-id1', actionTypeId: 'action-type-id1' },
+        esClient: {} as any,
+        connectorTimeout: 1000,
+        langChainTimeout: 1000,
+        langSmithProject: 'project',
+        langSmithApiKey: 'apiKey',
+        logger: {} as any,
+        latestReplacements: {},
+        onNewReplacements: jest.fn(),
+        request: {} as any,
+      };
+      const result = getAssistantToolParams(params);
+
+      expect(result).toHaveProperty('endpointIds', params.endpointIds);
+      expect(result).toHaveProperty('insightType', params.insightType);
+      expect(result).toHaveProperty('llm');
+    });
+  });
+
+  describe('handleToolError', () => {
+    it('should handle tool error and update defend insight', async () => {
+      const params = {
+        apiConfig: {
+          connectorId: 'connector-id1',
+          actionTypeId: 'action-type-id1',
+          model: 'model',
+          provider: OpenAiProviderType.OpenAi,
+        },
+        defendInsightId: 'id',
+        authenticatedUser: {} as any,
+        dataClient: {
+          getDefendInsight: jest.fn().mockResolvedValueOnce({
+            status: DefendInsightStatus.Enum.running,
+            backingIndex: 'index',
+          }),
+          updateDefendInsight: jest.fn(),
+        } as any,
+        err: new Error('error'),
+        latestReplacements: {},
+        logger: { error: jest.fn() } as any,
+        telemetry: { reportEvent: jest.fn() } as any,
+      };
+      await handleToolError(params);
+
+      expect(params.dataClient.updateDefendInsight).toHaveBeenCalledTimes(1);
+      expect(params.telemetry.reportEvent).toHaveBeenCalledWith(
+        DEFEND_INSIGHT_ERROR_EVENT.eventType,
+        expect.any(Object)
+      );
+    });
+  });
+
+  describe('updateDefendInsights', () => {
+    it('should update defend insights', async () => {
+      const params = {
+        apiConfig: {
+          connectorId: 'connector-id1',
+          actionTypeId: 'action-type-id1',
+          model: 'model',
+          provider: OpenAiProviderType.OpenAi,
+        },
+        defendInsightId: 'insight-id1',
+        authenticatedUser: {} as any,
+        dataClient: {
+          getDefendInsight: jest.fn().mockResolvedValueOnce({
+            status: DefendInsightStatus.Enum.running,
+            backingIndex: 'backing-index-name',
+            generationIntervals: [],
+          }),
+          updateDefendInsight: jest.fn(),
+        } as any,
+        latestReplacements: {},
+        logger: { error: jest.fn() } as any,
+        rawDefendInsights: '{"eventsContextCount": 5, "insights": ["insight1", "insight2"]}',
+        startTime: moment(),
+        telemetry: { reportEvent: jest.fn() } as any,
+      };
+      await updateDefendInsights(params);
+
+      expect(params.dataClient.getDefendInsight).toHaveBeenCalledTimes(1);
+      expect(params.dataClient.getDefendInsight).toHaveBeenCalledWith({
+        id: params.defendInsightId,
+        authenticatedUser: params.authenticatedUser,
+      });
+      expect(params.dataClient.updateDefendInsight).toHaveBeenCalledTimes(1);
+      expect(params.dataClient.updateDefendInsight).toHaveBeenCalledWith({
+        defendInsightUpdateProps: {
+          eventsContextCount: 5,
+          insights: ['insight1', 'insight2'],
+          status: DefendInsightStatus.Enum.succeeded,
+          generationIntervals: expect.arrayContaining([
+            expect.objectContaining({
+              date: expect.any(String),
+              durationMs: expect.any(Number),
+            }),
+          ]),
+          id: params.defendInsightId,
+          replacements: params.latestReplacements,
+          backingIndex: 'backing-index-name',
+        },
+        authenticatedUser: params.authenticatedUser,
+      });
+      expect(params.telemetry.reportEvent).toHaveBeenCalledWith(
+        DEFEND_INSIGHT_SUCCESS_EVENT.eventType,
+        expect.any(Object)
+      );
+    });
+
+    it('should handle error if rawDefendInsights is null', async () => {
+      const params = {
+        apiConfig: {
+          connectorId: 'connector-id1',
+          actionTypeId: 'action-type-id1',
+          model: 'model',
+          provider: OpenAiProviderType.OpenAi,
+        },
+        defendInsightId: 'id',
+        authenticatedUser: {} as any,
+        dataClient: {
+          getDefendInsight: jest.fn().mockResolvedValueOnce({
+            status: DefendInsightStatus.Enum.running,
+            backingIndex: 'index',
+            generationIntervals: [],
+          }),
+          updateDefendInsight: jest.fn(),
+        } as any,
+        latestReplacements: {},
+        logger: { error: jest.fn() } as any,
+        rawDefendInsights: null,
+        startTime: moment(),
+        telemetry: { reportEvent: jest.fn() } as any,
+      };
+      await updateDefendInsights(params);
+
+      expect(params.logger.error).toHaveBeenCalledTimes(1);
+      expect(params.telemetry.reportEvent).toHaveBeenCalledTimes(1);
+      expect(params.telemetry.reportEvent).toHaveBeenCalledWith(
+        DEFEND_INSIGHT_ERROR_EVENT.eventType,
+        expect.any(Object)
+      );
+    });
+  });
+
+  describe('updateDefendInsightLastViewedAt', () => {
+    it('should update lastViewedAt time', async () => {
+      // ensure difference regardless of processing speed
+      const startTime = new Date().getTime() - 1;
+      const insightId = 'defend-insight-id1';
+      const backingIndex = 'backing-index';
+      const params = {
+        id: insightId,
+        authenticatedUser: {} as any,
+        dataClient: {
+          findDefendInsightsByParams: jest
+            .fn()
+            .mockResolvedValueOnce([{ id: insightId, backingIndex }]),
+          updateDefendInsights: jest.fn().mockResolvedValueOnce([{ id: insightId }]),
+        } as any,
+      };
+      const result = await updateDefendInsightLastViewedAt(params);
+
+      expect(params.dataClient.findDefendInsightsByParams).toHaveBeenCalledTimes(1);
+      expect(params.dataClient.findDefendInsightsByParams).toHaveBeenCalledWith({
+        params: { ids: [insightId] },
+        authenticatedUser: params.authenticatedUser,
+      });
+      expect(params.dataClient.updateDefendInsights).toHaveBeenCalledTimes(1);
+      expect(params.dataClient.updateDefendInsights).toHaveBeenCalledWith({
+        defendInsightsUpdateProps: [
+          expect.objectContaining({
+            id: insightId,
+            backingIndex,
+          }),
+        ],
+        authenticatedUser: params.authenticatedUser,
+      });
+      expect(
+        new Date(
+          params.dataClient.updateDefendInsights.mock.calls[0][0].defendInsightsUpdateProps[0].lastViewedAt
+        ).getTime()
+      ).toBeGreaterThan(startTime);
+      expect(result).toEqual({ id: insightId });
+    });
+
+    it('should return undefined if defend insight not found', async () => {
+      const insightId = 'defend-insight-id1';
+      const params = {
+        id: insightId,
+        authenticatedUser: {} as any,
+        dataClient: {
+          findDefendInsightsByParams: jest.fn().mockResolvedValueOnce([]),
+          updateDefendInsight: jest.fn(),
+        } as any,
+      };
+      const result = await updateDefendInsightLastViewedAt(params);
+
+      expect(params.dataClient.findDefendInsightsByParams).toHaveBeenCalledTimes(1);
+      expect(params.dataClient.findDefendInsightsByParams).toHaveBeenCalledWith({
+        params: { ids: [insightId] },
+        authenticatedUser: params.authenticatedUser,
+      });
+      expect(result).toBeUndefined();
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/helpers.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/helpers.ts
new file mode 100644
index 0000000000000..e67f00ef6514c
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/helpers.ts
@@ -0,0 +1,387 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import moment, { Moment } from 'moment';
+
+import type {
+  AnalyticsServiceSetup,
+  AuthenticatedUser,
+  KibanaRequest,
+  Logger,
+} from '@kbn/core/server';
+import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import type {
+  ApiConfig,
+  DefendInsight,
+  DefendInsightGenerationInterval,
+  DefendInsightsPostRequestBody,
+  DefendInsightsResponse,
+  Replacements,
+} from '@kbn/elastic-assistant-common';
+import type { AnonymizationFieldResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
+import type { ActionsClient } from '@kbn/actions-plugin/server';
+
+import { ActionsClientLlm } from '@kbn/langchain/server';
+import { getLangSmithTracer } from '@kbn/langchain/server/tracers/langsmith';
+import { PublicMethodsOf } from '@kbn/utility-types';
+import { transformError } from '@kbn/securitysolution-es-utils';
+import {
+  DEFEND_INSIGHTS_TOOL_ID,
+  DefendInsightStatus,
+  DefendInsightType,
+  DefendInsightsGetRequestQuery,
+} from '@kbn/elastic-assistant-common';
+
+import type { GetRegisteredTools } from '../../services/app_context';
+import type { AssistantTool, ElasticAssistantApiRequestHandlerContext } from '../../types';
+
+import { DefendInsightsDataClient } from '../../ai_assistant_data_clients/defend_insights';
+import {
+  DEFEND_INSIGHT_ERROR_EVENT,
+  DEFEND_INSIGHT_SUCCESS_EVENT,
+} from '../../lib/telemetry/event_based_telemetry';
+import { getLlmType } from '../utils';
+import { DEFAULT_PLUGIN_NAME, getPluginNameFromRequest } from '../helpers';
+
+function getDataFromJSON(defendInsightStringified: string): {
+  eventsContextCount: number;
+  insights: DefendInsight[];
+} {
+  const { eventsContextCount, insights } = JSON.parse(defendInsightStringified);
+  return { eventsContextCount, insights };
+}
+
+function addGenerationInterval(
+  generationIntervals: DefendInsightGenerationInterval[],
+  generationInterval: DefendInsightGenerationInterval
+): DefendInsightGenerationInterval[] {
+  const newGenerationIntervals = [generationInterval, ...generationIntervals];
+
+  const MAX_GENERATION_INTERVALS = 5;
+  if (newGenerationIntervals.length > MAX_GENERATION_INTERVALS) {
+    return newGenerationIntervals.slice(0, MAX_GENERATION_INTERVALS); // Return the first MAX_GENERATION_INTERVALS items
+  }
+
+  return newGenerationIntervals;
+}
+
+export function isDefendInsightsEnabled({
+  request,
+  logger,
+  assistantContext,
+}: {
+  request: KibanaRequest;
+  logger: Logger;
+  assistantContext: ElasticAssistantApiRequestHandlerContext;
+}): boolean {
+  const pluginName = getPluginNameFromRequest({
+    request,
+    logger,
+    defaultPluginName: DEFAULT_PLUGIN_NAME,
+  });
+
+  return assistantContext.getRegisteredFeatures(pluginName).defendInsights;
+}
+
+export function getAssistantTool(
+  getRegisteredTools: GetRegisteredTools,
+  pluginName: string
+): AssistantTool | undefined {
+  const assistantTools = getRegisteredTools(pluginName);
+  return assistantTools.find((tool) => tool.id === DEFEND_INSIGHTS_TOOL_ID);
+}
+
+export function getAssistantToolParams({
+  endpointIds,
+  insightType,
+  actionsClient,
+  anonymizationFields,
+  apiConfig,
+  esClient,
+  connectorTimeout,
+  langChainTimeout,
+  langSmithProject,
+  langSmithApiKey,
+  logger,
+  latestReplacements,
+  onNewReplacements,
+  request,
+}: {
+  endpointIds: string[];
+  insightType: DefendInsightType;
+  actionsClient: PublicMethodsOf<ActionsClient>;
+  anonymizationFields?: AnonymizationFieldResponse[];
+  apiConfig: ApiConfig;
+  esClient: ElasticsearchClient;
+  connectorTimeout: number;
+  langChainTimeout: number;
+  langSmithProject?: string;
+  langSmithApiKey?: string;
+  logger: Logger;
+  latestReplacements: Replacements;
+  onNewReplacements: (newReplacements: Replacements) => void;
+  request: KibanaRequest<unknown, unknown, DefendInsightsPostRequestBody>;
+}): {
+  endpointIds: string[];
+  insightType: DefendInsightType;
+  anonymizationFields?: AnonymizationFieldResponse[];
+  esClient: ElasticsearchClient;
+  langChainTimeout: number;
+  llm: ActionsClientLlm;
+  logger: Logger;
+  replacements: Replacements;
+  onNewReplacements: (newReplacements: Replacements) => void;
+  request: KibanaRequest<unknown, unknown, DefendInsightsPostRequestBody>;
+  modelExists: boolean;
+  isEnabledKnowledgeBase: boolean;
+} {
+  const traceOptions = {
+    projectName: langSmithProject,
+    tracers: [
+      ...getLangSmithTracer({
+        apiKey: langSmithApiKey,
+        projectName: langSmithProject,
+        logger,
+      }),
+    ],
+  };
+
+  const llm = new ActionsClientLlm({
+    actionsClient,
+    connectorId: apiConfig.connectorId,
+    llmType: getLlmType(apiConfig.actionTypeId),
+    logger,
+    temperature: 0, // zero temperature because we want structured JSON output
+    timeout: connectorTimeout,
+    traceOptions,
+  });
+
+  return {
+    endpointIds,
+    insightType,
+    anonymizationFields,
+    esClient,
+    replacements: latestReplacements,
+    langChainTimeout,
+    llm,
+    logger,
+    onNewReplacements,
+    request,
+    modelExists: false,
+    isEnabledKnowledgeBase: false,
+  };
+}
+
+export async function handleToolError({
+  apiConfig,
+  defendInsightId,
+  authenticatedUser,
+  dataClient,
+  err,
+  latestReplacements,
+  logger,
+  telemetry,
+}: {
+  apiConfig: ApiConfig;
+  defendInsightId: string;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: DefendInsightsDataClient;
+  err: Error;
+  latestReplacements: Replacements;
+  logger: Logger;
+  telemetry: AnalyticsServiceSetup;
+}) {
+  try {
+    logger.error(err);
+    const error = transformError(err);
+    const currentInsight = await dataClient.getDefendInsight({
+      id: defendInsightId,
+      authenticatedUser,
+    });
+
+    if (currentInsight === null || currentInsight?.status === DefendInsightStatus.Enum.canceled) {
+      return;
+    }
+    await dataClient.updateDefendInsight({
+      defendInsightUpdateProps: {
+        insights: [],
+        status: DefendInsightStatus.Enum.failed,
+        id: defendInsightId,
+        replacements: latestReplacements,
+        backingIndex: currentInsight.backingIndex,
+        failureReason: error.message,
+      },
+      authenticatedUser,
+    });
+    telemetry.reportEvent(DEFEND_INSIGHT_ERROR_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      errorMessage: error.message,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  } catch (updateErr) {
+    const updateError = transformError(updateErr);
+    telemetry.reportEvent(DEFEND_INSIGHT_ERROR_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      errorMessage: updateError.message,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  }
+}
+
+export async function createDefendInsight(
+  endpointIds: string[],
+  insightType: DefendInsightType,
+  dataClient: DefendInsightsDataClient,
+  authenticatedUser: AuthenticatedUser,
+  apiConfig: ApiConfig
+): Promise<{
+  currentInsight: DefendInsightsResponse;
+  defendInsightId: string;
+}> {
+  const currentInsight = await dataClient?.createDefendInsight({
+    defendInsightCreate: {
+      endpointIds,
+      insightType,
+      apiConfig,
+      insights: [],
+      status: DefendInsightStatus.Enum.running,
+    },
+    authenticatedUser,
+  });
+
+  if (!currentInsight) {
+    throw new Error(`failed to create Defend insight for connectorId: ${apiConfig.connectorId}`);
+  }
+
+  return {
+    defendInsightId: currentInsight.id,
+    currentInsight,
+  };
+}
+
+export async function updateDefendInsights({
+  apiConfig,
+  defendInsightId,
+  authenticatedUser,
+  dataClient,
+  latestReplacements,
+  logger,
+  rawDefendInsights,
+  startTime,
+  telemetry,
+}: {
+  apiConfig: ApiConfig;
+  defendInsightId: string;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: DefendInsightsDataClient;
+  latestReplacements: Replacements;
+  logger: Logger;
+  rawDefendInsights: string | null;
+  startTime: Moment;
+  telemetry: AnalyticsServiceSetup;
+}) {
+  try {
+    if (rawDefendInsights == null) {
+      throw new Error('tool returned no Defend insights');
+    }
+    const currentInsight = await dataClient.getDefendInsight({
+      id: defendInsightId,
+      authenticatedUser,
+    });
+    if (currentInsight === null || currentInsight?.status === DefendInsightStatus.Enum.canceled) {
+      return;
+    }
+    const endTime = moment();
+    const durationMs = endTime.diff(startTime);
+    const { eventsContextCount, insights } = getDataFromJSON(rawDefendInsights);
+    const updateProps = {
+      eventsContextCount,
+      insights,
+      status: DefendInsightStatus.Enum.succeeded,
+      ...(!eventsContextCount || !insights.length
+        ? {}
+        : {
+            generationIntervals: addGenerationInterval(currentInsight.generationIntervals, {
+              durationMs,
+              date: new Date().toISOString(),
+            }),
+          }),
+      id: defendInsightId,
+      replacements: latestReplacements,
+      backingIndex: currentInsight.backingIndex,
+    };
+
+    await dataClient.updateDefendInsight({
+      defendInsightUpdateProps: updateProps,
+      authenticatedUser,
+    });
+    telemetry.reportEvent(DEFEND_INSIGHT_SUCCESS_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      eventsContextCount: updateProps.eventsContextCount,
+      insightsGenerated: updateProps.insights.length,
+      durationMs,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  } catch (updateErr) {
+    logger.error(updateErr);
+    const updateError = transformError(updateErr);
+    telemetry.reportEvent(DEFEND_INSIGHT_ERROR_EVENT.eventType, {
+      actionTypeId: apiConfig.actionTypeId,
+      errorMessage: updateError.message,
+      model: apiConfig.model,
+      provider: apiConfig.provider,
+    });
+  }
+}
+
+export async function updateDefendInsightsLastViewedAt({
+  params,
+  authenticatedUser,
+  dataClient,
+}: {
+  params: DefendInsightsGetRequestQuery;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: DefendInsightsDataClient;
+}): Promise<DefendInsightsResponse[]> {
+  const defendInsights = await dataClient.findDefendInsightsByParams({
+    params,
+    authenticatedUser,
+  });
+  if (!defendInsights.length) {
+    return [];
+  }
+
+  const defendInsightsUpdateProps = defendInsights.map((insight) => {
+    return {
+      id: insight.id,
+      lastViewedAt: new Date().toISOString(),
+      backingIndex: insight.backingIndex,
+    };
+  });
+
+  return dataClient.updateDefendInsights({
+    defendInsightsUpdateProps,
+    authenticatedUser,
+  });
+}
+
+export async function updateDefendInsightLastViewedAt({
+  id,
+  authenticatedUser,
+  dataClient,
+}: {
+  id: string;
+  authenticatedUser: AuthenticatedUser;
+  dataClient: DefendInsightsDataClient;
+}): Promise<DefendInsightsResponse | undefined> {
+  return (
+    await updateDefendInsightsLastViewedAt({ params: { ids: [id] }, authenticatedUser, dataClient })
+  )[0];
+}
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/index.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/index.ts
new file mode 100644
index 0000000000000..a2835cb74c82d
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/index.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { getDefendInsightRoute } from './get_defend_insight';
+export { getDefendInsightsRoute } from './get_defend_insights';
+export { postDefendInsightsRoute } from './post_defend_insights';
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.test.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.test.ts
new file mode 100644
index 0000000000000..95d6b521ed4b0
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.test.ts
@@ -0,0 +1,184 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import type { AuthenticatedUser } from '@kbn/core-security-common';
+import type { DefendInsightsPostRequestBody } from '@kbn/elastic-assistant-common';
+
+import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
+import { actionsMock } from '@kbn/actions-plugin/server/mocks';
+import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
+import { DefendInsightStatus, DefendInsightType } from '@kbn/elastic-assistant-common';
+
+import type { DefendInsightsDataClient } from '../../ai_assistant_data_clients/defend_insights';
+
+import { serverMock } from '../../__mocks__/server';
+import {
+  ElasticAssistantRequestHandlerContextMock,
+  requestContextMock,
+} from '../../__mocks__/request_context';
+import { transformESSearchToDefendInsights } from '../../ai_assistant_data_clients/defend_insights/helpers';
+import { getDefendInsightsSearchEsMock } from '../../__mocks__/defend_insights_schema.mock';
+import { postDefendInsightsRequest } from '../../__mocks__/request';
+import { getAssistantTool, createDefendInsight, isDefendInsightsEnabled } from './helpers';
+import { postDefendInsightsRoute } from './post_defend_insights';
+
+jest.mock('./helpers');
+
+describe('postDefendInsightsRoute', () => {
+  let server: ReturnType<typeof serverMock.create>;
+  let context: ElasticAssistantRequestHandlerContextMock;
+  let mockUser: AuthenticatedUser;
+  let mockDataClient: DefendInsightsDataClient;
+  let mockApiConfig: any;
+  let mockRequestBody: DefendInsightsPostRequestBody;
+  let mockCurrentInsight: any;
+
+  function getDefaultUser(): AuthenticatedUser {
+    return {
+      username: 'my_username',
+      authentication_realm: {
+        type: 'my_realm_type',
+        name: 'my_realm_name',
+      },
+    } as AuthenticatedUser;
+  }
+
+  function getDefaultDataClient(): DefendInsightsDataClient {
+    return {
+      findDefendInsightsByParams: jest.fn().mockResolvedValueOnce(mockCurrentInsight),
+      updateDefendInsight: jest.fn(),
+      createDefendInsight: jest.fn(),
+    } as unknown as DefendInsightsDataClient;
+  }
+
+  function getDefaultApiConfig() {
+    return {
+      connectorId: 'connector-id',
+      actionTypeId: '.bedrock',
+      model: 'model',
+      provider: OpenAiProviderType.OpenAi,
+    };
+  }
+
+  function getDefaultRequestBody(): DefendInsightsPostRequestBody {
+    return {
+      endpointIds: [],
+      insightType: DefendInsightType.Enum.incompatible_antivirus,
+      subAction: 'invokeAI',
+      apiConfig: mockApiConfig,
+      anonymizationFields: [],
+      replacements: {},
+      model: 'gpt-4',
+      langSmithProject: 'langSmithProject',
+      langSmithApiKey: 'langSmithApiKey',
+    };
+  }
+
+  beforeEach(() => {
+    const tools = requestContextMock.createTools();
+    context = tools.context;
+    server = serverMock.create();
+    tools.clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient();
+
+    mockCurrentInsight = transformESSearchToDefendInsights(getDefendInsightsSearchEsMock())[0];
+    mockCurrentInsight.status = DefendInsightStatus.Enum.running;
+
+    mockUser = getDefaultUser();
+    mockDataClient = getDefaultDataClient();
+    mockApiConfig = getDefaultApiConfig();
+    mockRequestBody = getDefaultRequestBody();
+    (getAssistantTool as jest.Mock).mockReturnValue({ getTool: jest.fn() });
+    (createDefendInsight as jest.Mock).mockResolvedValue({
+      currentInsight: mockCurrentInsight,
+      defendInsightId: mockCurrentInsight.id,
+    });
+    (isDefendInsightsEnabled as jest.Mock).mockResolvedValue(true);
+
+    context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser);
+    context.elasticAssistant.getDefendInsightsDataClient.mockResolvedValue(mockDataClient);
+    context.elasticAssistant.actions = actionsMock.createStart();
+
+    postDefendInsightsRoute(server.router);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should handle successful request', async () => {
+    const response = await server.inject(
+      postDefendInsightsRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(200);
+    expect(response.body).toEqual(mockCurrentInsight);
+  });
+
+  it('should handle missing authenticated user', async () => {
+    context.elasticAssistant.getCurrentUser.mockReturnValueOnce(null);
+    const response = await server.inject(
+      postDefendInsightsRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(401);
+    expect(response.body).toEqual({
+      message: 'Authenticated user not found',
+      status_code: 401,
+    });
+  });
+
+  it('should handle missing data client', async () => {
+    context.elasticAssistant.getDefendInsightsDataClient.mockResolvedValueOnce(null);
+    const response = await server.inject(
+      postDefendInsightsRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: 'Defend insights data client not initialized',
+      status_code: 500,
+    });
+  });
+
+  it('should handle assistantTool null response', async () => {
+    (getAssistantTool as jest.Mock).mockReturnValueOnce(null);
+    const response = await server.inject(
+      postDefendInsightsRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(404);
+  });
+
+  it('should 404 if feature flag disabled', async () => {
+    (isDefendInsightsEnabled as jest.Mock).mockReturnValueOnce(false);
+    const response = await server.inject(
+      postDefendInsightsRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(404);
+  });
+
+  it('should handle createDefendInsight error', async () => {
+    (createDefendInsight as jest.Mock).mockRejectedValueOnce(new Error('Oh no!'));
+    const response = await server.inject(
+      postDefendInsightsRequest(mockRequestBody),
+      requestContextMock.convertContext(context)
+    );
+    expect(response.status).toEqual(500);
+    expect(response.body).toEqual({
+      message: {
+        error: 'Oh no!',
+        success: false,
+      },
+      status_code: 500,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.ts b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.ts
new file mode 100644
index 0000000000000..d69b60a478803
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.ts
@@ -0,0 +1,196 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import moment from 'moment/moment';
+
+import type { IKibanaResponse } from '@kbn/core/server';
+
+import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
+import {
+  DEFEND_INSIGHTS,
+  DefendInsightsPostRequestBody,
+  DefendInsightsPostResponse,
+  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+  Replacements,
+} from '@kbn/elastic-assistant-common';
+import { transformError } from '@kbn/securitysolution-es-utils';
+import { IRouter, Logger } from '@kbn/core/server';
+
+import { buildResponse } from '../../lib/build_response';
+import { ElasticAssistantRequestHandlerContext } from '../../types';
+import { DEFAULT_PLUGIN_NAME, getPluginNameFromRequest } from '../helpers';
+import {
+  getAssistantTool,
+  getAssistantToolParams,
+  handleToolError,
+  createDefendInsight,
+  updateDefendInsights,
+  isDefendInsightsEnabled,
+} from './helpers';
+
+const ROUTE_HANDLER_TIMEOUT = 10 * 60 * 1000; // 10 * 60 seconds = 10 minutes
+const LANG_CHAIN_TIMEOUT = ROUTE_HANDLER_TIMEOUT - 10_000; // 9 minutes 50 seconds
+const CONNECTOR_TIMEOUT = LANG_CHAIN_TIMEOUT - 10_000; // 9 minutes 40 seconds
+
+export const postDefendInsightsRoute = (router: IRouter<ElasticAssistantRequestHandlerContext>) => {
+  router.versioned
+    .post({
+      access: 'internal',
+      path: DEFEND_INSIGHTS,
+      options: {
+        tags: ['access:elasticAssistant'],
+        timeout: {
+          idleSocket: ROUTE_HANDLER_TIMEOUT,
+        },
+      },
+    })
+    .addVersion(
+      {
+        version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
+        validate: {
+          request: {
+            body: buildRouteValidationWithZod(DefendInsightsPostRequestBody),
+          },
+          response: {
+            200: {
+              body: { custom: buildRouteValidationWithZod(DefendInsightsPostResponse) },
+            },
+          },
+        },
+      },
+      async (context, request, response): Promise<IKibanaResponse<DefendInsightsPostResponse>> => {
+        const startTime = moment(); // start timing the generation
+        const resp = buildResponse(response);
+        const assistantContext = await context.elasticAssistant;
+        const logger: Logger = assistantContext.logger;
+        const telemetry = assistantContext.telemetry;
+
+        try {
+          const isEnabled = isDefendInsightsEnabled({
+            request,
+            logger,
+            assistantContext,
+          });
+          if (!isEnabled) {
+            return response.notFound();
+          }
+
+          const actions = assistantContext.actions;
+          const actionsClient = await actions.getActionsClientWithRequest(request);
+          const dataClient = await assistantContext.getDefendInsightsDataClient();
+          const authenticatedUser = assistantContext.getCurrentUser();
+          if (authenticatedUser == null) {
+            return resp.error({
+              body: `Authenticated user not found`,
+              statusCode: 401,
+            });
+          }
+          if (!dataClient) {
+            return resp.error({
+              body: `Defend insights data client not initialized`,
+              statusCode: 500,
+            });
+          }
+
+          const pluginName = getPluginNameFromRequest({
+            request,
+            defaultPluginName: DEFAULT_PLUGIN_NAME,
+            logger,
+          });
+          const assistantTool = getAssistantTool(assistantContext.getRegisteredTools, pluginName);
+
+          if (!assistantTool) {
+            return response.notFound();
+          }
+
+          const {
+            endpointIds,
+            insightType,
+            apiConfig,
+            anonymizationFields,
+            langSmithApiKey,
+            langSmithProject,
+            replacements,
+          } = request.body;
+
+          const esClient = (await context.core).elasticsearch.client.asCurrentUser;
+
+          let latestReplacements: Replacements = { ...replacements };
+          const onNewReplacements = (newReplacements: Replacements) => {
+            latestReplacements = { ...latestReplacements, ...newReplacements };
+          };
+
+          const assistantToolParams = getAssistantToolParams({
+            endpointIds,
+            insightType,
+            actionsClient,
+            anonymizationFields,
+            apiConfig,
+            esClient,
+            latestReplacements,
+            connectorTimeout: CONNECTOR_TIMEOUT,
+            langChainTimeout: LANG_CHAIN_TIMEOUT,
+            langSmithProject,
+            langSmithApiKey,
+            logger,
+            onNewReplacements,
+            request,
+          });
+
+          const toolInstance = assistantTool.getTool(assistantToolParams);
+
+          const { currentInsight, defendInsightId } = await createDefendInsight(
+            endpointIds,
+            insightType,
+            dataClient,
+            authenticatedUser,
+            apiConfig
+          );
+
+          toolInstance
+            ?.invoke('')
+            .then((rawDefendInsights: string) =>
+              updateDefendInsights({
+                apiConfig,
+                defendInsightId,
+                authenticatedUser,
+                dataClient,
+                latestReplacements,
+                logger,
+                rawDefendInsights,
+                startTime,
+                telemetry,
+              })
+            )
+            .catch((err) =>
+              handleToolError({
+                apiConfig,
+                defendInsightId,
+                authenticatedUser,
+                dataClient,
+                err,
+                latestReplacements,
+                logger,
+                telemetry,
+              })
+            );
+
+          return response.ok({
+            body: currentInsight,
+          });
+        } catch (err) {
+          logger.error(err);
+          const error = transformError(err);
+
+          return resp.error({
+            body: { success: false, error: error.message },
+            statusCode: error.statusCode,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/helpers.ts b/x-pack/plugins/elastic_assistant/server/routes/helpers.ts
index fcd051f1f2157..23ec7011be5b7 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/helpers.ts
@@ -20,6 +20,7 @@ import {
   Message,
   Replacements,
   replaceAnonymizedValuesWithOriginalValues,
+  DEFEND_INSIGHTS_TOOL_ID,
 } from '@kbn/elastic-assistant-common';
 import { ILicense } from '@kbn/licensing-plugin/server';
 import { i18n } from '@kbn/i18n';
@@ -263,9 +264,11 @@ export const langChainExecute = async ({
     logger,
   });
   const assistantContext = context.elasticAssistant;
+  // We don't (yet) support invoking these tools interactively
+  const unsupportedTools = new Set(['attack-discovery', DEFEND_INSIGHTS_TOOL_ID]);
   const assistantTools = assistantContext
     .getRegisteredTools(pluginName)
-    .filter((x) => x.id !== 'attack-discovery'); // We don't (yet) support asking the assistant for NEW attack discoveries from a conversation
+    .filter((tool) => !unsupportedTools.has(tool.id));
 
   // get a scoped esClient for assistant memory
   const esClient = context.core.elasticsearch.client.asCurrentUser;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/index.ts b/x-pack/plugins/elastic_assistant/server/routes/index.ts
index c30a62872a82d..ada5bf1c600d6 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/index.ts
@@ -12,6 +12,11 @@ export { postActionsConnectorExecuteRoute } from './post_actions_connector_execu
 export { postAttackDiscoveryRoute } from './attack_discovery/post/post_attack_discovery';
 export { getAttackDiscoveryRoute } from './attack_discovery/get/get_attack_discovery';
 
+// Defend insights
+export { postDefendInsightsRoute } from './defend_insights/post_defend_insights';
+export { getDefendInsightsRoute } from './defend_insights/get_defend_insights';
+export { getDefendInsightRoute } from './defend_insights/get_defend_insight';
+
 // Knowledge Base
 export { getKnowledgeBaseIndicesRoute } from './knowledge_base/get_knowledge_base_indices';
 export { getKnowledgeBaseStatusRoute } from './knowledge_base/get_knowledge_base_status';
diff --git a/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts b/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts
index d722e31cb2338..0124dfc7969c2 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts
@@ -33,6 +33,11 @@ import { postActionsConnectorExecuteRoute } from './post_actions_connector_execu
 import { bulkActionKnowledgeBaseEntriesRoute } from './knowledge_base/entries/bulk_actions_route';
 import { createKnowledgeBaseEntryRoute } from './knowledge_base/entries/create_route';
 import { findKnowledgeBaseEntriesRoute } from './knowledge_base/entries/find_route';
+import {
+  getDefendInsightRoute,
+  getDefendInsightsRoute,
+  postDefendInsightsRoute,
+} from './defend_insights';
 
 export const registerRoutes = (
   router: ElasticAssistantPluginRouter,
@@ -89,4 +94,9 @@ export const registerRoutes = (
   getAttackDiscoveryRoute(router);
   postAttackDiscoveryRoute(router);
   cancelAttackDiscoveryRoute(router);
+
+  // Defend insights
+  getDefendInsightRoute(router);
+  getDefendInsightsRoute(router);
+  postDefendInsightsRoute(router);
 };
diff --git a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
index 3f81763db49d9..ef921d7c91a28 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
@@ -116,6 +116,16 @@ export class RequestContextFactory implements IRequestContextFactory {
         });
       }),
 
+      getDefendInsightsDataClient: memoize(() => {
+        const currentUser = getCurrentUser();
+        return this.assistantService.createDefendInsightsDataClient({
+          spaceId: getSpaceId(),
+          licensing: context.licensing,
+          logger: this.logger,
+          currentUser,
+        });
+      }),
+
       getAIAssistantPromptsDataClient: memoize(() => {
         const currentUser = getCurrentUser();
         return this.assistantService.createAIAssistantPromptsDataClient({
diff --git a/x-pack/plugins/elastic_assistant/server/services/app_context.test.ts b/x-pack/plugins/elastic_assistant/server/services/app_context.test.ts
index e91a0ec024c9e..061e4e6f47af5 100644
--- a/x-pack/plugins/elastic_assistant/server/services/app_context.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/services/app_context.test.ts
@@ -54,6 +54,7 @@ describe('AppContextService', () => {
       appContextService.start(mockAppContext);
       appContextService.registerFeatures('super', {
         assistantModelEvaluation: true,
+        defendInsights: true,
       });
       appContextService.stop();
 
@@ -104,6 +105,7 @@ describe('AppContextService', () => {
       const features: AssistantFeatures = {
         ...defaultAssistantFeatures,
         assistantModelEvaluation: true,
+        defendInsights: true,
       };
 
       appContextService.start(mockAppContext);
@@ -119,11 +121,13 @@ describe('AppContextService', () => {
       const featuresOne: AssistantFeatures = {
         ...defaultAssistantFeatures,
         assistantModelEvaluation: true,
+        defendInsights: true,
       };
       const pluginTwo = 'plugin2';
       const featuresTwo: AssistantFeatures = {
         ...defaultAssistantFeatures,
         assistantModelEvaluation: false,
+        defendInsights: false,
       };
 
       appContextService.start(mockAppContext);
@@ -139,10 +143,12 @@ describe('AppContextService', () => {
       const featuresOne: AssistantFeatures = {
         ...defaultAssistantFeatures,
         assistantModelEvaluation: true,
+        defendInsights: true,
       };
       const featuresTwo: AssistantFeatures = {
         ...defaultAssistantFeatures,
         assistantModelEvaluation: false,
+        defendInsights: false,
       };
 
       appContextService.start(mockAppContext);
@@ -164,6 +170,7 @@ describe('AppContextService', () => {
       const pluginName = 'pluginName';
       const featuresSubset: Partial<AssistantFeatures> = {
         assistantModelEvaluation: true,
+        defendInsights: true,
       };
 
       appContextService.start(mockAppContext);
diff --git a/x-pack/plugins/elastic_assistant/server/types.ts b/x-pack/plugins/elastic_assistant/server/types.ts
index d2dad4f9f998f..d328001e86bb8 100755
--- a/x-pack/plugins/elastic_assistant/server/types.ts
+++ b/x-pack/plugins/elastic_assistant/server/types.ts
@@ -27,6 +27,7 @@ import { TaskManagerSetupContract } from '@kbn/task-manager-plugin/server';
 import { ElasticsearchClient } from '@kbn/core/server';
 import {
   AttackDiscoveryPostRequestBody,
+  DefendInsightsPostRequestBody,
   AssistantFeatures,
   ExecuteConnectorRequestBody,
   Replacements,
@@ -51,6 +52,7 @@ import { AIAssistantConversationsDataClient } from './ai_assistant_data_clients/
 import type { GetRegisteredFeatures, GetRegisteredTools } from './services/app_context';
 import { AIAssistantDataClient } from './ai_assistant_data_clients';
 import { AIAssistantKnowledgeBaseDataClient } from './ai_assistant_data_clients/knowledge_base';
+import type { DefendInsightsDataClient } from './ai_assistant_data_clients/defend_insights';
 
 export const PLUGIN_ID = 'elasticAssistant' as const;
 
@@ -129,6 +131,7 @@ export interface ElasticAssistantApiRequestHandlerContext {
     params?: GetAIAssistantKnowledgeBaseDataClientParams
   ) => Promise<AIAssistantKnowledgeBaseDataClient | null>;
   getAttackDiscoveryDataClient: () => Promise<AttackDiscoveryDataClient | null>;
+  getDefendInsightsDataClient: () => Promise<DefendInsightsDataClient | null>;
   getAIAssistantPromptsDataClient: () => Promise<AIAssistantDataClient | null>;
   getAIAssistantAnonymizationFieldsDataClient: () => Promise<AIAssistantDataClient | null>;
   inference: InferenceServerStart;
@@ -158,6 +161,7 @@ export interface AssistantResourceNames {
     prompts: string;
     anonymizationFields: string;
     attackDiscovery: string;
+    defendInsights: string;
   };
   indexTemplate: {
     conversations: string;
@@ -165,6 +169,7 @@ export interface AssistantResourceNames {
     prompts: string;
     anonymizationFields: string;
     attackDiscovery: string;
+    defendInsights: string;
   };
   aliases: {
     conversations: string;
@@ -172,6 +177,7 @@ export interface AssistantResourceNames {
     prompts: string;
     anonymizationFields: string;
     attackDiscovery: string;
+    defendInsights: string;
   };
   indexPatterns: {
     conversations: string;
@@ -179,6 +185,7 @@ export interface AssistantResourceNames {
     prompts: string;
     anonymizationFields: string;
     attackDiscovery: string;
+    defendInsights: string;
   };
   pipelines: {
     knowledgeBase: string;
@@ -230,7 +237,7 @@ export interface AssistantToolParams {
   request: KibanaRequest<
     unknown,
     unknown,
-    ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody
+    ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody | DefendInsightsPostRequestBody
   >;
   size?: number;
   telemetry?: AnalyticsServiceSetup;
diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/crawler_empty_state.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/crawler_empty_state.tsx
index 5a03d0560dfbf..6be21dd8c63a7 100644
--- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/crawler_empty_state.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connectors/crawler_empty_state.tsx
@@ -11,7 +11,6 @@ import { useValues } from 'kea';
 import { EuiButton, EuiEmptyPrompt, EuiPanel } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 
-import { CRAWLER } from '../../../../../common/constants';
 import { HttpLogic } from '../../../shared/http';
 import { GithubIcon } from '../../../shared/icons/github_icon';
 import { KibanaLogic } from '../../../shared/kibana';
@@ -49,7 +48,7 @@ export const CrawlerEmptyState: React.FC = () => {
               color="primary"
               fill
               iconType={GithubIcon}
-              href={CRAWLER.github_repo}
+              href={'https://github.com/elastic/crawler'}
             >
               {i18n.translate(
                 'xpack.enterpriseSearch.crawlerEmptyState.openSourceCrawlerButtonLabel',
diff --git a/x-pack/plugins/fleet/.storybook/smoke.test.tsx b/x-pack/plugins/fleet/.storybook/smoke.test.tsx
index a3984a42a5ab2..63c1199b75aa9 100644
--- a/x-pack/plugins/fleet/.storybook/smoke.test.tsx
+++ b/x-pack/plugins/fleet/.storybook/smoke.test.tsx
@@ -5,22 +5,30 @@
  * 2.0.
  */
 
+import { getFips } from 'crypto';
+
 import { mount } from 'enzyme';
 import { createElement } from 'react';
 import { act } from 'react-dom/test-utils';
 import initStoryshots from '@storybook/addon-storyshots';
 
-describe('Fleet Storybook Smoke', () => {
-  test('Init', async () => {
-    await initStoryshots({
-      configPath: __dirname,
-      framework: 'react',
-      test: async ({ story }) => {
-        const renderer = mount(createElement(story.render));
-        // wait until the element will perform all renders and resolve all promises (lazy loading, especially)
-        await act(() => new Promise((resolve) => setTimeout(resolve, 0)));
-        expect(renderer.html()).not.toContain('euiErrorBoundary');
-      },
+describe('Fleet Storybook Smoke', function () {
+  if (getFips() !== 1) {
+    test('Init', async () => {
+      await initStoryshots({
+        configPath: __dirname,
+        framework: 'react',
+        test: async ({ story }) => {
+          const renderer = mount(createElement(story.render));
+          // wait until the element will perform all renders and resolve all promises (lazy loading, especially)
+          await act(() => new Promise((resolve) => setTimeout(resolve, 0)));
+          expect(renderer.html()).not.toContain('euiErrorBoundary');
+        },
+      });
+    });
+  } else {
+    test('fips is enabled', function () {
+      expect(getFips() === 1).toEqual(true);
     });
-  });
+  }
 });
diff --git a/x-pack/plugins/fleet/common/services/index.ts b/x-pack/plugins/fleet/common/services/index.ts
index 4443878617796..7061d6d3028d8 100644
--- a/x-pack/plugins/fleet/common/services/index.ts
+++ b/x-pack/plugins/fleet/common/services/index.ts
@@ -33,6 +33,7 @@ export {
   isIntegrationPolicyTemplate,
   getNormalizedInputs,
   getNormalizedDataStreams,
+  filterPolicyTemplatesTiles,
 } from './policy_template';
 export { doesPackageHaveIntegrations } from './packages_with_integrations';
 export type {
diff --git a/x-pack/plugins/fleet/common/services/policy_template.test.ts b/x-pack/plugins/fleet/common/services/policy_template.test.ts
index 87ce2121b8b59..b0cba311fe70c 100644
--- a/x-pack/plugins/fleet/common/services/policy_template.test.ts
+++ b/x-pack/plugins/fleet/common/services/policy_template.test.ts
@@ -10,6 +10,7 @@ import type {
   RegistryPolicyIntegrationTemplate,
   PackageInfo,
   RegistryVarType,
+  PackageListItem,
 } from '../types';
 
 import {
@@ -17,6 +18,7 @@ import {
   isIntegrationPolicyTemplate,
   getNormalizedInputs,
   getNormalizedDataStreams,
+  filterPolicyTemplatesTiles,
 } from './policy_template';
 
 describe('isInputOnlyPolicyTemplate', () => {
@@ -280,3 +282,125 @@ describe('getNormalizedDataStreams', () => {
     expect(result?.[0].streams?.[0]?.vars).toEqual([datasetVar]);
   });
 });
+
+describe('filterPolicyTemplatesTiles', () => {
+  const topPackagePolicy: PackageListItem = {
+    id: 'nginx',
+    integration: 'nginx',
+    title: 'Nginx',
+    name: 'nginx',
+    version: '0.0.1',
+    status: 'not_installed',
+  };
+
+  const childPolicyTemplates: PackageListItem[] = [
+    {
+      id: 'nginx-template1',
+      integration: 'nginx-template-1',
+      title: 'Nginx Template 1',
+      name: 'nginx',
+      version: '0.0.1',
+      status: 'not_installed',
+    },
+    {
+      id: 'nginx-template2',
+      integration: 'nginx-template-2',
+      title: 'Nginx Template 2',
+      name: 'nginx',
+      version: '0.0.1',
+      status: 'not_installed',
+    },
+  ];
+  it('should return all tiles as undefined value', () => {
+    expect(filterPolicyTemplatesTiles(undefined, topPackagePolicy, childPolicyTemplates)).toEqual([
+      {
+        id: 'nginx',
+        integration: 'nginx',
+        title: 'Nginx',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+      {
+        id: 'nginx-template1',
+        integration: 'nginx-template-1',
+        title: 'Nginx Template 1',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+      {
+        id: 'nginx-template2',
+        integration: 'nginx-template-2',
+        title: 'Nginx Template 2',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+    ]);
+  });
+  it('should return all tiles', () => {
+    expect(filterPolicyTemplatesTiles('all', topPackagePolicy, childPolicyTemplates)).toEqual([
+      {
+        id: 'nginx',
+        integration: 'nginx',
+        title: 'Nginx',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+      {
+        id: 'nginx-template1',
+        integration: 'nginx-template-1',
+        title: 'Nginx Template 1',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+      {
+        id: 'nginx-template2',
+        integration: 'nginx-template-2',
+        title: 'Nginx Template 2',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+    ]);
+  });
+  it('should return just the combined policy tile', () => {
+    expect(
+      filterPolicyTemplatesTiles('combined_policy', topPackagePolicy, childPolicyTemplates)
+    ).toEqual([
+      {
+        id: 'nginx',
+        integration: 'nginx',
+        title: 'Nginx',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+    ]);
+  });
+  it('should return just the individual policies (tiles)', () => {
+    expect(
+      filterPolicyTemplatesTiles('individual_policies', topPackagePolicy, childPolicyTemplates)
+    ).toEqual([
+      {
+        id: 'nginx-template1',
+        integration: 'nginx-template-1',
+        title: 'Nginx Template 1',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+      {
+        id: 'nginx-template2',
+        integration: 'nginx-template-2',
+        title: 'Nginx Template 2',
+        name: 'nginx',
+        version: '0.0.1',
+        status: 'not_installed',
+      },
+    ]);
+  });
+});
diff --git a/x-pack/plugins/fleet/common/services/policy_template.ts b/x-pack/plugins/fleet/common/services/policy_template.ts
index ed390e0c6b45d..efa65a880576a 100644
--- a/x-pack/plugins/fleet/common/services/policy_template.ts
+++ b/x-pack/plugins/fleet/common/services/policy_template.ts
@@ -39,6 +39,7 @@ export function packageHasNoPolicyTemplates(packageInfo: PackageInfo): boolean {
     )
   );
 }
+
 export function isInputOnlyPolicyTemplate(
   policyTemplate: RegistryPolicyTemplate
 ): policyTemplate is RegistryPolicyInputOnlyTemplate {
@@ -142,3 +143,27 @@ const createDefaultDatasetName = (
   packageInfo: { name: string },
   policyTemplate: { name: string }
 ): string => packageInfo.name + '.' + policyTemplate.name;
+
+export function filterPolicyTemplatesTiles<T>(
+  templatesBehavior: string | undefined,
+  packagePolicy: T,
+  packagePolicyTemplates: T[]
+): T[] {
+  switch (templatesBehavior || 'all') {
+    case 'combined_policy':
+      return [packagePolicy];
+    case 'individual_policies':
+      return [
+        ...(packagePolicyTemplates && packagePolicyTemplates.length > 1
+          ? packagePolicyTemplates
+          : []),
+      ];
+    default:
+      return [
+        packagePolicy,
+        ...(packagePolicyTemplates && packagePolicyTemplates.length > 1
+          ? packagePolicyTemplates
+          : []),
+      ];
+  }
+}
diff --git a/x-pack/plugins/fleet/common/types/models/epm.ts b/x-pack/plugins/fleet/common/types/models/epm.ts
index f1cd9e5ee4a7f..36a83c1c0a09e 100644
--- a/x-pack/plugins/fleet/common/types/models/epm.ts
+++ b/x-pack/plugins/fleet/common/types/models/epm.ts
@@ -311,6 +311,7 @@ export type RegistrySearchResult = Pick<
   | 'icons'
   | 'internal'
   | 'data_streams'
+  | 'policy_templates_behavior'
   | 'policy_templates'
   | 'categories'
 >;
diff --git a/x-pack/plugins/fleet/common/types/models/package_spec.ts b/x-pack/plugins/fleet/common/types/models/package_spec.ts
index 18c10e4617417..6ae8ba984f5f6 100644
--- a/x-pack/plugins/fleet/common/types/models/package_spec.ts
+++ b/x-pack/plugins/fleet/common/types/models/package_spec.ts
@@ -24,6 +24,7 @@ export interface PackageSpecManifest {
   conditions?: PackageSpecConditions;
   icons?: PackageSpecIcon[];
   screenshots?: PackageSpecScreenshot[];
+  policy_templates_behavior?: 'all' | 'combined_policy' | 'individual_policies';
   policy_templates?: RegistryPolicyTemplate[];
   vars?: RegistryVarsEntry[];
   owner: { github?: string; type?: 'elastic' | 'partner' | 'community' };
diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/hooks/use_available_packages.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/hooks/use_available_packages.tsx
index 2f506b30b2626..c399a0241c22a 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/hooks/use_available_packages.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/hooks/use_available_packages.tsx
@@ -28,6 +28,7 @@ import { doesPackageHaveIntegrations, ExperimentalFeaturesService } from '../../
 import {
   isInputOnlyPolicyTemplate,
   isIntegrationPolicyTemplate,
+  filterPolicyTemplatesTiles,
 } from '../../../../../../../../common/services';
 
 import {
@@ -83,30 +84,33 @@ const packageListToIntegrationsList = (packages: PackageList): PackageList => {
       categories: getAllCategoriesFromIntegrations(pkg),
     };
 
-    return [
-      ...acc,
+    const integrationsPolicyTemplates = doesPackageHaveIntegrations(pkg)
+      ? policyTemplates.map((policyTemplate) => {
+          const { name, title, description, icons } = policyTemplate;
+
+          const categories =
+            isIntegrationPolicyTemplate(policyTemplate) && policyTemplate.categories
+              ? policyTemplate.categories
+              : [];
+          const allCategories = [...topCategories, ...categories];
+          return {
+            ...restOfPackage,
+            id: `${restOfPackage.id}-${name}`,
+            integration: name,
+            title,
+            description,
+            icons: icons || restOfPackage.icons,
+            categories: uniq(allCategories),
+          };
+        })
+      : [];
+
+    const tiles = filterPolicyTemplatesTiles<PackageListItem>(
+      pkg.policy_templates_behavior,
       topPackage,
-      ...(doesPackageHaveIntegrations(pkg)
-        ? policyTemplates.map((policyTemplate) => {
-            const { name, title, description, icons } = policyTemplate;
-
-            const categories =
-              isIntegrationPolicyTemplate(policyTemplate) && policyTemplate.categories
-                ? policyTemplate.categories
-                : [];
-            const allCategories = [...topCategories, ...categories];
-            return {
-              ...restOfPackage,
-              id: `${restOfPackage.id}-${name}`,
-              integration: name,
-              title,
-              description,
-              icons: icons || restOfPackage.icons,
-              categories: uniq(allCategories),
-            };
-          })
-        : []),
-    ];
+      integrationsPolicyTemplates
+    );
+    return [...acc, ...tiles];
   }, []);
 };
 
diff --git a/x-pack/plugins/fleet/public/search_provider.test.ts b/x-pack/plugins/fleet/public/search_provider.test.ts
index 68ba3042a8e76..4ff04862c756f 100644
--- a/x-pack/plugins/fleet/public/search_provider.test.ts
+++ b/x-pack/plugins/fleet/public/search_provider.test.ts
@@ -112,6 +112,123 @@ const testResponse: GetPackagesResponse['items'] = [
   },
 ];
 
+const testResponseBehaviorField: GetPackagesResponse['items'] = [
+  {
+    description: 'testWithPolicyTemplateBehaviorAll',
+    download: 'testWithPolicyTemplateBehaviorAll',
+    id: 'testWithPolicyTemplateBehaviorAll',
+    name: 'testWithPolicyTemplateBehaviorAll',
+    path: 'testWithPolicyTemplateBehaviorAll',
+    release: 'ga',
+    status: 'not_installed',
+    title: 'testWithPolicyTemplateBehaviorAll',
+    version: 'testWithPolicyTemplateBehaviorAll',
+    policy_templates_behavior: 'all',
+    policy_templates: [
+      {
+        description: 'testPolicyTemplate1BehaviorAll',
+        name: 'testPolicyTemplate1BehaviorAll',
+        icons: [
+          {
+            src: 'testPolicyTemplate1BehaviorAll',
+            path: 'testPolicyTemplate1BehaviorAll',
+          },
+        ],
+        title: 'testPolicyTemplate1BehaviorAll',
+        type: 'testPolicyTemplate1BehaviorAll',
+      },
+      {
+        description: 'testPolicyTemplate2BehaviorAll',
+        name: 'testPolicyTemplate2BehaviorAll',
+        icons: [
+          {
+            src: 'testPolicyTemplate2BehaviorAll',
+            path: 'testPolicyTemplate2BehaviorAll',
+          },
+        ],
+        title: 'testPolicyTemplate2BehaviorAll',
+        type: 'testPolicyTemplate2BehaviorAll',
+      },
+    ],
+  },
+  {
+    description: 'testWithPolicyTemplateBehaviorCombined',
+    download: 'testWithPolicyTemplateBehaviorCombined',
+    id: 'testWithPolicyTemplateBehaviorCombined',
+    name: 'testWithPolicyTemplateBehaviorCombined',
+    path: 'testWithPolicyTemplateBehaviorCombined',
+    release: 'ga',
+    status: 'not_installed',
+    title: 'testWithPolicyTemplateBehaviorCombined',
+    version: 'testWithPolicyTemplateBehaviorCombined',
+    policy_templates_behavior: 'combined_policy',
+    policy_templates: [
+      {
+        description: 'testPolicyTemplate1BehaviorCombined',
+        name: 'testPolicyTemplate1BehaviorCombined',
+        icons: [
+          {
+            src: 'testPolicyTemplate1BehaviorCombined',
+            path: 'testPolicyTemplate1BehaviorCombined',
+          },
+        ],
+        title: 'testPolicyTemplate1BehaviorCombined',
+        type: 'testPolicyTemplate1BehaviorCombined',
+      },
+      {
+        description: 'testPolicyTemplate2BehaviorCombined',
+        name: 'testPolicyTemplate2BehaviorCombined',
+        icons: [
+          {
+            src: 'testPolicyTemplate2BehaviorCombined',
+            path: 'testPolicyTemplate2BehaviorCombined',
+          },
+        ],
+        title: 'testPolicyTemplate2BehaviorCombined',
+        type: 'testPolicyTemplate2BehaviorCombined',
+      },
+    ],
+  },
+  {
+    description: 'testWithPolicyTemplateBehaviorIndividual',
+    download: 'testWithPolicyTemplateBehaviorIndividual',
+    id: 'testWithPolicyTemplateBehaviorIndividual',
+    name: 'testWithPolicyTemplateBehaviorIndividual',
+    path: 'testWithPolicyTemplateBehaviorIndividual',
+    release: 'ga',
+    status: 'not_installed',
+    title: 'testWithPolicyTemplateBehaviorIndividual',
+    version: 'testWithPolicyTemplateBehaviorIndividual',
+    policy_templates_behavior: 'individual_policies',
+    policy_templates: [
+      {
+        description: 'testPolicyTemplate1BehaviorIndividual',
+        name: 'testPolicyTemplate1BehaviorIndividual',
+        icons: [
+          {
+            src: 'testPolicyTemplate1BehaviorIndividual',
+            path: 'testPolicyTemplate1BehaviorIndividual',
+          },
+        ],
+        title: 'testPolicyTemplate1BehaviorIndividual',
+        type: 'testPolicyTemplate1BehaviorIndividual',
+      },
+      {
+        description: 'testPolicyTemplate2BehaviorIndividual',
+        name: 'testPolicyTemplate2BehaviorIndividual',
+        icons: [
+          {
+            src: 'testPolicyTemplate2BehaviorIndividual',
+            path: 'testPolicyTemplate2BehaviorIndividual',
+          },
+        ],
+        title: 'testPolicyTemplate2BehaviorIndividual',
+        type: 'testPolicyTemplate2BehaviorIndividual',
+      },
+    ],
+  },
+];
+
 const getTestScheduler = () => {
   return new TestScheduler((actual, expected) => {
     return expect(actual).toEqual(expected);
@@ -394,6 +511,89 @@ describe('Package search provider', () => {
         expect(sendGetPackages).toHaveBeenCalledTimes(1);
       });
 
+      test('with integration tag, with policy_templates_behavior field', () => {
+        getTestScheduler().run(({ hot, expectObservable }) => {
+          mockSendGetPackages.mockReturnValue(
+            hot('--(a|)', { a: { data: { items: testResponseBehaviorField } } })
+          );
+          setupMock.getStartServices.mockReturnValue(
+            hot('--(a|)', { a: [coreMock.createStart()] }) as any
+          );
+          const packageSearchProvider = createPackageSearchProvider(setupMock);
+          expectObservable(
+            packageSearchProvider.find(
+              { types: ['integration'] },
+              { aborted$: NEVER, maxResults: 100, preference: '' }
+            )
+          ).toBe('--(a|)', {
+            a: [
+              {
+                id: 'testWithPolicyTemplateBehaviorAll',
+                score: 80,
+                title: 'testWithPolicyTemplateBehaviorAll',
+                type: 'integration',
+                url: {
+                  path: 'undefined/detail/testWithPolicyTemplateBehaviorAll/overview',
+                  prependBasePath: false,
+                },
+              },
+              {
+                id: 'testPolicyTemplate1BehaviorAll',
+                score: 80,
+                title: 'testPolicyTemplate1BehaviorAll',
+                type: 'integration',
+                url: {
+                  path: 'undefined/detail/testWithPolicyTemplateBehaviorAll/overview?integration=testPolicyTemplate1BehaviorAll',
+                  prependBasePath: false,
+                },
+              },
+              {
+                id: 'testPolicyTemplate2BehaviorAll',
+                score: 80,
+                title: 'testPolicyTemplate2BehaviorAll',
+                type: 'integration',
+                url: {
+                  path: 'undefined/detail/testWithPolicyTemplateBehaviorAll/overview?integration=testPolicyTemplate2BehaviorAll',
+                  prependBasePath: false,
+                },
+              },
+              {
+                id: 'testWithPolicyTemplateBehaviorCombined',
+                score: 80,
+                title: 'testWithPolicyTemplateBehaviorCombined',
+                type: 'integration',
+                url: {
+                  path: 'undefined/detail/testWithPolicyTemplateBehaviorCombined/overview',
+                  prependBasePath: false,
+                },
+              },
+              {
+                id: 'testPolicyTemplate1BehaviorIndividual',
+                score: 80,
+                title: 'testPolicyTemplate1BehaviorIndividual',
+                type: 'integration',
+                url: {
+                  path: 'undefined/detail/testWithPolicyTemplateBehaviorIndividual/overview?integration=testPolicyTemplate1BehaviorIndividual',
+                  prependBasePath: false,
+                },
+              },
+              {
+                id: 'testPolicyTemplate2BehaviorIndividual',
+                score: 80,
+                title: 'testPolicyTemplate2BehaviorIndividual',
+                type: 'integration',
+                url: {
+                  path: 'undefined/detail/testWithPolicyTemplateBehaviorIndividual/overview?integration=testPolicyTemplate2BehaviorIndividual',
+                  prependBasePath: false,
+                },
+              },
+            ],
+          });
+        });
+
+        expect(sendGetPackages).toHaveBeenCalledTimes(1);
+      });
+
       test('with integration tag, with search term', () => {
         getTestScheduler().run(({ hot, expectObservable }) => {
           mockSendGetPackages.mockReturnValue(
diff --git a/x-pack/plugins/fleet/public/search_provider.ts b/x-pack/plugins/fleet/public/search_provider.ts
index a6810633c428e..c329443288e4b 100644
--- a/x-pack/plugins/fleet/public/search_provider.ts
+++ b/x-pack/plugins/fleet/public/search_provider.ts
@@ -16,6 +16,7 @@ import type {
 } from '@kbn/global-search-plugin/public';
 
 import { INTEGRATIONS_PLUGIN_ID } from '../common';
+import { filterPolicyTemplatesTiles } from '../common/services';
 
 import { sendGetPackages } from './hooks';
 import type { GetPackagesResponse, PackageListItem } from './types';
@@ -74,10 +75,12 @@ export const toSearchResult = (
     })
   );
 
-  return [
+  const tiles = filterPolicyTemplatesTiles<GlobalSearchProviderResult>(
+    pkg.policy_templates_behavior,
     packageResult,
-    ...(policyTemplateResults && policyTemplateResults.length > 1 ? policyTemplateResults : []),
-  ];
+    policyTemplateResults || []
+  );
+  return [...tiles];
 };
 
 export const createPackageSearchProvider = (core: CoreSetup): GlobalSearchResultProvider => {
diff --git a/x-pack/plugins/fleet/server/services/preconfiguration/outputs.ts b/x-pack/plugins/fleet/server/services/preconfiguration/outputs.ts
index 9d71e15958480..714b16af5bcd2 100644
--- a/x-pack/plugins/fleet/server/services/preconfiguration/outputs.ts
+++ b/x-pack/plugins/fleet/server/services/preconfiguration/outputs.ts
@@ -152,7 +152,6 @@ export async function hashSecret(secret: string) {
 
   return `${salt}:${derivedKey.toString('hex')}`;
 }
-
 async function verifySecret(hash: string, secret: string) {
   const [salt, key] = hash.split(':');
   const derivedKey = await pbkdf2Async(secret, salt, maxIteration, keyLength, 'sha512');
diff --git a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.test.ts b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.test.ts
index c4e668f9635d1..65415a287d94c 100644
--- a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.test.ts
+++ b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.test.ts
@@ -258,7 +258,9 @@ describe('useSemanticText', () => {
       {
         service: 'elser',
         service_settings: {
-          num_allocations: 1,
+          adaptive_allocations: {
+            enabled: true,
+          },
           num_threads: 1,
           model_id: '.elser_model_2',
         },
diff --git a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.ts b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.ts
index 42d220ba4724b..6662c2852ad7b 100644
--- a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.ts
+++ b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/document_fields/fields/create_field/semantic_text/use_semantic_text.ts
@@ -85,7 +85,7 @@ export function useSemanticText(props: UseSemanticTextProps) {
         : {
             service: defaultInferenceEndpointConfig.service,
             service_settings: {
-              num_allocations: 1,
+              adaptive_allocations: { enabled: true },
               num_threads: 1,
               model_id: trainedModelId,
             },
diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
index 80c43af7b7d4d..b70e767de29b4 100644
--- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
+++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
@@ -175,7 +175,7 @@ export const PipelineForm: React.FunctionComponent<PipelineFormProps> = ({
       <Form
         form={form}
         data-test-subj="pipelineForm"
-        isInvalid={form.isSubmitted && !form.isValid}
+        isInvalid={form.isSubmitted && !form.isValid && !form.isSubmitting}
         error={form.getErrors()}
       >
         {/* Request error */}
@@ -244,7 +244,6 @@ export const PipelineForm: React.FunctionComponent<PipelineFormProps> = ({
             </EuiButtonEmpty>
           </EuiFlexItem>
         </EuiFlexGroup>
-
         {/* ES request flyout */}
         {isRequestVisible ? (
           <PipelineRequestFlyout
diff --git a/x-pack/plugins/maps/public/classes/styles/heatmap/components/__snapshots__/heatmap_style_editor.test.tsx.snap b/x-pack/plugins/maps/public/classes/styles/heatmap/components/__snapshots__/heatmap_style_editor.test.tsx.snap
index e577f5d52708a..5414d6f9ac16b 100644
--- a/x-pack/plugins/maps/public/classes/styles/heatmap/components/__snapshots__/heatmap_style_editor.test.tsx.snap
+++ b/x-pack/plugins/maps/public/classes/styles/heatmap/components/__snapshots__/heatmap_style_editor.test.tsx.snap
@@ -107,9 +107,9 @@ exports[`HeatmapStyleEditor is rendered 1`] = `
             "#84a9cd",
             "#a8bfda",
             "#cad7e8",
-            "#f0d3b0",
-            "#ecb385",
-            "#ea8d69",
+            "#f5d9b1",
+            "#efb785",
+            "#eb8f69",
             "#e7664c",
           ],
           "type": "gradient",
diff --git a/x-pack/plugins/ml/public/locator/ml_locator.ts b/x-pack/plugins/ml/public/locator/ml_locator.ts
index f2807687110f6..0d3ba0189aa7a 100644
--- a/x-pack/plugins/ml/public/locator/ml_locator.ts
+++ b/x-pack/plugins/ml/public/locator/ml_locator.ts
@@ -125,6 +125,7 @@ export class MlLocatorDefinition implements LocatorDefinition<MlLocatorParams> {
         break;
       case ML_PAGES.CALENDARS_EDIT:
         path = formatEditCalendarUrl('', params.pageState);
+        break;
       case ML_PAGES.CALENDARS_DST_EDIT:
         path = formatEditCalendarDstUrl('', params.pageState);
         break;
diff --git a/x-pack/plugins/ml/public/shared_components/single_metric_viewer/single_metric_viewer.tsx b/x-pack/plugins/ml/public/shared_components/single_metric_viewer/single_metric_viewer.tsx
index 9d2ba88493774..39f22e2e988db 100644
--- a/x-pack/plugins/ml/public/shared_components/single_metric_viewer/single_metric_viewer.tsx
+++ b/x-pack/plugins/ml/public/shared_components/single_metric_viewer/single_metric_viewer.tsx
@@ -20,6 +20,7 @@ import type { MlJob, MlJobStats } from '@elastic/elasticsearch/lib/api/types';
 import { DatePickerContextProvider, type DatePickerDependencies } from '@kbn/ml-date-picker';
 import type { TimeRangeBounds } from '@kbn/ml-time-buckets';
 import usePrevious from 'react-use/lib/usePrevious';
+import { extractErrorProperties } from '@kbn/ml-error-utils';
 import { tz } from 'moment';
 import { pick, throttle } from 'lodash';
 import type { MlDependencies } from '../../application/app';
@@ -43,10 +44,17 @@ interface AppStateZoom {
   to?: string;
 }
 
-const errorMessage = i18n.translate('xpack.ml.singleMetricViewerEmbeddable.errorMessage"', {
+const basicErrorMessage = i18n.translate('xpack.ml.singleMetricViewerEmbeddable.errorMessage"', {
   defaultMessage: 'Unable to load the ML single metric viewer data',
 });
 
+const jobNotFoundErrorMessage = i18n.translate(
+  'xpack.ml.singleMetricViewerEmbeddable.jobNotFoundErrorMessage"',
+  {
+    defaultMessage: 'No known job with the selected id',
+  }
+);
+
 export type SingleMetricViewerSharedComponent = FC<SingleMetricViewerProps>;
 
 /**
@@ -72,7 +80,7 @@ export interface SingleMetricViewerProps {
    */
   lastRefresh?: number;
   onRenderComplete?: () => void;
-  onError?: (error: Error) => void;
+  onError?: (error?: Error) => void;
   onForecastIdChange?: (forecastId: string | undefined) => void;
   uuid: string;
 }
@@ -112,6 +120,7 @@ const SingleMetricViewerWrapper: FC<SingleMetricViewerPropsWithDeps> = ({
   const [selectedJobWrapper, setSelectedJobWrapper] = useState<
     { job: MlJob; stats: MlJobStats } | undefined
   >();
+  const [errorEncountered, setErrorEncountered] = useState<number | undefined>();
 
   const isMounted = useMountedState();
   const { mlApi, mlTimeSeriesExplorerService, toastNotificationService } = mlServices;
@@ -125,6 +134,16 @@ const SingleMetricViewerWrapper: FC<SingleMetricViewerPropsWithDeps> = ({
 
   const previousRefresh = usePrevious(lastRefresh ?? 0);
 
+  useEffect(
+    function resetErrorOnJobChange() {
+      // Calling onError to clear any previous error
+      setErrorEncountered(undefined);
+      onError?.();
+    },
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [selectedJobId]
+  );
+
   useEffect(
     function setUpSelectedJob() {
       async function fetchSelectedJob() {
@@ -136,19 +155,26 @@ const SingleMetricViewerWrapper: FC<SingleMetricViewerPropsWithDeps> = ({
             ]);
             setSelectedJobWrapper({ job: jobs[0], stats: jobStats[0] });
           } catch (e) {
+            const error = extractErrorProperties(e);
+            // Could get 404 because job has been deleted and also avoid infinite refetches on any error
+            setErrorEncountered(error.statusCode);
             if (onError) {
-              onError(new Error(errorMessage));
+              onError(
+                new Error(errorEncountered === 404 ? jobNotFoundErrorMessage : basicErrorMessage)
+              );
             }
           }
         }
       }
-      if (isMounted() === false) {
+      if (isMounted() === false || errorEncountered !== undefined) {
         return;
       }
       fetchSelectedJob();
     },
-    [selectedJobId, mlApi, isMounted, onError]
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [selectedJobId, isMounted, errorEncountered]
   );
+
   // eslint-disable-next-line react-hooks/exhaustive-deps
   const resizeHandler = useCallback(
     throttle((e: { width: number; height: number }) => {
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/plugin.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/plugin.ts
index 361d13e6d77f2..f693fa53c06cc 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/plugin.ts
@@ -77,7 +77,7 @@ export class ObservabilityAIAssistantPlugin
       privileges: {
         all: {
           app: [OBSERVABILITY_AI_ASSISTANT_FEATURE_ID, 'kibana'],
-          api: [OBSERVABILITY_AI_ASSISTANT_FEATURE_ID, 'ai_assistant'],
+          api: [OBSERVABILITY_AI_ASSISTANT_FEATURE_ID, 'ai_assistant', 'manage_llm_product_doc'],
           catalogue: [OBSERVABILITY_AI_ASSISTANT_FEATURE_ID],
           savedObject: {
             all: [
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
index f6f099d5200a8..6b654731a264b 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/get_access_query.ts
@@ -19,7 +19,9 @@ export function getAccessQuery({
             bool: {
               should: [
                 { term: { public: true } },
-                ...(user ? [{ term: { 'user.name': user.name } }] : []),
+                ...(user
+                  ? [{ term: user.id ? { 'user.id': user.id } : { 'user.name': user.name } }]
+                  : []),
               ],
               minimum_should_match: 1,
             },
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/kibana.jsonc b/x-pack/plugins/observability_solution/observability_ai_assistant_app/kibana.jsonc
index efc948503b0c0..957ca0272c087 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/kibana.jsonc
@@ -32,7 +32,8 @@
       "alerting",
       "features",
       "inference",
-      "logsDataAccess"
+      "logsDataAccess",
+      "llmTasks"
     ],
     "optionalPlugins": [
       "cloud"
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/documentation.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/documentation.ts
new file mode 100644
index 0000000000000..00072e0c79c48
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/documentation.ts
@@ -0,0 +1,82 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DocumentationProduct } from '@kbn/product-doc-common';
+import { FunctionVisibility } from '@kbn/observability-ai-assistant-plugin/common';
+import type { FunctionRegistrationParameters } from '.';
+
+export const RETRIEVE_DOCUMENTATION_NAME = 'retrieve_elastic_doc';
+
+export async function registerDocumentationFunction({
+  functions,
+  resources,
+  pluginsStart: { llmTasks },
+}: FunctionRegistrationParameters) {
+  const isProductDocAvailable = (await llmTasks.retrieveDocumentationAvailable()) ?? false;
+
+  functions.registerInstruction(({ availableFunctionNames }) => {
+    return availableFunctionNames.includes(RETRIEVE_DOCUMENTATION_NAME)
+      ? `When asked questions about the Elastic stack or products, You should use the ${RETRIEVE_DOCUMENTATION_NAME} function before answering,
+      to retrieve documentation related to the question. Consider that the documentation returned by the function
+      is always more up to date and accurate than any own internal knowledge you might have.`
+      : undefined;
+  });
+
+  functions.registerFunction(
+    {
+      name: RETRIEVE_DOCUMENTATION_NAME,
+      visibility: isProductDocAvailable
+        ? FunctionVisibility.AssistantOnly
+        : FunctionVisibility.Internal,
+      description: `Use this function to retrieve documentation about Elastic products.
+      You can retrieve documentation about the Elastic stack, such as Kibana and Elasticsearch,
+      or for Elastic solutions, such as Elastic Security, Elastic Observability or Elastic Enterprise Search
+      `,
+      parameters: {
+        type: 'object',
+        properties: {
+          query: {
+            description: `The query to use to retrieve documentation
+            Examples:
+            - "How to enable TLS for Elasticsearch?"
+            - "What is Kibana Lens?"`,
+            type: 'string' as const,
+          },
+          product: {
+            description: `If specified, will filter the products to retrieve documentation for
+            Possible options are:
+            - "kibana": Kibana product
+            - "elasticsearch": Elasticsearch product
+            - "observability": Elastic Observability solution
+            - "security": Elastic Security solution
+            If not specified, will search against all products
+            `,
+            type: 'string' as const,
+            enum: Object.values(DocumentationProduct),
+          },
+        },
+        required: ['query'],
+      } as const,
+    },
+    async ({ arguments: { query, product }, connectorId, useSimulatedFunctionCalling }) => {
+      const response = await llmTasks!.retrieveDocumentation({
+        searchTerm: query,
+        products: product ? [product] : undefined,
+        max: 3,
+        connectorId,
+        request: resources.request,
+        functionCalling: useSimulatedFunctionCalling ? 'simulated' : 'native',
+      });
+
+      return {
+        content: {
+          documents: response.documents,
+        },
+      };
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/index.ts
index 7554164a55a69..ba876ad9457bc 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/index.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/index.ts
@@ -12,6 +12,7 @@ import { registerLensFunction } from './lens';
 import { registerVisualizeESQLFunction } from './visualize_esql';
 import { ObservabilityAIAssistantAppPluginStartDependencies } from '../types';
 import { registerChangesFunction } from './changes';
+import { registerDocumentationFunction } from './documentation';
 
 export type FunctionRegistrationParameters = Omit<
   Parameters<RegistrationCallback>[0],
@@ -24,4 +25,5 @@ export const registerFunctions = async (registrationParameters: FunctionRegistra
   registerVisualizeESQLFunction(registrationParameters);
   registerAlertsFunction(registrationParameters);
   registerChangesFunction(registrationParameters);
+  await registerDocumentationFunction(registrationParameters);
 };
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/types.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/types.ts
index fc39e0b7fb24e..a1196be6a829a 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/types.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/types.ts
@@ -37,6 +37,7 @@ import type { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plu
 import type { ObservabilityPluginSetup } from '@kbn/observability-plugin/server';
 import type { InferenceServerStart, InferenceServerSetup } from '@kbn/inference-plugin/server';
 import type { LogsDataAccessPluginStart } from '@kbn/logs-data-access-plugin/server';
+import type { LlmTasksPluginStart } from '@kbn/llm-tasks-plugin/server';
 
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
 export interface ObservabilityAIAssistantAppServerStart {}
@@ -57,6 +58,7 @@ export interface ObservabilityAIAssistantAppPluginStartDependencies {
   serverless?: ServerlessPluginStart;
   inference: InferenceServerStart;
   logsDataAccess: LogsDataAccessPluginStart;
+  llmTasks: LlmTasksPluginStart;
 }
 
 export interface ObservabilityAIAssistantAppPluginSetupDependencies {
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/tsconfig.json b/x-pack/plugins/observability_solution/observability_ai_assistant_app/tsconfig.json
index 6608799caaf61..e0a520fb574c7 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/tsconfig.json
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/tsconfig.json
@@ -70,6 +70,8 @@
     "@kbn/logs-data-access-plugin",
     "@kbn/ai-assistant-common",
     "@kbn/inference-common",
+    "@kbn/llm-tasks-plugin",
+    "@kbn/product-doc-common",
   ],
   "exclude": [
     "target/**/*"
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/kibana.jsonc b/x-pack/plugins/observability_solution/observability_ai_assistant_management/kibana.jsonc
index cda6fdf0192fa..c228f147dbfc3 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/kibana.jsonc
@@ -21,10 +21,11 @@
     "optionalPlugins": [
       "home",
       "serverless",
+      "productDocBase"
     ],
     "requiredBundles": [
       "kibanaReact",
-      "logsDataAccess",
+      "logsDataAccess"
     ]
   }
 }
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/constants.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/constants.ts
index a680da5ed3f93..3bfe3dff3f9f4 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/constants.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/constants.ts
@@ -9,6 +9,9 @@ export const REACT_QUERY_KEYS = {
   GET_GENAI_CONNECTORS: 'get_genai_connectors',
   GET_KB_ENTRIES: 'get_kb_entries',
   GET_KB_USER_INSTRUCTIONS: 'get_kb_user_instructions',
+  GET_PRODUCT_DOC_STATUS: 'get_product_doc_status',
+  INSTALL_PRODUCT_DOC: 'install_product_doc',
+  UNINSTALL_PRODUCT_DOC: 'uninstall_product_doc',
   CREATE_KB_ENTRIES: 'create_kb_entry',
   IMPORT_KB_ENTRIES: 'import_kb_entry',
 };
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_get_product_doc_status.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_get_product_doc_status.ts
new file mode 100644
index 0000000000000..ef95d51f78d49
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_get_product_doc_status.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useQuery } from '@tanstack/react-query';
+import { REACT_QUERY_KEYS } from '../constants';
+import { useKibana } from './use_kibana';
+
+export function useGetProductDocStatus() {
+  const { productDocBase } = useKibana().services;
+
+  const { isLoading, isError, isSuccess, isRefetching, data, refetch } = useQuery({
+    queryKey: [REACT_QUERY_KEYS.GET_PRODUCT_DOC_STATUS],
+    queryFn: async () => {
+      return productDocBase!.installation.getStatus();
+    },
+    keepPreviousData: false,
+    refetchOnWindowFocus: false,
+  });
+
+  return {
+    status: data,
+    refetch,
+    isLoading,
+    isRefetching,
+    isSuccess,
+    isError,
+  };
+}
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_install_product_doc.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_install_product_doc.ts
new file mode 100644
index 0000000000000..cb32efa7e3908
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_install_product_doc.ts
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { i18n } from '@kbn/i18n';
+import type { IHttpFetchError, ResponseErrorBody } from '@kbn/core/public';
+import type { PerformInstallResponse } from '@kbn/product-doc-base-plugin/common/http_api/installation';
+import { REACT_QUERY_KEYS } from '../constants';
+import { useKibana } from './use_kibana';
+
+type ServerError = IHttpFetchError<ResponseErrorBody>;
+
+export function useInstallProductDoc() {
+  const {
+    productDocBase,
+    notifications: { toasts },
+  } = useKibana().services;
+  const queryClient = useQueryClient();
+
+  return useMutation<PerformInstallResponse, ServerError, void>(
+    [REACT_QUERY_KEYS.INSTALL_PRODUCT_DOC],
+    () => {
+      return productDocBase!.installation.install();
+    },
+    {
+      onSuccess: () => {
+        toasts.addSuccess(
+          i18n.translate(
+            'xpack.observabilityAiAssistantManagement.kb.installProductDoc.successNotification',
+            {
+              defaultMessage: 'The Elastic documentation was successfully installed',
+            }
+          )
+        );
+
+        queryClient.invalidateQueries({
+          queryKey: [REACT_QUERY_KEYS.GET_PRODUCT_DOC_STATUS],
+          refetchType: 'all',
+        });
+      },
+      onError: (error) => {
+        toasts.addError(new Error(error.body?.message ?? error.message), {
+          title: i18n.translate(
+            'xpack.observabilityAiAssistantManagement.kb.installProductDoc.errorNotification',
+            {
+              defaultMessage: 'Something went wrong while installing the Elastic documentation',
+            }
+          ),
+        });
+      },
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_uninstall_product_doc.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_uninstall_product_doc.ts
new file mode 100644
index 0000000000000..4aa3b5423faa1
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/hooks/use_uninstall_product_doc.ts
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useMutation, useQueryClient } from '@tanstack/react-query';
+import { i18n } from '@kbn/i18n';
+import type { IHttpFetchError, ResponseErrorBody } from '@kbn/core/public';
+import type { UninstallResponse } from '@kbn/product-doc-base-plugin/common/http_api/installation';
+import { REACT_QUERY_KEYS } from '../constants';
+import { useKibana } from './use_kibana';
+
+type ServerError = IHttpFetchError<ResponseErrorBody>;
+
+export function useUninstallProductDoc() {
+  const {
+    productDocBase,
+    notifications: { toasts },
+  } = useKibana().services;
+  const queryClient = useQueryClient();
+
+  return useMutation<UninstallResponse, ServerError, void>(
+    [REACT_QUERY_KEYS.UNINSTALL_PRODUCT_DOC],
+    () => {
+      return productDocBase!.installation.uninstall();
+    },
+    {
+      onSuccess: () => {
+        toasts.addSuccess(
+          i18n.translate(
+            'xpack.observabilityAiAssistantManagement.kb.uninstallProductDoc.successNotification',
+            {
+              defaultMessage: 'The Elastic documentation was successfully uninstalled',
+            }
+          )
+        );
+
+        queryClient.invalidateQueries({
+          queryKey: [REACT_QUERY_KEYS.GET_PRODUCT_DOC_STATUS],
+          refetchType: 'all',
+        });
+      },
+      onError: (error) => {
+        toasts.addError(new Error(error.body?.message ?? error.message), {
+          title: i18n.translate(
+            'xpack.observabilityAiAssistantManagement.kb.uninstallProductDoc.errorNotification',
+            {
+              defaultMessage: 'Something went wrong while uninstalling the Elastic documentation',
+            }
+          ),
+        });
+      },
+    }
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts
index b7c6bb089663a..67b294a5fef36 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/plugin.ts
@@ -10,6 +10,7 @@ import type { CoreSetup, Plugin, PluginInitializerContext } from '@kbn/core/publ
 import type { ManagementSetup } from '@kbn/management-plugin/public';
 import type { HomePublicPluginSetup } from '@kbn/home-plugin/public';
 import type { ServerlessPluginStart } from '@kbn/serverless/public';
+import type { ProductDocBasePluginStart } from '@kbn/product-doc-base-plugin/public';
 
 import type {
   ObservabilityAIAssistantPublicSetup,
@@ -31,6 +32,7 @@ export interface SetupDependencies {
 export interface StartDependencies {
   observabilityAIAssistant: ObservabilityAIAssistantPublicStart;
   serverless?: ServerlessPluginStart;
+  productDocBase?: ProductDocBasePluginStart;
 }
 
 export interface ConfigSchema {
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/product_doc_entry.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/product_doc_entry.tsx
new file mode 100644
index 0000000000000..668e363d071ee
--- /dev/null
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/product_doc_entry.tsx
@@ -0,0 +1,171 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useEffect, useState, useCallback, useMemo } from 'react';
+import {
+  EuiButton,
+  EuiDescribedFormGroup,
+  EuiFormRow,
+  EuiText,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiHealth,
+  EuiLoadingSpinner,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { useKibana } from '../../../hooks/use_kibana';
+import { useGetProductDocStatus } from '../../../hooks/use_get_product_doc_status';
+import { useInstallProductDoc } from '../../../hooks/use_install_product_doc';
+import { useUninstallProductDoc } from '../../../hooks/use_uninstall_product_doc';
+
+export function ProductDocEntry() {
+  const { overlays } = useKibana().services;
+
+  const [isInstalled, setInstalled] = useState<boolean>(true);
+  const [isInstalling, setInstalling] = useState<boolean>(false);
+
+  const { mutateAsync: installProductDoc } = useInstallProductDoc();
+  const { mutateAsync: uninstallProductDoc } = useUninstallProductDoc();
+  const { status, isLoading: isStatusLoading } = useGetProductDocStatus();
+
+  useEffect(() => {
+    if (status) {
+      setInstalled(status.overall === 'installed');
+    }
+  }, [status]);
+
+  const onClickInstall = useCallback(() => {
+    setInstalling(true);
+    installProductDoc().then(
+      () => {
+        setInstalling(false);
+        setInstalled(true);
+      },
+      () => {
+        setInstalling(false);
+        setInstalled(false);
+      }
+    );
+  }, [installProductDoc]);
+
+  const onClickUninstall = useCallback(() => {
+    overlays
+      .openConfirm(
+        i18n.translate(
+          'xpack.observabilityAiAssistantManagement.settingsPage.productDocUninstallConfirmText',
+          {
+            defaultMessage: `Are you sure you want to uninstall the Elastic documentation?`,
+          }
+        ),
+        {
+          title: i18n.translate(
+            'xpack.observabilityAiAssistantManagement.settingsPage.productDocUninstallConfirmTitle',
+            {
+              defaultMessage: `Uninstalling Elastic documentation`,
+            }
+          ),
+        }
+      )
+      .then((confirmed) => {
+        if (confirmed) {
+          uninstallProductDoc().then(() => {
+            setInstalling(false);
+            setInstalled(false);
+          });
+        }
+      });
+  }, [overlays, uninstallProductDoc]);
+
+  const content = useMemo(() => {
+    if (isStatusLoading) {
+      return <></>;
+    }
+    if (isInstalling) {
+      return (
+        <EuiFlexGroup justifyContent="flexStart" alignItems="center">
+          <EuiLoadingSpinner size="m" />
+          <EuiText size="s">
+            <FormattedMessage
+              id="xpack.observabilityAiAssistantManagement.settingsPage.installingText"
+              defaultMessage="Installing..."
+            />
+          </EuiText>
+        </EuiFlexGroup>
+      );
+    }
+    if (isInstalled) {
+      return (
+        <EuiFlexGroup justifyContent="flexStart" alignItems="center">
+          <EuiFlexItem grow={false}>
+            <EuiHealth textSize="s" color="success">
+              {i18n.translate(
+                'xpack.observabilityAiAssistantManagement.settingsPage.installProductDocInstalledLabel',
+                { defaultMessage: 'Installed' }
+              )}
+            </EuiHealth>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiButton
+              data-test-subj="settingsTabUninstallProductDocButton"
+              onClick={onClickUninstall}
+              color="warning"
+            >
+              {i18n.translate(
+                'xpack.observabilityAiAssistantManagement.settingsPage.uninstallProductDocButtonLabel',
+                { defaultMessage: 'Uninstall' }
+              )}
+            </EuiButton>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      );
+    }
+    return (
+      <EuiFlexGroup justifyContent="flexStart" alignItems="center">
+        <EuiFlexItem grow={false}>
+          <EuiButton data-test-subj="settingsTabInstallProductDocButton" onClick={onClickInstall}>
+            {i18n.translate(
+              'xpack.observabilityAiAssistantManagement.settingsPage.installProductDocButtonLabel',
+              { defaultMessage: 'Install' }
+            )}
+          </EuiButton>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    );
+  }, [isInstalled, isInstalling, isStatusLoading, onClickInstall, onClickUninstall]);
+
+  return (
+    <EuiDescribedFormGroup
+      fullWidth
+      title={
+        <h3>
+          {i18n.translate('xpack.observabilityAiAssistantManagement.settingsPage.productDocLabel', {
+            defaultMessage: 'Elastic documentation',
+          })}
+        </h3>
+      }
+      description={
+        <p>
+          <em>
+            {i18n.translate('xpack.observabilityAiAssistantManagement.settingsPage.techPreview', {
+              defaultMessage: '[technical preview] ',
+            })}
+          </em>
+          {i18n.translate(
+            'xpack.observabilityAiAssistantManagement.settingsPage.productDocDescription',
+            {
+              defaultMessage:
+                "Install Elastic documentation to improve the assistant's efficiency.",
+            }
+          )}
+        </p>
+      }
+    >
+      <EuiFormRow fullWidth>{content}</EuiFormRow>
+    </EuiDescribedFormGroup>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx
index 831ba9ff58054..00c3fb76ae66a 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.tsx
@@ -11,10 +11,12 @@ import { i18n } from '@kbn/i18n';
 import { useAppContext } from '../../../hooks/use_app_context';
 import { useKibana } from '../../../hooks/use_kibana';
 import { UISettings } from './ui_settings';
+import { ProductDocEntry } from './product_doc_entry';
 
 export function SettingsTab() {
   const {
     application: { navigateToApp },
+    productDocBase,
   } = useKibana().services;
   const { config } = useAppContext();
 
@@ -108,6 +110,7 @@ export function SettingsTab() {
         </EuiFormRow>
       </EuiDescribedFormGroup>
 
+      {productDocBase ? <ProductDocEntry /> : undefined}
       <UISettings />
     </EuiPanel>
   );
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json b/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json
index bc5cf69357dce..7b78d52c64806 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_management/tsconfig.json
@@ -26,7 +26,8 @@
     "@kbn/logs-data-access-plugin",
     "@kbn/core-plugins-browser",
     "@kbn/ai-assistant",
-    "@kbn/core-plugins-server"
+    "@kbn/core-plugins-server",
+    "@kbn/product-doc-base-plugin"
   ],
   "exclude": [
     "target/**/*"
diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts b/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts
index e5119c17ee5da..7ad001831c0e4 100644
--- a/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts
+++ b/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts
@@ -34,8 +34,12 @@ export function registerTopNFunctionsAPMTransactionsRoute({
   router.get(
     {
       path: paths.APMTransactions,
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling', 'apm'],
+        },
+      },
       options: {
-        tags: ['access:profiling', 'access:apm'],
         timeout: { idleSocket: IDLE_SOCKET_TIMEOUT },
       },
       validate: { query: querySchema },
diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts b/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts
index 86d384f62f609..2b318e57eb364 100644
--- a/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts
+++ b/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts
@@ -23,7 +23,12 @@ export function registerFlameChartSearchRoute({
   router.get(
     {
       path: paths.Flamechart,
-      options: { tags: ['access:profiling'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
+      options: { timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } },
       validate: {
         query: schema.object({
           timeFrom: schema.number(),
diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts b/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts
index 4f30ff0c8f238..1689e707a9d80 100644
--- a/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts
+++ b/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts
@@ -34,7 +34,12 @@ export function registerTopNFunctionsSearchRoute({
   router.get(
     {
       path: paths.TopNFunctions,
-      options: { tags: ['access:profiling'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
+      options: { timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } },
       validate: { query: querySchema },
     },
     async (context, request, response) => {
diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts b/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts
index cbd0f6ee2170c..a5bc8d3187bda 100644
--- a/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts
+++ b/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts
@@ -27,7 +27,11 @@ export function registerSetupRoute({
   router.get(
     {
       path: paths.HasSetupESResources,
-      options: { tags: ['access:profiling'] },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
       validate: false,
     },
     async (context, request, response) => {
@@ -62,7 +66,11 @@ export function registerSetupRoute({
   router.post(
     {
       path: paths.HasSetupESResources,
-      options: { tags: ['access:profiling'] },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
       validate: false,
     },
     async (context, request, response) => {
@@ -166,7 +174,11 @@ export function registerSetupRoute({
   router.get(
     {
       path: paths.SetupDataCollectionInstructions,
-      options: { tags: ['access:profiling'] },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
       validate: false,
     },
     async (context, request, response) => {
diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts b/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts
index 2447bfea61011..d3148fd9ff03a 100644
--- a/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts
+++ b/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts
@@ -29,7 +29,11 @@ export function registerStorageExplorerRoute({
   router.get(
     {
       path: paths.StorageExplorerSummary,
-      options: { tags: ['access:profiling'] },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
       validate: {
         query: schema.object({
           indexLifecyclePhase: schema.oneOf([
@@ -112,7 +116,11 @@ export function registerStorageExplorerRoute({
   router.get(
     {
       path: paths.StorageExplorerHostStorageDetails,
-      options: { tags: ['access:profiling'] },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
       validate: {
         query: schema.object({
           indexLifecyclePhase: schema.oneOf([
@@ -156,7 +164,11 @@ export function registerStorageExplorerRoute({
   router.get(
     {
       path: paths.StorageExplorerIndicesStorageDetails,
-      options: { tags: ['access:profiling'] },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
       validate: {
         query: schema.object({
           indexLifecyclePhase: schema.oneOf([
diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts b/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts
index 944245a9d15cc..a675cc8e4b31a 100644
--- a/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts
+++ b/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts
@@ -171,7 +171,12 @@ export function queryTopNCommon({
   router.get(
     {
       path: pathName,
-      options: { tags: ['access:profiling'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } },
+      security: {
+        authz: {
+          requiredPrivileges: ['profiling'],
+        },
+      },
+      options: { timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } },
       validate: {
         query: schema.object({
           timeFrom: schema.number(),
diff --git a/x-pack/plugins/observability_solution/synthetics/public/utils/api_service/api_service.ts b/x-pack/plugins/observability_solution/synthetics/public/utils/api_service/api_service.ts
index 58c1d88226e5e..d16e34b430f1c 100644
--- a/x-pack/plugins/observability_solution/synthetics/public/utils/api_service/api_service.ts
+++ b/x-pack/plugins/observability_solution/synthetics/public/utils/api_service/api_service.ts
@@ -54,11 +54,15 @@ class ApiService {
       if (isRight(decoded)) {
         return decoded.right as T;
       } else {
+        // This was changed from using template literals to using %s string
+        // interpolation, but the previous version included the apiUrl value
+        // twice. To ensure the log output doesn't change, this continues.
+        //
         // eslint-disable-next-line no-console
         console.error(
-          `API ${apiUrl} is not returning expected response, ${formatErrors(
-            decoded.left
-          )} for response`,
+          'API %s is not returning expected response, %s for response',
+          apiUrl,
+          formatErrors(decoded.left).toString(),
           apiUrl,
           response
         );
diff --git a/x-pack/plugins/security/server/__snapshots__/prompt_page.test.tsx.snap b/x-pack/plugins/security/server/__snapshots__/prompt_page.test.tsx.snap
index df1140ea44828..db2f55f0de222 100644
--- a/x-pack/plugins/security/server/__snapshots__/prompt_page.test.tsx.snap
+++ b/x-pack/plugins/security/server/__snapshots__/prompt_page.test.tsx.snap
@@ -1,5 +1,5 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`PromptPage renders as expected with additional scripts 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><script src=\\"/mock-basepath/some/script1.js\\"></script><script src=\\"/mock-basepath/some/script2.js\\"></script><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1is22ji-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">Some Title</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><div>Some Body</div></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#1</span></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#2</span></div></div></div></div></div></div></section></main></div></body></html>"`;
+exports[`PromptPage renders as expected with additional scripts 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><script src=\\"/mock-basepath/some/script1.js\\"></script><script src=\\"/mock-basepath/some/script2.js\\"></script><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1s6x8fk-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">Some Title</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><div>Some Body</div></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#1</span></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#2</span></div></div></div></div></div></div></section></main></div></body></html>"`;
 
-exports[`PromptPage renders as expected without additional scripts 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1is22ji-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">Some Title</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><div>Some Body</div></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#1</span></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#2</span></div></div></div></div></div></div></section></main></div></body></html>"`;
+exports[`PromptPage renders as expected without additional scripts 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1s6x8fk-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">Some Title</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><div>Some Body</div></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#1</span></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><span>Action#2</span></div></div></div></div></div></div></section></main></div></body></html>"`;
diff --git a/x-pack/plugins/security/server/authentication/__snapshots__/unauthenticated_page.test.tsx.snap b/x-pack/plugins/security/server/authentication/__snapshots__/unauthenticated_page.test.tsx.snap
index 80a7e7a24e1e9..ab94f2c2efc8d 100644
--- a/x-pack/plugins/security/server/authentication/__snapshots__/unauthenticated_page.test.tsx.snap
+++ b/x-pack/plugins/security/server/authentication/__snapshots__/unauthenticated_page.test.tsx.snap
@@ -1,5 +1,5 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`UnauthenticatedPage renders as expected 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1is22ji-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">We hit an authentication error</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Try logging in again, and if the problem persists, contact your system administrator.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/some/url?some-query=some-value#some-hash\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"logInButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in</span></a></div></div></div></div></div></div></section></main></div></body></html>"`;
+exports[`UnauthenticatedPage renders as expected 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1s6x8fk-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">We hit an authentication error</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Try logging in again, and if the problem persists, contact your system administrator.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/some/url?some-query=some-value#some-hash\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"logInButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in</span></a></div></div></div></div></div></div></section></main></div></body></html>"`;
 
-exports[`UnauthenticatedPage renders as expected with custom title 1`] = `"<html lang=\\"en\\"><head><title>My Company Name</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1is22ji-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">We hit an authentication error</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Try logging in again, and if the problem persists, contact your system administrator.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/some/url?some-query=some-value#some-hash\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"logInButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in</span></a></div></div></div></div></div></div></section></main></div></body></html>"`;
+exports[`UnauthenticatedPage renders as expected with custom title 1`] = `"<html lang=\\"en\\"><head><title>My Company Name</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1s6x8fk-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">We hit an authentication error</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Try logging in again, and if the problem persists, contact your system administrator.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/some/url?some-query=some-value#some-hash\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"logInButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in</span></a></div></div></div></div></div></div></section></main></div></body></html>"`;
diff --git a/x-pack/plugins/security/server/authorization/__snapshots__/reset_session_page.test.tsx.snap b/x-pack/plugins/security/server/authorization/__snapshots__/reset_session_page.test.tsx.snap
index e7a902015afa7..fcab54e925cfb 100644
--- a/x-pack/plugins/security/server/authorization/__snapshots__/reset_session_page.test.tsx.snap
+++ b/x-pack/plugins/security/server/authorization/__snapshots__/reset_session_page.test.tsx.snap
@@ -1,5 +1,5 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`ResetSessionPage renders as expected 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><script src=\\"/mock-basepath/internal/security/reset_session_page.js\\"></script><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1is22ji-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">You do not have permission to access the requested page</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Either go back to the previous page or log in as a different user.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/path/to/logout\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"ResetSessionButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in as different user</span></a></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><button class=\\"euiButtonEmpty eui-7vyy05-euiButtonDisplay-euiButtonEmpty-m-empty-primary\\" type=\\"button\\" id=\\"goBackButton\\"><span class=\\"euiButtonEmpty__content eui-cf8eum-euiButtonDisplayContent\\"><span class=\\"eui-textTruncate euiButtonEmpty__text\\">Go back</span></span></button></div></div></div></div></div></div></section></main></div></body></html>"`;
+exports[`ResetSessionPage renders as expected 1`] = `"<html lang=\\"en\\"><head><title>Elastic</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><script src=\\"/mock-basepath/internal/security/reset_session_page.js\\"></script><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1s6x8fk-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">You do not have permission to access the requested page</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Either go back to the previous page or log in as a different user.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/path/to/logout\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"ResetSessionButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in as different user</span></a></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><button class=\\"euiButtonEmpty eui-7vyy05-euiButtonDisplay-euiButtonEmpty-m-empty-primary\\" type=\\"button\\" id=\\"goBackButton\\"><span class=\\"euiButtonEmpty__content eui-cf8eum-euiButtonDisplayContent\\"><span class=\\"eui-textTruncate euiButtonEmpty__text\\">Go back</span></span></button></div></div></div></div></div></div></section></main></div></body></html>"`;
 
-exports[`ResetSessionPage renders as expected with custom page title 1`] = `"<html lang=\\"en\\"><head><title>My Company Name</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><script src=\\"/mock-basepath/internal/security/reset_session_page.js\\"></script><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1is22ji-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">You do not have permission to access the requested page</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Either go back to the previous page or log in as a different user.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/path/to/logout\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"ResetSessionButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in as different user</span></a></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><button class=\\"euiButtonEmpty eui-7vyy05-euiButtonDisplay-euiButtonEmpty-m-empty-primary\\" type=\\"button\\" id=\\"goBackButton\\"><span class=\\"euiButtonEmpty__content eui-cf8eum-euiButtonDisplayContent\\"><span class=\\"eui-textTruncate euiButtonEmpty__text\\">Go back</span></span></button></div></div></div></div></div></div></section></main></div></body></html>"`;
+exports[`ResetSessionPage renders as expected with custom page title 1`] = `"<html lang=\\"en\\"><head><title>My Company Name</title><style></style><style data-emotion=\\"eui \\"></style></style><link href=\\"/bundles/kbn-ui-shared-deps-src/kbn-ui-shared-deps-src.css\\" rel=\\"stylesheet\\"/>MockedFonts<link rel=\\"alternate icon\\" type=\\"image/png\\" href=\\"/ui/favicons/favicon.png\\"/><link rel=\\"icon\\" type=\\"image/svg+xml\\" href=\\"/ui/favicons/favicon.svg\\"/><script src=\\"/mock-basepath/internal/security/reset_session_page.js\\"></script><meta name=\\"theme-color\\" content=\\"#ffffff\\"/><meta name=\\"color-scheme\\" content=\\"light dark\\"/></head><body><div data-test-subj=\\"promptPage\\" style=\\"min-block-size:max(460px, 100vh);padding-block-start:var(--euiFixedHeadersOffset, 0)\\" class=\\"euiPageTemplate eui-cjgvy1-euiPageOuter-row-grow\\"><main id=\\"EuiPageTemplateInner_generated-id\\" class=\\"eui-nq554q-euiPageInner\\"><section class=\\"eui-j6zf49-euiPageSection-grow-l-center-transparent\\"><div class=\\"eui-1oc2fb7-euiPageSection__content-l-center\\"><div class=\\"euiPanel euiPanel--plain euiEmptyPrompt eui-1s6x8fk-euiPanel-m-plain-hasShadow-euiEmptyPrompt-vertical\\"><div class=\\"euiEmptyPrompt__main eui-1s4ogs-euiEmptyPrompt__main-vertical-l\\"><div class=\\"euiEmptyPrompt__icon eui-1ysd0i8-euiEmptyPrompt__icon-vertical\\"><span data-euiicon-type=\\"warning\\" color=\\"danger\\"></span></div><div class=\\"euiEmptyPrompt__content eui-1cebog9-euiEmptyPrompt__content-vertical\\"><h2 class=\\"euiTitle eui-smz32e-euiTitle-m\\">You do not have permission to access the requested page</h2><div class=\\"euiSpacer euiSpacer--m eui-jv9za2-euiSpacer-m\\"></div><div class=\\"euiText eui-k2mw53-euiText-m-euiTextColor-subdued\\"><p>Either go back to the previous page or log in as a different user.</p></div><div class=\\"euiSpacer euiSpacer--l eui-p2o3x6-euiSpacer-l\\"></div><div class=\\"euiFlexGroup euiEmptyPrompt__actions eui-1rkti4c-euiFlexGroup-m-center-center-column-euiEmptyPrompt__actions-vertical\\"><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><a href=\\"/path/to/logout\\" rel=\\"noreferrer\\" class=\\"euiButton eui-4wl8yg-euiButtonDisplay-m-defaultMinWidth-fill-primary\\" data-test-subj=\\"ResetSessionButton\\"><span class=\\"eui-cf8eum-euiButtonDisplayContent\\">Log in as different user</span></a></div><div class=\\"euiFlexItem eui-kpsrin-euiFlexItem-growZero\\"><button class=\\"euiButtonEmpty eui-7vyy05-euiButtonDisplay-euiButtonEmpty-m-empty-primary\\" type=\\"button\\" id=\\"goBackButton\\"><span class=\\"euiButtonEmpty__content eui-cf8eum-euiButtonDisplayContent\\"><span class=\\"eui-textTruncate euiButtonEmpty__text\\">Go back</span></span></button></div></div></div></div></div></div></section></main></div></body></html>"`;
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts
index 228bf1e515675..7e419dbe6453c 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.gen.ts
@@ -39,6 +39,11 @@ export const EngineDescriptor = z.object({
   error: z.object({}).optional(),
 });
 
+export type StoreStatus = z.infer<typeof StoreStatus>;
+export const StoreStatus = z.enum(['not_installed', 'installing', 'running', 'stopped', 'error']);
+export type StoreStatusEnum = typeof StoreStatus.enum;
+export const StoreStatusEnum = StoreStatus.enum;
+
 export type InspectQuery = z.infer<typeof InspectQuery>;
 export const InspectQuery = z.object({
   response: z.array(z.string()),
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml
index 00b100516b76c..9a42191a556ac 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/common.schema.yaml
@@ -41,6 +41,15 @@ components:
         - stopped
         - updating
         - error
+    
+    StoreStatus:
+      type: string
+      enum:
+        - not_installed
+        - installing
+        - running
+        - stopped
+        - error
 
     IndexPattern:
       type: string
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/enablement.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/enablement.gen.ts
new file mode 100644
index 0000000000000..9644a1a333d16
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/enablement.gen.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Enable Entity Store
+ *   version: 2023-10-31
+ */
+
+import { z } from '@kbn/zod';
+
+import { IndexPattern, EngineDescriptor, StoreStatus } from './common.gen';
+
+export type GetEntityStoreStatusResponse = z.infer<typeof GetEntityStoreStatusResponse>;
+export const GetEntityStoreStatusResponse = z.object({
+  status: StoreStatus.optional(),
+  engines: z.array(EngineDescriptor).optional(),
+});
+
+export type InitEntityStoreRequestBody = z.infer<typeof InitEntityStoreRequestBody>;
+export const InitEntityStoreRequestBody = z.object({
+  /**
+   * The number of historical values to keep for each field.
+   */
+  fieldHistoryLength: z.number().int().optional().default(10),
+  indexPattern: IndexPattern.optional(),
+  filter: z.string().optional(),
+});
+export type InitEntityStoreRequestBodyInput = z.input<typeof InitEntityStoreRequestBody>;
+
+export type InitEntityStoreResponse = z.infer<typeof InitEntityStoreResponse>;
+export const InitEntityStoreResponse = z.object({
+  succeeded: z.boolean().optional(),
+  engines: z.array(EngineDescriptor).optional(),
+});
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/enablement.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/enablement.schema.yaml
new file mode 100644
index 0000000000000..306e876dfc4a7
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/entity_store/enablement.schema.yaml
@@ -0,0 +1,64 @@
+openapi: 3.0.0
+
+info:
+  title: Enable Entity Store
+  version: '2023-10-31'
+paths:
+  /api/entity_store/enable:
+    post:
+      x-labels: [ess, serverless]
+      x-codegen-enabled: true
+      operationId: InitEntityStore
+      summary: Initialize the Entity Store
+
+      requestBody:
+        description: Schema for the entity store initialization
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                fieldHistoryLength:
+                  type: integer
+                  description: The number of historical values to keep for each field.
+                  default: 10
+                indexPattern:
+                  $ref: './common.schema.yaml#/components/schemas/IndexPattern'
+                filter:
+                  type: string
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  succeeded:
+                    type: boolean
+                  engines:
+                    type: array
+                    items:
+                      $ref: './common.schema.yaml#/components/schemas/EngineDescriptor'
+  
+  /api/entity_store/status:
+    get:
+      x-labels: [ess, serverless]
+      x-codegen-enabled: true
+      operationId: GetEntityStoreStatus
+      summary: Get the status of the Entity Store
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  status: 
+                    $ref: './common.schema.yaml#/components/schemas/StoreStatus'
+                  engines:
+                    type: array
+                    items:
+                      $ref: './common.schema.yaml#/components/schemas/EngineDescriptor'
diff --git a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
index 264d0eaa14fee..513e2163f932f 100644
--- a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
@@ -231,6 +231,11 @@ import type {
   InternalUploadAssetCriticalityRecordsResponse,
   UploadAssetCriticalityRecordsResponse,
 } from './entity_analytics/asset_criticality/upload_asset_criticality_csv.gen';
+import type {
+  GetEntityStoreStatusResponse,
+  InitEntityStoreRequestBodyInput,
+  InitEntityStoreResponse,
+} from './entity_analytics/entity_store/enablement.gen';
 import type { ApplyEntityEngineDataviewIndicesResponse } from './entity_analytics/entity_store/engine/apply_dataview_indices.gen';
 import type {
   DeleteEntityEngineRequestQueryInput,
@@ -1301,6 +1306,18 @@ finalize it.
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
+  async getEntityStoreStatus() {
+    this.log.info(`${new Date().toISOString()} Calling API GetEntityStoreStatus`);
+    return this.kbnClient
+      .request<GetEntityStoreStatusResponse>({
+        path: '/api/entity_store/status',
+        headers: {
+          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
+        },
+        method: 'GET',
+      })
+      .catch(catchAxiosErrorFormatAndThrow);
+  }
   /**
    * Get all notes for a given document.
    */
@@ -1529,6 +1546,19 @@ finalize it.
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
+  async initEntityStore(props: InitEntityStoreProps) {
+    this.log.info(`${new Date().toISOString()} Calling API InitEntityStore`);
+    return this.kbnClient
+      .request<InitEntityStoreResponse>({
+        path: '/api/entity_store/enable',
+        headers: {
+          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
+        },
+        method: 'POST',
+        body: props.body,
+      })
+      .catch(catchAxiosErrorFormatAndThrow);
+  }
   /**
    * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine
    */
@@ -2290,6 +2320,9 @@ export interface InitEntityEngineProps {
   params: InitEntityEngineRequestParamsInput;
   body: InitEntityEngineRequestBodyInput;
 }
+export interface InitEntityStoreProps {
+  body: InitEntityStoreRequestBodyInput;
+}
 export interface InstallPrepackedTimelinesProps {
   body: InstallPrepackedTimelinesRequestBodyInput;
 }
diff --git a/x-pack/plugins/security_solution/common/endpoint/constants.ts b/x-pack/plugins/security_solution/common/endpoint/constants.ts
index 0ab749735d06c..b53c7ae761547 100644
--- a/x-pack/plugins/security_solution/common/endpoint/constants.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/constants.ts
@@ -18,6 +18,7 @@ export const ENDPOINT_ACTION_RESPONSES_INDEX = `${ENDPOINT_ACTION_RESPONSES_DS}-
 export const ENDPOINT_ACTION_RESPONSES_INDEX_PATTERN = `${ENDPOINT_ACTION_RESPONSES_DS}-*`;
 
 export const eventsIndexPattern = 'logs-endpoint.events.*';
+export const FILE_EVENTS_INDEX_PATTERN = 'logs-endpoint.events.file-*';
 export const alertsIndexPattern = 'logs-endpoint.alerts-*';
 
 // metadata datastream
diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
index dc6495e1d9737..7fcdabad3b36c 100644
--- a/x-pack/plugins/security_solution/common/experimental_features.ts
+++ b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -236,6 +236,11 @@ export const allowedExperimentalValues = Object.freeze({
    * Enables the siem migrations feature
    */
   siemMigrationsEnabled: false,
+
+  /**
+   * Enables the Defend Insights feature
+   */
+  defendInsights: false,
 });
 
 type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;
diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
index 60bd38c246f34..fa79b170f3513 100644
--- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
@@ -267,6 +267,42 @@ paths:
       summary: List asset criticality records
       tags:
         - Security Entity Analytics API
+  /api/entity_store/enable:
+    post:
+      operationId: InitEntityStore
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                fieldHistoryLength:
+                  default: 10
+                  description: The number of historical values to keep for each field.
+                  type: integer
+                filter:
+                  type: string
+                indexPattern:
+                  $ref: '#/components/schemas/IndexPattern'
+        description: Schema for the entity store initialization
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/EngineDescriptor'
+                    type: array
+                  succeeded:
+                    type: boolean
+          description: Successful response
+      summary: Initialize the Entity Store
+      tags:
+        - Security Entity Analytics API
   /api/entity_store/engines:
     get:
       operationId: ListEntityEngines
@@ -576,6 +612,26 @@ paths:
       summary: List Entity Store Entities
       tags:
         - Security Entity Analytics API
+  /api/entity_store/status:
+    get:
+      operationId: GetEntityStoreStatus
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/EngineDescriptor'
+                    type: array
+                  status:
+                    $ref: '#/components/schemas/StoreStatus'
+          description: Successful response
+      summary: Get the status of the Entity Store
+      tags:
+        - Security Entity Analytics API
   /api/risk_score/engine/dangerously_delete_data:
     delete:
       description: >-
@@ -1046,6 +1102,14 @@ components:
         - index
         - description
         - category
+    StoreStatus:
+      enum:
+        - not_installed
+        - installing
+        - running
+        - stopped
+        - error
+      type: string
     TaskManagerUnavailableResponse:
       description: Task manager is unavailable
       type: object
diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
index fc63924118968..9c2b3d62b1650 100644
--- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
@@ -267,6 +267,42 @@ paths:
       summary: List asset criticality records
       tags:
         - Security Entity Analytics API
+  /api/entity_store/enable:
+    post:
+      operationId: InitEntityStore
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                fieldHistoryLength:
+                  default: 10
+                  description: The number of historical values to keep for each field.
+                  type: integer
+                filter:
+                  type: string
+                indexPattern:
+                  $ref: '#/components/schemas/IndexPattern'
+        description: Schema for the entity store initialization
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/EngineDescriptor'
+                    type: array
+                  succeeded:
+                    type: boolean
+          description: Successful response
+      summary: Initialize the Entity Store
+      tags:
+        - Security Entity Analytics API
   /api/entity_store/engines:
     get:
       operationId: ListEntityEngines
@@ -576,6 +612,26 @@ paths:
       summary: List Entity Store Entities
       tags:
         - Security Entity Analytics API
+  /api/entity_store/status:
+    get:
+      operationId: GetEntityStoreStatus
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  engines:
+                    items:
+                      $ref: '#/components/schemas/EngineDescriptor'
+                    type: array
+                  status:
+                    $ref: '#/components/schemas/StoreStatus'
+          description: Successful response
+      summary: Get the status of the Entity Store
+      tags:
+        - Security Entity Analytics API
   /api/risk_score/engine/dangerously_delete_data:
     delete:
       description: >-
@@ -1046,6 +1102,14 @@ components:
         - index
         - description
         - category
+    StoreStatus:
+      enum:
+        - not_installed
+        - installing
+        - running
+        - stopped
+        - error
+      type: string
     TaskManagerUnavailableResponse:
       description: Task manager is unavailable
       type: object
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/link_to_app.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/link_to_app.tsx
index 2adecd4a42391..74b18c32c63a0 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/link_to_app.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/link_to_app.tsx
@@ -51,7 +51,7 @@ export const LinkToApp = memo<LinkToAppProps>(
             {children}
           </EuiButton>
         ) : (
-          <EuiLink {...otherProps} onClick={handleOnClick}>
+          <EuiLink {...(otherProps as EuiLinkProps)} onClick={handleOnClick}>
             {children}
           </EuiLink>
         )}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/errors.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/errors.ts
new file mode 100644
index 0000000000000..03633d2ae1eed
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/errors.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EndpointError } from '../../../../common/endpoint/errors';
+
+export class InvalidDefendInsightTypeError extends EndpointError {
+  constructor() {
+    super('invalid defend insight type');
+  }
+}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/get_file_events_query.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/get_file_events_query.ts
new file mode 100644
index 0000000000000..fa8f6fa1e33b4
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/get_file_events_query.ts
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
+
+import { FILE_EVENTS_INDEX_PATTERN } from '../../../../../common/endpoint/constants';
+
+const SIZE = 200;
+
+export function getFileEventsQuery({ endpointIds }: { endpointIds: string[] }): SearchRequest {
+  return {
+    allow_no_indices: true,
+    fields: ['_id', 'agent.id', 'process.executable'],
+    query: {
+      bool: {
+        must: [
+          {
+            terms: {
+              'agent.id': endpointIds,
+            },
+          },
+          {
+            range: {
+              '@timestamp': {
+                gte: 'now-24h',
+                lte: 'now',
+              },
+            },
+          },
+        ],
+      },
+    },
+    size: SIZE,
+    sort: [
+      {
+        '@timestamp': {
+          order: 'desc',
+        },
+      },
+    ],
+    _source: false,
+    ignore_unavailable: true,
+    index: [FILE_EVENTS_INDEX_PATTERN],
+  };
+}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.test.ts
new file mode 100644
index 0000000000000..7c2fd9f61e255
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.test.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ElasticsearchClient } from '@kbn/core/server';
+
+import { DefendInsightType, transformRawData } from '@kbn/elastic-assistant-common';
+
+import { InvalidDefendInsightTypeError } from '../errors';
+import { getFileEventsQuery } from './get_file_events_query';
+import { getAnonymizedEvents } from '.';
+
+jest.mock('@kbn/elastic-assistant-common', () => {
+  const originalModule = jest.requireActual('@kbn/elastic-assistant-common');
+  return {
+    ...originalModule,
+    transformRawData: jest.fn(),
+  };
+});
+
+jest.mock('./get_file_events_query', () => ({
+  getFileEventsQuery: jest.fn(),
+}));
+
+describe('getAnonymizedEvents', () => {
+  let mockEsClient: jest.Mocked<ElasticsearchClient>;
+
+  const mockHits = [
+    { _index: 'test-index', fields: { field1: ['value1'] } },
+    { _index: 'test-index', fields: { field2: ['value2'] } },
+  ];
+
+  beforeEach(() => {
+    (getFileEventsQuery as jest.Mock).mockReturnValue({ index: 'test-index', body: {} });
+    (transformRawData as jest.Mock).mockImplementation(
+      ({ rawData }) => `anonymized_${Object.values(rawData)[0]}`
+    );
+    mockEsClient = {
+      search: jest.fn().mockResolvedValue({
+        took: 1,
+        timed_out: false,
+        _shards: {
+          total: 1,
+          successful: 1,
+          skipped: 0,
+          failed: 0,
+        },
+        hits: {
+          hits: mockHits,
+        },
+      }),
+    } as unknown as jest.Mocked<ElasticsearchClient>;
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should return anonymized events successfully', async () => {
+    const result = await getAnonymizedEvents({
+      endpointIds: ['endpoint1'],
+      type: DefendInsightType.Enum.incompatible_antivirus,
+      esClient: mockEsClient,
+    });
+
+    expect(result).toEqual(['anonymized_value1', 'anonymized_value2']);
+    expect(getFileEventsQuery).toHaveBeenCalledWith({ endpointIds: ['endpoint1'] });
+    expect(mockEsClient.search).toHaveBeenCalledWith({ index: 'test-index', body: {} });
+    expect(transformRawData).toHaveBeenCalledTimes(2);
+  });
+
+  it('should throw InvalidDefendInsightTypeError for invalid type', async () => {
+    await expect(
+      getAnonymizedEvents({
+        endpointIds: ['endpoint1'],
+        type: 'invalid_type' as DefendInsightType,
+        esClient: mockEsClient,
+      })
+    ).rejects.toThrow(InvalidDefendInsightTypeError);
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.ts
new file mode 100644
index 0000000000000..4d9fcaf89a34a
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.ts
@@ -0,0 +1,93 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SearchRequest, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
+import type { ElasticsearchClient } from '@kbn/core/server';
+import type { Replacements } from '@kbn/elastic-assistant-common';
+import type { AnonymizationFieldResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
+
+import {
+  getAnonymizedValue,
+  transformRawData,
+  DefendInsightType,
+  getRawDataOrDefault,
+} from '@kbn/elastic-assistant-common';
+
+import { getFileEventsQuery } from './get_file_events_query';
+import { InvalidDefendInsightTypeError } from '../errors';
+
+export async function getAnonymizedEvents({
+  endpointIds,
+  type,
+  anonymizationFields,
+  esClient,
+  onNewReplacements,
+  replacements,
+}: {
+  endpointIds: string[];
+  type: DefendInsightType;
+  anonymizationFields?: AnonymizationFieldResponse[];
+  esClient: ElasticsearchClient;
+  onNewReplacements?: (replacements: Replacements) => void;
+  replacements?: Replacements;
+}): Promise<string[]> {
+  const query = getQuery(type, { endpointIds });
+
+  return getAnonymized({
+    query,
+    anonymizationFields,
+    esClient,
+    onNewReplacements,
+    replacements,
+  });
+}
+
+function getQuery(type: DefendInsightType, options: { endpointIds: string[] }): SearchRequest {
+  if (type === DefendInsightType.Enum.incompatible_antivirus) {
+    const { endpointIds } = options;
+    return getFileEventsQuery({
+      endpointIds,
+    });
+  }
+
+  throw new InvalidDefendInsightTypeError();
+}
+
+const getAnonymized = async ({
+  query,
+  anonymizationFields,
+  esClient,
+  onNewReplacements,
+  replacements,
+}: {
+  query: SearchRequest;
+  anonymizationFields?: AnonymizationFieldResponse[];
+  esClient: ElasticsearchClient;
+  onNewReplacements?: (replacements: Replacements) => void;
+  replacements?: Replacements;
+}): Promise<string[]> => {
+  const result = await esClient.search<SearchResponse>(query);
+
+  // Accumulate replacements locally so we can, for example use the same
+  // replacement for a hostname when we see it in multiple alerts:
+  let localReplacements = { ...(replacements ?? {}) };
+  const localOnNewReplacements = (newReplacements: Replacements) => {
+    localReplacements = { ...localReplacements, ...newReplacements };
+
+    onNewReplacements?.(localReplacements); // invoke the callback with the latest replacements
+  };
+
+  return result.hits?.hits?.map((hit) =>
+    transformRawData({
+      anonymizationFields,
+      currentReplacements: localReplacements, // <-- the latest local replacements
+      getAnonymizedValue,
+      onNewReplacements: localOnNewReplacements, // <-- the local callback
+      rawData: getRawDataOrDefault(hit.fields),
+    })
+  );
+};
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/index.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/index.test.ts
new file mode 100644
index 0000000000000..5ef5aaeedf364
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/index.test.ts
@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DynamicTool } from '@langchain/core/tools';
+
+import { requestHasRequiredAnonymizationParams } from '@kbn/elastic-assistant-plugin/server/lib/langchain/helpers';
+import { DEFEND_INSIGHTS_TOOL_ID, DefendInsightType } from '@kbn/elastic-assistant-common';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+
+import type { DefendInsightsToolParams } from '.';
+
+import { APP_UI_ID } from '../../../../common';
+import { DEFEND_INSIGHTS_TOOL, DEFEND_INSIGHTS_TOOL_DESCRIPTION } from '.';
+
+jest.mock('@kbn/elastic-assistant-plugin/server/lib/langchain/helpers', () => ({
+  requestHasRequiredAnonymizationParams: jest.fn(),
+}));
+
+describe('DEFEND_INSIGHTS_TOOL', () => {
+  const mockLLM = {};
+  const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
+  const mockRequest = {};
+  const mockParams: DefendInsightsToolParams = {
+    endpointIds: ['endpoint1'],
+    insightType: DefendInsightType.Enum.incompatible_antivirus,
+    anonymizationFields: [],
+    esClient: mockEsClient,
+    langChainTimeout: 1000,
+    llm: mockLLM,
+    onNewReplacements: jest.fn(),
+    replacements: {},
+    request: mockRequest,
+  } as unknown as DefendInsightsToolParams;
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should have correct properties', () => {
+    expect(DEFEND_INSIGHTS_TOOL.id).toBe(DEFEND_INSIGHTS_TOOL_ID);
+    expect(DEFEND_INSIGHTS_TOOL.name).toBe('defendInsightsTool');
+    expect(DEFEND_INSIGHTS_TOOL.description).toBe(DEFEND_INSIGHTS_TOOL_DESCRIPTION);
+    expect(DEFEND_INSIGHTS_TOOL.sourceRegister).toBe(APP_UI_ID);
+  });
+
+  it('should return tool if supported', () => {
+    (requestHasRequiredAnonymizationParams as jest.Mock).mockReturnValue(true);
+    const tool = DEFEND_INSIGHTS_TOOL.getTool(mockParams);
+    expect(tool).toBeInstanceOf(DynamicTool);
+  });
+
+  it('should return null if not request missing anonymization params', () => {
+    (requestHasRequiredAnonymizationParams as jest.Mock).mockReturnValue(false);
+    const tool = DEFEND_INSIGHTS_TOOL.getTool(mockParams);
+    expect(tool).toBeNull();
+  });
+
+  it('should return null if LLM is not provided', () => {
+    (requestHasRequiredAnonymizationParams as jest.Mock).mockReturnValue(true);
+    const paramsWithoutLLM = { ...mockParams, llm: undefined };
+    const tool = DEFEND_INSIGHTS_TOOL.getTool(paramsWithoutLLM) as DynamicTool;
+
+    expect(tool).toBeNull();
+  });
+});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/index.ts
new file mode 100644
index 0000000000000..1ea26b88a15cf
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/index.ts
@@ -0,0 +1,114 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PromptTemplate } from '@langchain/core/prompts';
+import { DynamicTool } from '@langchain/core/tools';
+import { LLMChain } from 'langchain/chains';
+import { OutputFixingParser } from 'langchain/output_parsers';
+
+import type { AssistantTool, AssistantToolParams } from '@kbn/elastic-assistant-plugin/server';
+import type { DefendInsightType } from '@kbn/elastic-assistant-common';
+
+import { requestHasRequiredAnonymizationParams } from '@kbn/elastic-assistant-plugin/server/lib/langchain/helpers';
+import { DEFEND_INSIGHTS_TOOL_ID } from '@kbn/elastic-assistant-common';
+
+import { APP_UI_ID } from '../../../../common';
+import { getAnonymizedEvents } from './get_events';
+import { getDefendInsightsOutputParser } from './output_parsers';
+import { getDefendInsightsPrompt } from './prompts';
+
+export const DEFEND_INSIGHTS_TOOL_DESCRIPTION = 'Call this for Elastic Defend insights.';
+
+export interface DefendInsightsToolParams extends AssistantToolParams {
+  endpointIds: string[];
+  insightType: DefendInsightType;
+}
+
+/**
+ * Returns a tool for generating Elastic Defend configuration insights
+ */
+export const DEFEND_INSIGHTS_TOOL: AssistantTool = Object.freeze({
+  id: DEFEND_INSIGHTS_TOOL_ID,
+  name: 'defendInsightsTool',
+  description: DEFEND_INSIGHTS_TOOL_DESCRIPTION,
+  sourceRegister: APP_UI_ID,
+
+  isSupported: (params: AssistantToolParams): boolean => {
+    const { llm, request } = params;
+
+    return requestHasRequiredAnonymizationParams(request) && llm != null;
+  },
+
+  getTool(params: AssistantToolParams): DynamicTool | null {
+    if (!this.isSupported(params)) return null;
+
+    const {
+      endpointIds,
+      insightType,
+      anonymizationFields,
+      esClient,
+      langChainTimeout,
+      llm,
+      onNewReplacements,
+      replacements,
+    } = params as DefendInsightsToolParams;
+
+    return new DynamicTool({
+      name: 'DefendInsightsTool',
+      description: DEFEND_INSIGHTS_TOOL_DESCRIPTION,
+      func: async () => {
+        if (llm == null) {
+          throw new Error('LLM is required for Defend Insights');
+        }
+
+        const anonymizedEvents = await getAnonymizedEvents({
+          endpointIds,
+          type: insightType,
+          anonymizationFields,
+          esClient,
+          onNewReplacements,
+          replacements,
+        });
+
+        const eventsContextCount = anonymizedEvents.length;
+        if (eventsContextCount === 0) {
+          return JSON.stringify({ eventsContextCount, insights: [] }, null, 2);
+        }
+
+        const outputParser = getDefendInsightsOutputParser({ type: insightType });
+        const outputFixingParser = OutputFixingParser.fromLLM(llm, outputParser);
+
+        const prompt = new PromptTemplate({
+          template: `Answer the user's question as best you can:\n{format_instructions}\n{query}`,
+          inputVariables: ['query'],
+          partialVariables: {
+            format_instructions: outputFixingParser.getFormatInstructions(),
+          },
+        });
+
+        const answerFormattingChain = new LLMChain({
+          llm,
+          prompt,
+          outputKey: 'records',
+          outputParser: outputFixingParser,
+        });
+
+        const result = await answerFormattingChain.call({
+          query: getDefendInsightsPrompt({
+            type: insightType,
+            events: anonymizedEvents,
+          }),
+          timeout: langChainTimeout,
+        });
+        const insights = result.records;
+
+        return JSON.stringify({ eventsContextCount, insights }, null, 2);
+      },
+      tags: [DEFEND_INSIGHTS_TOOL_ID],
+    });
+  },
+});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/output_parsers/incompatible_antivirus.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/output_parsers/incompatible_antivirus.ts
new file mode 100644
index 0000000000000..b6430e4408355
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/output_parsers/incompatible_antivirus.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { StructuredOutputParser } from 'langchain/output_parsers';
+
+import { z } from '@kbn/zod';
+
+export function getIncompatibleVirusOutputParser() {
+  return StructuredOutputParser.fromZodSchema(
+    z.array(
+      z.object({
+        group: z.string().describe('The program which is triggering the events'),
+        events: z
+          .object({
+            id: z.string().describe('The event ID'),
+            endpointId: z.string().describe('The endpoint ID'),
+            value: z.string().describe('The process.executable value of the event'),
+          })
+          .array()
+          .describe('The events that the insight is based on'),
+      })
+    )
+  );
+}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/output_parsers/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/output_parsers/index.ts
new file mode 100644
index 0000000000000..78933b72702bf
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/output_parsers/index.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DefendInsightType } from '@kbn/elastic-assistant-common';
+
+import { InvalidDefendInsightTypeError } from '../errors';
+import { getIncompatibleVirusOutputParser } from './incompatible_antivirus';
+
+export function getDefendInsightsOutputParser({ type }: { type: DefendInsightType }) {
+  if (type === DefendInsightType.Enum.incompatible_antivirus) {
+    return getIncompatibleVirusOutputParser();
+  }
+
+  throw new InvalidDefendInsightTypeError();
+}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/prompts/incompatible_antivirus.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/prompts/incompatible_antivirus.ts
new file mode 100644
index 0000000000000..516de86a30975
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/prompts/incompatible_antivirus.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function getIncompatibleAntivirusPrompt({ events }: { events: string[] }): string {
+  return `You are an Elastic Security user tasked with analyzing file events from Elastic Security to identify antivirus processes. Only focus on detecting antivirus processes. Ignore processes that belong to Elastic Agent or Elastic Defend, that are not antivirus processes, or are typical processes built into the operating system. Accuracy is of the utmost importance, try to minimize false positives. Group the processes by the antivirus program, keeping track of the agent.id and _id associated to each of the individual events as endpointId and eventId respectively. If there are no events, ignore the group field. Escape backslashes to respect JSON validation. New lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON. Only return JSON output, as described above. Do not add any additional text to describe your output.
+
+  Use context from the following process events to provide insights:
+  """
+  ${events.join('\n\n')}
+  """
+  `;
+}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/prompts/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/prompts/index.ts
new file mode 100644
index 0000000000000..d58778c3c544b
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/assistant/tools/defend_insights/prompts/index.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DefendInsightType } from '@kbn/elastic-assistant-common';
+
+import { InvalidDefendInsightTypeError } from '../errors';
+import { getIncompatibleAntivirusPrompt } from './incompatible_antivirus';
+
+export function getDefendInsightsPrompt({
+  type,
+  events,
+}: {
+  type: DefendInsightType;
+  events: string[];
+}): string {
+  if (type === DefendInsightType.Enum.incompatible_antivirus) {
+    return getIncompatibleAntivirusPrompt({ events });
+  }
+
+  throw new InvalidDefendInsightTypeError();
+}
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/index.ts
index 9bb85f5beedae..f7824e688afe2 100644
--- a/x-pack/plugins/security_solution/server/assistant/tools/index.ts
+++ b/x-pack/plugins/security_solution/server/assistant/tools/index.ts
@@ -10,12 +10,14 @@ import type { AssistantTool } from '@kbn/elastic-assistant-plugin/server';
 import { NL_TO_ESQL_TOOL } from './esql/nl_to_esql_tool';
 import { ALERT_COUNTS_TOOL } from './alert_counts/alert_counts_tool';
 import { OPEN_AND_ACKNOWLEDGED_ALERTS_TOOL } from './open_and_acknowledged_alerts/open_and_acknowledged_alerts_tool';
+import { DEFEND_INSIGHTS_TOOL } from './defend_insights';
 import { KNOWLEDGE_BASE_RETRIEVAL_TOOL } from './knowledge_base/knowledge_base_retrieval_tool';
 import { KNOWLEDGE_BASE_WRITE_TOOL } from './knowledge_base/knowledge_base_write_tool';
 import { SECURITY_LABS_KNOWLEDGE_BASE_TOOL } from './security_labs/security_labs_tool';
 
 export const assistantTools: AssistantTool[] = [
   ALERT_COUNTS_TOOL,
+  DEFEND_INSIGHTS_TOOL,
   NL_TO_ESQL_TOOL,
   KNOWLEDGE_BASE_RETRIEVAL_TOOL,
   KNOWLEDGE_BASE_WRITE_TOOL,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts
index 5b4eab27f71ab..4b5642b9d199b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts
@@ -23,8 +23,10 @@ export const getAllIntegrationsRoute = (router: SecuritySolutionPluginRouter) =>
     .get({
       access: 'internal',
       path: GET_ALL_INTEGRATIONS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts
index 3a3d159d1337f..27b1c4b103ab7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts
@@ -21,8 +21,10 @@ export const getInstalledIntegrationsRoute = (router: SecuritySolutionPluginRout
     .get({
       access: 'internal',
       path: GET_INSTALLED_INTEGRATIONS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts
index d17435a543320..8d3788a2cf7f8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts
@@ -21,8 +21,10 @@ export const bootstrapPrebuiltRulesRoute = (router: SecuritySolutionPluginRouter
     .post({
       access: 'internal',
       path: BOOTSTRAP_PREBUILT_RULES_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts
index 3713176e919c5..dc9c15ac5b5f7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts
@@ -30,8 +30,10 @@ export const getPrebuiltRulesAndTimelinesStatusRoute = (router: SecuritySolution
     .get({
       access: 'public',
       path: PREBUILT_RULES_STATUS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts
index 86809a3a79a93..0561c826e0c78 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts
@@ -20,8 +20,10 @@ export const getPrebuiltRulesStatusRoute = (router: SecuritySolutionPluginRouter
     .get({
       access: 'internal',
       path: GET_PREBUILT_RULES_STATUS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts
index 11e841ed50431..8740d27fce817 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts
@@ -33,8 +33,12 @@ export const installPrebuiltRulesAndTimelinesRoute = (router: SecuritySolutionPl
     .put({
       access: 'public',
       path: PREBUILT_RULES_URL,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts
index 1a29568ca496b..8b4d38bd2f4a4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts
@@ -34,8 +34,12 @@ export const performRuleInstallationRoute = (router: SecuritySolutionPluginRoute
     .post({
       access: 'internal',
       path: PERFORM_RULE_INSTALLATION_URL,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts
index c8b5d459f6787..db5f7a186d303 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts
@@ -35,8 +35,12 @@ export const performRuleUpgradeRoute = (
     .post({
       access: 'internal',
       path: PERFORM_RULE_UPGRADE_URL,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
index 00fc5e2beb5b8..c1c45532f61bb 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
@@ -26,8 +26,12 @@ export const reviewRuleInstallationRoute = (router: SecuritySolutionPluginRouter
     .post({
       access: 'internal',
       path: REVIEW_RULE_INSTALLATION_URL,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts
index 382ec27a1bf35..3da62bd9bb21d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts
@@ -35,8 +35,12 @@ export const reviewRuleUpgradeRoute = (router: SecuritySolutionPluginRouter) =>
     .post({
       access: 'internal',
       path: REVIEW_RULE_UPGRADE_URL,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
index 658a9b193e0a2..e599ff4a936ef 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
@@ -61,8 +61,13 @@ export const performBulkActionRoute = (
     .post({
       access: 'public',
       path: DETECTION_ENGINE_RULES_BULK_ACTION,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution', routeLimitedConcurrencyTag(MAX_ROUTE_CONCURRENCY)],
+        tags: [routeLimitedConcurrencyTag(MAX_ROUTE_CONCURRENCY)],
         timeout: {
           idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts
index 9a3751bfb1d04..225782ef01942 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts
@@ -39,8 +39,12 @@ export const bulkCreateRulesRoute = (router: SecuritySolutionPluginRouter, logge
     .post({
       access: 'public',
       path: DETECTION_ENGINE_RULES_BULK_CREATE,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts
index fc5edf0e65ac3..5bd8adaf86a38 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts
@@ -33,8 +33,12 @@ export const bulkPatchRulesRoute = (router: SecuritySolutionPluginRouter, logger
     .patch({
       access: 'public',
       path: DETECTION_ENGINE_RULES_BULK_UPDATE,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts
index cccd1656d5091..d2c985fbc70e6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts
@@ -37,8 +37,12 @@ export const bulkUpdateRulesRoute = (router: SecuritySolutionPluginRouter, logge
     .put({
       access: 'public',
       path: DETECTION_ENGINE_RULES_BULK_UPDATE,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts
index 0a298008dd354..a959c522c1718 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts
@@ -22,8 +22,10 @@ export const getCoverageOverviewRoute = (router: SecuritySolutionPluginRouter) =
     .post({
       access: 'internal',
       path: RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts
index aa6425b2e673c..a5fee66d00148 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts
@@ -27,8 +27,10 @@ export const createRuleRoute = (router: SecuritySolutionPluginRouter): void => {
       access: 'public',
       path: DETECTION_ENGINE_RULES_URL,
 
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts
index 42a6a1c47544f..a5854e9a2caf5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts
@@ -24,8 +24,10 @@ export const deleteRuleRoute = (router: SecuritySolutionPluginRouter) => {
     .delete({
       access: 'public',
       path: DETECTION_ENGINE_RULES_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts
index 3c770c714334c..a37bb29963332 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts
@@ -33,8 +33,12 @@ export const exportRulesRoute = (
     .post({
       access: 'public',
       path: `${DETECTION_ENGINE_RULES_URL}/_export`,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         timeout: {
           idleSocket: RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS,
         },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts
index 183d4f8e2f78d..05633892cdddb 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts
@@ -56,8 +56,10 @@ export const getRuleManagementFilters = (router: SecuritySolutionPluginRouter) =
     .get({
       access: 'internal',
       path: RULE_MANAGEMENT_FILTERS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts
index 02ff637ab6f10..899e568e79630 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts
@@ -25,8 +25,10 @@ export const findRulesRoute = (router: SecuritySolutionPluginRouter, logger: Log
     .get({
       access: 'public',
       path: DETECTION_ENGINE_RULES_URL_FIND,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts
index e9131050d9629..d6a5213fcbea6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts
@@ -47,8 +47,12 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C
     .post({
       access: 'public',
       path: `${DETECTION_ENGINE_RULES_URL}/_import`,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         body: {
           maxBytes: config.maxRuleImportPayloadBytes,
           output: 'stream',
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts
index 3886f63c482b0..fcd388e81d1e7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts
@@ -26,8 +26,10 @@ export const patchRuleRoute = (router: SecuritySolutionPluginRouter) => {
     .patch({
       access: 'public',
       path: DETECTION_ENGINE_RULES_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts
index a119d1afae912..f8826e8aad45b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts
@@ -24,8 +24,10 @@ export const readRuleRoute = (router: SecuritySolutionPluginRouter, logger: Logg
     .get({
       access: 'public',
       path: DETECTION_ENGINE_RULES_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts
index fb7a7a9e3197d..0bedcb25de528 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts
@@ -27,8 +27,10 @@ export const updateRuleRoute = (router: SecuritySolutionPluginRouter) => {
     .put({
       access: 'public',
       path: DETECTION_ENGINE_RULES_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts
index 5120603f9f674..d94f695f39179 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts
@@ -18,8 +18,10 @@ export const readTagsRoute = (router: SecuritySolutionPluginRouter) => {
     .get({
       access: 'public',
       path: DETECTION_ENGINE_TAGS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts
index 719f46788a524..d6d9e6843e5a2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts
@@ -36,8 +36,10 @@ export const getClusterHealthRoute = (router: SecuritySolutionPluginRouter) => {
     .get({
       access: 'internal',
       path: GET_CLUSTER_HEALTH_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
@@ -62,8 +64,10 @@ export const getClusterHealthRoute = (router: SecuritySolutionPluginRouter) => {
     .post({
       access: 'internal',
       path: GET_CLUSTER_HEALTH_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts
index a69f7961b19f8..401040b33faa5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts
@@ -33,8 +33,10 @@ export const getRuleHealthRoute = (router: SecuritySolutionPluginRouter) => {
     .post({
       access: 'internal',
       path: GET_RULE_HEALTH_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts
index 96ced4e34151d..772de5aead760 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts
@@ -36,8 +36,10 @@ export const getSpaceHealthRoute = (router: SecuritySolutionPluginRouter) => {
     .get({
       access: 'internal',
       path: GET_SPACE_HEALTH_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
@@ -62,8 +64,10 @@ export const getSpaceHealthRoute = (router: SecuritySolutionPluginRouter) => {
     .post({
       access: 'internal',
       path: GET_SPACE_HEALTH_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts
index 685ce8f677952..0e8e5e5b676fa 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts
@@ -22,8 +22,10 @@ export const setupHealthRoute = (router: SecuritySolutionPluginRouter) => {
     .post({
       access: 'internal',
       path: SETUP_HEALTH_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts
index 4e8001193b5c5..fc3c485710c1a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts
@@ -27,8 +27,10 @@ export const getRuleExecutionEventsRoute = (router: SecuritySolutionPluginRouter
     .get({
       access: 'internal',
       path: GET_RULE_EXECUTION_EVENTS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts
index bf3a9864260ac..c23396e139afc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts
@@ -27,8 +27,10 @@ export const getRuleExecutionResultsRoute = (router: SecuritySolutionPluginRoute
     .get({
       access: 'internal',
       path: GET_RULE_EXECUTION_RESULTS_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/constants.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/constants.ts
index 8b2e802b17b6d..dc455e3006e3d 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/constants.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/constants.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { EngineStatus } from '../../../../common/api/entity_analytics';
+import type { EngineStatus, StoreStatus } from '../../../../common/api/entity_analytics';
 
 export const DEFAULT_LOOKBACK_PERIOD = '24h';
 
@@ -17,4 +17,12 @@ export const ENGINE_STATUS: Record<Uppercase<EngineStatus>, EngineStatus> = {
   ERROR: 'error',
 };
 
+export const ENTITY_STORE_STATUS: Record<Uppercase<StoreStatus>, StoreStatus> = {
+  RUNNING: 'running',
+  STOPPED: 'stopped',
+  INSTALLING: 'installing',
+  NOT_INSTALLED: 'not_installed',
+  ERROR: 'error',
+};
+
 export const MAX_SEARCH_RESPONSE_SIZE = 10_000;
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
index 7413c365b5da6..b99fa8935b692 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
@@ -20,17 +20,22 @@ import type { TaskManagerStartContract } from '@kbn/task-manager-plugin/server';
 import type { DataViewsService } from '@kbn/data-views-plugin/common';
 import { isEqual } from 'lodash/fp';
 import moment from 'moment';
+import type {
+  GetEntityStoreStatusResponse,
+  InitEntityStoreRequestBody,
+  InitEntityStoreResponse,
+} from '../../../../common/api/entity_analytics/entity_store/enablement.gen';
 import type { AppClient } from '../../..';
+import { EntityType } from '../../../../common/api/entity_analytics';
 import type {
   Entity,
   EngineDataviewUpdateResult,
   InitEntityEngineRequestBody,
   InitEntityEngineResponse,
-  EntityType,
   InspectQuery,
 } from '../../../../common/api/entity_analytics';
 import { EngineDescriptorClient } from './saved_object/engine_descriptor';
-import { ENGINE_STATUS, MAX_SEARCH_RESPONSE_SIZE } from './constants';
+import { ENGINE_STATUS, ENTITY_STORE_STATUS, MAX_SEARCH_RESPONSE_SIZE } from './constants';
 import { AssetCriticalityEcsMigrationClient } from '../asset_criticality/asset_criticality_migration_client';
 import { getUnitedEntityDefinition } from './united_entity_definitions';
 import {
@@ -126,6 +131,44 @@ export class EntityStoreDataClient {
     });
   }
 
+  public async enable(
+    { indexPattern = '', filter = '', fieldHistoryLength = 10 }: InitEntityStoreRequestBody,
+    { pipelineDebugMode = false }: { pipelineDebugMode?: boolean } = {}
+  ): Promise<InitEntityStoreResponse> {
+    if (!this.options.taskManager) {
+      throw new Error('Task Manager is not available');
+    }
+
+    // Immediately defer the initialization to the next tick. This way we don't block on the init preflight checks
+    const run = <T>(fn: () => Promise<T>) =>
+      new Promise<T>((resolve) => setTimeout(() => fn().then(resolve), 0));
+    const promises = Object.values(EntityType.Values).map((entity) =>
+      run(() =>
+        this.init(entity, { indexPattern, filter, fieldHistoryLength }, { pipelineDebugMode })
+      )
+    );
+
+    const engines = await Promise.all(promises);
+    return { engines, succeeded: true };
+  }
+
+  public async status(): Promise<GetEntityStoreStatusResponse> {
+    const { engines, count } = await this.engineClient.list();
+
+    let status = ENTITY_STORE_STATUS.RUNNING;
+    if (count === 0) {
+      status = ENTITY_STORE_STATUS.NOT_INSTALLED;
+    } else if (engines.some((engine) => engine.status === ENGINE_STATUS.ERROR)) {
+      status = ENTITY_STORE_STATUS.ERROR;
+    } else if (engines.every((engine) => engine.status === ENGINE_STATUS.STOPPED)) {
+      status = ENTITY_STORE_STATUS.STOPPED;
+    } else if (engines.some((engine) => engine.status === ENGINE_STATUS.INSTALLING)) {
+      status = ENTITY_STORE_STATUS.INSTALLING;
+    }
+
+    return { engines, status };
+  }
+
   public async init(
     entityType: EntityType,
     { indexPattern = '', filter = '', fieldHistoryLength = 10 }: InitEntityEngineRequestBody,
@@ -137,7 +180,16 @@ export class EntityStoreDataClient {
 
     const { config } = this.options;
 
-    await this.riskScoreDataClient.createRiskScoreLatestIndex();
+    await this.riskScoreDataClient.createRiskScoreLatestIndex().catch((e) => {
+      if (e.meta.body.error.type === 'resource_already_exists_exception') {
+        this.options.logger.debug(
+          `Risk score index for ${entityType} already exists, skipping creation.`
+        );
+        return;
+      }
+
+      throw e;
+    });
 
     const requiresMigration =
       await this.assetCriticalityMigrationClient.isEcsDataMigrationRequired();
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/enablement.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/enablement.ts
new file mode 100644
index 0000000000000..16813fccdf235
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/enablement.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
+import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
+import { transformError } from '@kbn/securitysolution-es-utils';
+import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
+
+import type { InitEntityStoreResponse } from '../../../../../common/api/entity_analytics/entity_store/enablement.gen';
+import { InitEntityStoreRequestBody } from '../../../../../common/api/entity_analytics/entity_store/enablement.gen';
+import { API_VERSIONS, APP_ID } from '../../../../../common/constants';
+import type { EntityAnalyticsRoutesDeps } from '../../types';
+import { checkAndInitAssetCriticalityResources } from '../../asset_criticality/check_and_init_asset_criticality_resources';
+
+export const enableEntityStoreRoute = (
+  router: EntityAnalyticsRoutesDeps['router'],
+  logger: Logger,
+  config: EntityAnalyticsRoutesDeps['config']
+) => {
+  router.versioned
+    .post({
+      access: 'public',
+      path: '/api/entity_store/enable',
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`],
+        },
+      },
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.public.v1,
+        validate: {
+          request: {
+            body: buildRouteValidationWithZod(InitEntityStoreRequestBody),
+          },
+        },
+      },
+
+      async (context, request, response): Promise<IKibanaResponse<InitEntityStoreResponse>> => {
+        const siemResponse = buildSiemResponse(response);
+        const secSol = await context.securitySolution;
+        const { pipelineDebugMode } = config.entityAnalytics.entityStore.developer;
+
+        await checkAndInitAssetCriticalityResources(context, logger);
+
+        try {
+          const body: InitEntityStoreResponse = await secSol
+            .getEntityStoreDataClient()
+            .enable(request.body, { pipelineDebugMode });
+
+          return response.ok({ body });
+        } catch (e) {
+          const error = transformError(e);
+          logger.error(`Error initialising entity store: ${error.message}`);
+          return siemResponse.error({
+            statusCode: error.statusCode,
+            body: error.message,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/register_entity_store_routes.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/register_entity_store_routes.ts
index 9784dcd619667..c3c66d0b32e28 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/register_entity_store_routes.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/register_entity_store_routes.ts
@@ -15,6 +15,8 @@ import { listEntityEnginesRoute } from './list';
 import { entityStoreInternalPrivilegesRoute } from './privileges';
 import { startEntityEngineRoute } from './start';
 import { stopEntityEngineRoute } from './stop';
+import { getEntityStoreStatusRoute } from './status';
+import { enableEntityStoreRoute } from './enablement';
 
 export const registerEntityStoreRoutes = ({
   router,
@@ -22,6 +24,8 @@ export const registerEntityStoreRoutes = ({
   getStartServices,
   config,
 }: EntityAnalyticsRoutesDeps) => {
+  enableEntityStoreRoute(router, logger, config);
+  getEntityStoreStatusRoute(router, logger, config);
   initEntityEngineRoute(router, logger, config);
   startEntityEngineRoute(router, logger);
   stopEntityEngineRoute(router, logger);
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/status.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/status.ts
new file mode 100644
index 0000000000000..7a59b59b9914a
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/status.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
+import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
+import { transformError } from '@kbn/securitysolution-es-utils';
+import type { GetEntityStoreStatusResponse } from '../../../../../common/api/entity_analytics/entity_store/enablement.gen';
+import { API_VERSIONS, APP_ID } from '../../../../../common/constants';
+import type { EntityAnalyticsRoutesDeps } from '../../types';
+import { checkAndInitAssetCriticalityResources } from '../../asset_criticality/check_and_init_asset_criticality_resources';
+
+export const getEntityStoreStatusRoute = (
+  router: EntityAnalyticsRoutesDeps['router'],
+  logger: Logger,
+  config: EntityAnalyticsRoutesDeps['config']
+) => {
+  router.versioned
+    .get({
+      access: 'public',
+      path: '/api/entity_store/status',
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`],
+        },
+      },
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.public.v1,
+        validate: {},
+      },
+
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<GetEntityStoreStatusResponse>> => {
+        const siemResponse = buildSiemResponse(response);
+        const secSol = await context.securitySolution;
+
+        await checkAndInitAssetCriticalityResources(context, logger);
+
+        try {
+          const body: GetEntityStoreStatusResponse = await secSol
+            .getEntityStoreDataClient()
+            .status();
+
+          return response.ok({ body });
+        } catch (e) {
+          const error = transformError(e);
+          logger.error(`Error initialising entity store: ${error.message}`);
+          return siemResponse.error({
+            statusCode: error.statusCode,
+            body: error.message,
+          });
+        }
+      }
+    );
+};
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts
index 6515817f28e11..fb6ffba7995b8 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts
@@ -31,8 +31,10 @@ export const cleanDraftTimelinesRoute = (router: SecuritySolutionPluginRouter) =
   router.versioned
     .post({
       path: TIMELINE_DRAFT_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts
index 1ba3167cdefae..e83d2cc839db0 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts
@@ -24,8 +24,10 @@ export const getDraftTimelinesRoute = (router: SecuritySolutionPluginRouter) =>
   router.versioned
     .get({
       path: TIMELINE_DRAFT_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts
index 9e6aeb5473fc2..7308801030f4a 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts
@@ -22,8 +22,10 @@ export const deleteNoteRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .delete({
       path: NOTE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts
index 0cd7853b38a1b..3a1ae1ba27e2f 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts
@@ -37,8 +37,10 @@ export const getNotesRoute = (
   router.versioned
     .get({
       path: NOTE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts
index 2e825b4ff3a15..f9759444b26d8 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts
@@ -25,8 +25,10 @@ export const persistNoteRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .patch({
       path: NOTE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts
index 74db9e58d904b..51b001c9ea29e 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts
@@ -26,8 +26,10 @@ export const persistPinnedEventRoute = (router: SecuritySolutionPluginRouter) =>
   router.versioned
     .patch({
       path: PINNED_EVENT_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts
index b1a6e2f781f45..99c4d95942f15 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts
@@ -34,8 +34,12 @@ export const installPrepackedTimelinesRoute = (
   router.versioned
     .post({
       path: `${TIMELINE_PREPACKAGED_URL}`,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         body: {
           maxBytes: config.maxTimelineImportPayloadBytes,
           output: 'stream',
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts
index e795ec89dd926..502b43d4e347f 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts
@@ -23,8 +23,10 @@ export const copyTimelineRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .post({
       path: TIMELINE_COPY_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'internal',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts
index 95fb09fb28e56..a91fefc20f934 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts
@@ -32,8 +32,10 @@ export const createTimelinesRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .post({
       path: TIMELINE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts
index 8dd476c9f4e44..07cffb3e13bf5 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts
@@ -23,8 +23,10 @@ export const deleteTimelinesRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .delete({
       path: TIMELINE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts
index 163b212840423..5a055d54a76ce 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts
@@ -26,8 +26,10 @@ export const exportTimelinesRoute = (router: SecuritySolutionPluginRouter, confi
   router.versioned
     .post({
       path: TIMELINE_EXPORT_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts
index 870955f7e8691..a1ae2178fb6fd 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts
@@ -26,8 +26,10 @@ export const getTimelineRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .get({
       path: TIMELINE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts
index 52995efcf4be1..01a3801ad8672 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts
@@ -25,8 +25,10 @@ export const getTimelinesRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .get({
       path: TIMELINES_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts
index 59a86238941ab..f66c5456c0396 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts
@@ -32,8 +32,12 @@ export const importTimelinesRoute = (router: SecuritySolutionPluginRouter, confi
   router.versioned
     .post({
       path: `${TIMELINE_IMPORT_URL}`,
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
       options: {
-        tags: ['access:securitySolution'],
         body: {
           maxBytes: config.maxTimelineImportPayloadBytes,
           output: 'stream',
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts
index 1297f0cb1a829..7ddea9bd5ffe7 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts
@@ -26,8 +26,10 @@ export const patchTimelinesRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .patch({
       path: TIMELINE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts
index cf66c02cf9c97..22d579229a73b 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts
@@ -26,8 +26,10 @@ export const persistFavoriteRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .patch({
       path: TIMELINE_FAVORITE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts
index 0afc7d21ae296..773e74faaaf46 100644
--- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts
@@ -27,8 +27,10 @@ export const resolveTimelineRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
     .get({
       path: TIMELINE_RESOLVE_URL,
-      options: {
-        tags: ['access:securitySolution'],
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
       },
       access: 'public',
     })
diff --git a/x-pack/plugins/serverless_search/common/i18n_string.ts b/x-pack/plugins/serverless_search/common/i18n_string.ts
index cf0dbad5277c8..32ec0cf8eb957 100644
--- a/x-pack/plugins/serverless_search/common/i18n_string.ts
+++ b/x-pack/plugins/serverless_search/common/i18n_string.ts
@@ -65,6 +65,13 @@ export const CONNECTOR_LABEL: string = i18n.translate('xpack.serverlessSearch.co
   defaultMessage: 'Connector',
 });
 
+export const WEB_CRAWLERS_LABEL: string = i18n.translate(
+  'xpack.serverlessSearch.webCrawlersLabel',
+  {
+    defaultMessage: 'Web crawlers',
+  }
+);
+
 export const DELETE_CONNECTOR_LABEL = i18n.translate(
   'xpack.serverlessSearch.connectors.deleteConnectorLabel',
   {
diff --git a/x-pack/plugins/serverless_search/public/application/components/common/decorative_horizontal_stepper.tsx b/x-pack/plugins/serverless_search/public/application/components/common/decorative_horizontal_stepper.tsx
new file mode 100644
index 0000000000000..99711dcb9c71e
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/common/decorative_horizontal_stepper.tsx
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EuiStepsHorizontal, EuiStepsHorizontalProps } from '@elastic/eui';
+import { css } from '@emotion/react';
+
+interface DecorativeHorizontalStepperProps {
+  stepCount?: number;
+}
+
+export const DecorativeHorizontalStepper: React.FC<DecorativeHorizontalStepperProps> = ({
+  stepCount = 2,
+}) => {
+  // Generate the steps dynamically based on the stepCount prop
+  const horizontalSteps: EuiStepsHorizontalProps['steps'] = Array.from(
+    { length: stepCount },
+    (_, index) => ({
+      title: '',
+      status: 'incomplete',
+      onClick: () => {},
+    })
+  );
+
+  return (
+    /* This is a presentational component, not intended for user interaction:
+    pointer-events: none, prevents user interaction with the component.
+    inert prevents click, focus, and other interactive events, removing it from the tab order.
+    role="presentation" indicates that this component is purely decorative and not interactive for assistive technologies.
+    Together, these attributes help ensure the component is accesible. */
+    <EuiStepsHorizontal
+      css={css`
+        pointer-events: none;
+      `}
+      steps={horizontalSteps}
+      size="s"
+      role="presentation"
+      // @ts-ignore due to React 18 and TypeScript doesn't have native HTML inert attribute support yet
+      inert=""
+    />
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/connectors/connector_icon.tsx b/x-pack/plugins/serverless_search/public/application/components/connectors/connector_icon.tsx
new file mode 100644
index 0000000000000..7ae2961ef10b8
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/connectors/connector_icon.tsx
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiToolTip, EuiIcon } from '@elastic/eui';
+
+export const ConnectorIcon: React.FC<{ name: string; serviceType: string; iconPath?: string }> = ({
+  name,
+  serviceType,
+  iconPath,
+}) => (
+  <EuiToolTip content={name}>
+    <EuiIcon size="l" title={name} id={serviceType} type={iconPath || 'defaultIcon'} />
+  </EuiToolTip>
+);
diff --git a/x-pack/plugins/serverless_search/public/application/components/connectors/elastic_managed_connector_coming_soon.tsx b/x-pack/plugins/serverless_search/public/application/components/connectors/elastic_managed_connector_coming_soon.tsx
new file mode 100644
index 0000000000000..3057c6806fd73
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/connectors/elastic_managed_connector_coming_soon.tsx
@@ -0,0 +1,196 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiPanel,
+  EuiIcon,
+  EuiTitle,
+  EuiText,
+  EuiBadge,
+  EuiButtonEmpty,
+} from '@elastic/eui';
+
+import { i18n } from '@kbn/i18n';
+
+// import { generatePath } from 'react-router-dom';
+import { SERVERLESS_ES_CONNECTORS_ID } from '@kbn/deeplinks-search/constants';
+import { useKibanaServices } from '../../hooks/use_kibana';
+import { useConnectorTypes } from '../../hooks/api/use_connector_types';
+import { useAssetBasePath } from '../../hooks/use_asset_base_path';
+
+import { BACK_LABEL } from '../../../../common/i18n_string';
+// import { BASE_CONNECTORS_PATH } from '../../constants';
+import { ConnectorIcon } from './connector_icon';
+import { DecorativeHorizontalStepper } from '../common/decorative_horizontal_stepper';
+
+export const ElasticManagedConnectorComingSoon: React.FC = () => {
+  const connectorTypes = useConnectorTypes();
+
+  const connectorExamples = connectorTypes.filter((connector) =>
+    ['Gmail', 'Sharepoint Online', 'Jira Cloud', 'Dropbox'].includes(connector.name)
+  );
+
+  const {
+    application: { navigateToApp },
+  } = useKibanaServices();
+
+  const assetBasePath = useAssetBasePath();
+  const connectorsIcon = assetBasePath + '/connectors.svg';
+  return (
+    <EuiFlexGroup alignItems="center" direction="column">
+      <EuiFlexItem>
+        <EuiPanel paddingSize="l" hasShadow={false} hasBorder>
+          <EuiFlexGroup
+            alignItems="center"
+            justifyContent="center"
+            direction="column"
+            gutterSize="l"
+          >
+            <EuiFlexItem>
+              <EuiButtonEmpty
+                data-test-subj="serverlessSearchElasticManagedConnectorEmptyBackButton"
+                iconType="arrowLeft"
+                onClick={() => navigateToApp(SERVERLESS_ES_CONNECTORS_ID)}
+              >
+                {BACK_LABEL}
+              </EuiButtonEmpty>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiIcon size="xxl" type={connectorsIcon} />
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiTitle>
+                <h2>
+                  {i18n.translate('xpack.serverlessSearch.elasticManagedConnectorEmpty.title', {
+                    defaultMessage: 'Elastic managed connectors',
+                  })}
+                </h2>
+              </EuiTitle>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiBadge color="accent">Coming soon</EuiBadge>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiText textAlign="center" color="subdued">
+                <p>
+                  {i18n.translate(
+                    'xpack.serverlessSearch.elasticManagedConnectorEmpty.description',
+                    {
+                      defaultMessage:
+                        "We're actively developing Elastic managed connectors, that won't require any self-managed infrastructure. You'll be able to handle all configuration in the UI. This will simplify syncing your data into a serverless Elasticsearch project. This new workflow will have two steps:",
+                    }
+                  )}
+                </p>
+              </EuiText>
+            </EuiFlexItem>
+            <EuiFlexGroup
+              alignItems="stretch"
+              justifyContent="center"
+              direction="column"
+              gutterSize="s"
+            >
+              <EuiFlexItem>
+                <EuiPanel color="subdued">
+                  <EuiFlexItem grow={false}>
+                    <DecorativeHorizontalStepper stepCount={2} />
+                  </EuiFlexItem>
+                  <EuiFlexGroup>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            justifyContent="center"
+                            alignItems="center"
+                            direction="row"
+                            gutterSize="s"
+                          >
+                            {connectorExamples.map((connector, index) => (
+                              <React.Fragment key={connector.serviceType}>
+                                {index === Math.floor(connectorExamples.length / 2) && (
+                                  <EuiFlexItem grow={false}>
+                                    <EuiIcon color="primary" size="l" type="documents" />
+                                  </EuiFlexItem>
+                                )}
+                                <EuiFlexItem grow={false}>
+                                  <ConnectorIcon
+                                    name={connector.name}
+                                    serviceType={connector.serviceType}
+                                    iconPath={connector.iconPath}
+                                  />
+                                </EuiFlexItem>
+                              </React.Fragment>
+                            ))}
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem grow={false}>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.elasticManagedConnectorEmpty.guideOneDescription',
+                                {
+                                  defaultMessage:
+                                    "Choose from over 30 third-party data sources you'd like to sync",
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            gutterSize="s"
+                            direction="row"
+                            alignItems="center"
+                            justifyContent="center"
+                          >
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type={connectorsIcon} />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type="logoElastic" />
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.elasticManagedConnectorEmpty.guideThreeDescription',
+                                {
+                                  defaultMessage:
+                                    'Enter access and connection details for your data source and run your first sync using the Kibana UI',
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                  </EuiFlexGroup>
+                </EuiPanel>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexGroup>
+        </EuiPanel>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/connectors/empty_connectors_prompt.tsx b/x-pack/plugins/serverless_search/public/application/components/connectors/empty_connectors_prompt.tsx
index 56c7a9aaf8155..0767f8cfaf276 100644
--- a/x-pack/plugins/serverless_search/public/application/components/connectors/empty_connectors_prompt.tsx
+++ b/x-pack/plugins/serverless_search/public/application/components/connectors/empty_connectors_prompt.tsx
@@ -14,30 +14,49 @@ import {
   EuiText,
   EuiLink,
   EuiButton,
-  EuiToolTip,
+  EuiBadge,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import React from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 
 import { docLinks } from '../../../../common/doc_links';
+import { useKibanaServices } from '../../hooks/use_kibana';
 import { useConnectorTypes } from '../../hooks/api/use_connector_types';
 import { useCreateConnector } from '../../hooks/api/use_create_connector';
 import { useAssetBasePath } from '../../hooks/use_asset_base_path';
 import { useConnectors } from '../../hooks/api/use_connectors';
+import { DecorativeHorizontalStepper } from '../common/decorative_horizontal_stepper';
+import { ConnectorIcon } from './connector_icon';
+
+import { ELASTIC_MANAGED_CONNECTOR_PATH, BASE_CONNECTORS_PATH } from '../../constants';
 
 export const EmptyConnectorsPrompt: React.FC = () => {
   const connectorTypes = useConnectorTypes();
+
+  const connectorExamples = connectorTypes.filter((connector) =>
+    ['Gmail', 'Sharepoint Online', 'Jira Cloud', 'Dropbox'].includes(connector.name)
+  );
   const { createConnector, isLoading } = useCreateConnector();
   const { data } = useConnectors();
 
   const assetBasePath = useAssetBasePath();
   const connectorsPath = assetBasePath + '/connectors.svg';
+
+  const {
+    application: { navigateToUrl },
+  } = useKibanaServices();
+
   return (
     <EuiFlexGroup alignItems="center" direction="column">
       <EuiFlexItem>
         <EuiPanel paddingSize="l" hasShadow={false} hasBorder>
-          <EuiFlexGroup alignItems="center" justifyContent="center" direction="column">
+          <EuiFlexGroup
+            alignItems="center"
+            justifyContent="center"
+            direction="column"
+            gutterSize="l"
+          >
             <EuiFlexItem>
               <EuiIcon size="xxl" type={connectorsPath} />
             </EuiFlexItem>
@@ -45,13 +64,13 @@ export const EmptyConnectorsPrompt: React.FC = () => {
               <EuiTitle>
                 <h2>
                   {i18n.translate('xpack.serverlessSearch.connectorsEmpty.title', {
-                    defaultMessage: 'Create a connector',
+                    defaultMessage: 'Set up a new connector',
                   })}
                 </h2>
               </EuiTitle>
             </EuiFlexItem>
             <EuiFlexItem>
-              <EuiText>
+              <EuiText textAlign="center" color="subdued">
                 <p>
                   {i18n.translate('xpack.serverlessSearch.connectorsEmpty.description', {
                     defaultMessage:
@@ -60,155 +79,215 @@ export const EmptyConnectorsPrompt: React.FC = () => {
                 </p>
               </EuiText>
             </EuiFlexItem>
-            <EuiFlexItem>
-              <EuiPanel color="subdued">
-                <EuiFlexGroup>
-                  <EuiFlexItem>
-                    <EuiFlexGroup justifyContent="center" alignItems="center" direction="column">
-                      <EuiFlexItem grow={false}>
-                        <EuiIcon color="primary" size="l" type="documents" />
-                      </EuiFlexItem>
-                      <EuiFlexItem>
-                        <EuiText>
-                          <p>
-                            {i18n.translate(
-                              'xpack.serverlessSearch.connectorsEmpty.guideOneDescription',
-                              {
-                                defaultMessage: "Choose a data source you'd like to sync",
-                              }
-                            )}
-                          </p>
-                        </EuiText>
-                      </EuiFlexItem>
-                    </EuiFlexGroup>
+            <EuiFlexGroup
+              alignItems="stretch"
+              justifyContent="center"
+              direction="column"
+              gutterSize="s"
+            >
+              <EuiFlexItem>
+                <EuiPanel color="subdued">
+                  <EuiFlexItem grow={false}>
+                    <DecorativeHorizontalStepper stepCount={3} />
                   </EuiFlexItem>
-                  <EuiFlexItem>
-                    <EuiFlexGroup justifyContent="center" alignItems="center" direction="column">
-                      <EuiFlexItem grow={false}>
-                        <EuiIcon color="primary" size="l" type={connectorsPath} />
-                      </EuiFlexItem>
-                      <EuiFlexItem>
-                        <EuiText>
-                          <p>
-                            <FormattedMessage
-                              id="xpack.serverlessSearch.connectorsEmpty.guideTwoDescription"
-                              defaultMessage="Deploy connector code on your own infrastructure by running from {source}, or using {docker}"
-                              values={{
-                                source: (
-                                  <EuiLink
-                                    data-test-subj="serverlessSearchEmptyConnectorsPromptSourceLink"
-                                    href={docLinks.connectorsRunFromSource}
-                                  >
-                                    {i18n.translate(
-                                      'xpack.serverlessSearch.connectorsEmpty.sourceLabel',
-                                      { defaultMessage: 'source' }
-                                    )}
-                                  </EuiLink>
-                                ),
-                                docker: (
-                                  <EuiLink
-                                    data-test-subj="serverlessSearchEmptyConnectorsPromptDockerLink"
-                                    href={docLinks.connectorsRunWithDocker}
-                                  >
-                                    {i18n.translate(
-                                      'xpack.serverlessSearch.connectorsEmpty.dockerLabel',
-                                      { defaultMessage: 'Docker' }
-                                    )}
-                                  </EuiLink>
-                                ),
-                              }}
-                            />
-                          </p>
-                        </EuiText>
-                      </EuiFlexItem>
-                    </EuiFlexGroup>
-                  </EuiFlexItem>
-                  <EuiFlexItem>
-                    <EuiFlexGroup justifyContent="center" alignItems="center" direction="column">
-                      <EuiFlexItem grow={false}>
+                  <EuiFlexGroup>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            justifyContent="center"
+                            alignItems="center"
+                            direction="row"
+                            gutterSize="s"
+                          >
+                            {connectorExamples.map((connector, index) => (
+                              <React.Fragment key={connector.serviceType}>
+                                {index === Math.floor(connectorExamples.length / 2) && (
+                                  <EuiFlexItem grow={false}>
+                                    <EuiIcon color="primary" size="l" type="documents" />
+                                  </EuiFlexItem>
+                                )}
+                                <EuiFlexItem grow={false}>
+                                  <ConnectorIcon
+                                    name={connector.name}
+                                    serviceType={connector.serviceType}
+                                    iconPath={connector.iconPath}
+                                  />
+                                </EuiFlexItem>
+                              </React.Fragment>
+                            ))}
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem grow={false}>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.connectorsEmpty.guideOneDescription',
+                                {
+                                  defaultMessage:
+                                    "Choose from over 30 third-party data sources you'd like to sync",
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
                         <EuiFlexGroup
                           gutterSize="s"
                           direction="row"
                           alignItems="center"
                           justifyContent="center"
                         >
-                          <EuiFlexItem>
-                            <EuiIcon color="primary" size="l" type="documents" />
-                          </EuiFlexItem>
-                          <EuiFlexItem>
-                            <EuiIcon size="m" type="sortRight" />
-                          </EuiFlexItem>
-                          <EuiFlexItem>
+                          <EuiFlexItem grow={false}>
                             <EuiIcon color="primary" size="l" type={connectorsPath} />
                           </EuiFlexItem>
                           <EuiFlexItem>
                             <EuiIcon size="m" type="sortRight" />
                           </EuiFlexItem>
                           <EuiFlexItem>
-                            <EuiIcon color="primary" size="l" type="logoElastic" />
+                            <EuiIcon color="primary" size="l" type="launch" />
                           </EuiFlexItem>
                         </EuiFlexGroup>
-                      </EuiFlexItem>
-                      <EuiFlexItem>
-                        <EuiText>
-                          <p>
-                            {i18n.translate(
-                              'xpack.serverlessSearch.connectorsEmpty.guideThreeDescription',
-                              {
-                                defaultMessage:
-                                  'Enter access and connection details for your data source and run your first sync',
-                              }
-                            )}
-                          </p>
-                        </EuiText>
-                      </EuiFlexItem>
-                    </EuiFlexGroup>
+                        <EuiFlexItem>
+                          <EuiText>
+                            <p>
+                              <FormattedMessage
+                                id="xpack.serverlessSearch.connectorsEmpty.guideTwoDescription"
+                                defaultMessage="Deploy connector code on your own infrastructure by running from {source}, or using {docker}"
+                                values={{
+                                  source: (
+                                    <EuiLink
+                                      target="_blank"
+                                      data-test-subj="serverlessSearchEmptyConnectorsPromptSourceLink"
+                                      href={docLinks.connectorsRunFromSource}
+                                    >
+                                      {i18n.translate(
+                                        'xpack.serverlessSearch.connectorsEmpty.sourceLabel',
+                                        { defaultMessage: 'source' }
+                                      )}
+                                    </EuiLink>
+                                  ),
+                                  docker: (
+                                    <EuiLink
+                                      target="_blank"
+                                      data-test-subj="serverlessSearchEmptyConnectorsPromptDockerLink"
+                                      href={docLinks.connectorsRunWithDocker}
+                                    >
+                                      {i18n.translate(
+                                        'xpack.serverlessSearch.connectorsEmpty.dockerLabel',
+                                        { defaultMessage: 'Docker' }
+                                      )}
+                                    </EuiLink>
+                                  ),
+                                }}
+                              />
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            gutterSize="s"
+                            direction="row"
+                            alignItems="center"
+                            justifyContent="center"
+                          >
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type="documents" />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon size="m" type="sortRight" />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type={connectorsPath} />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon size="m" type="sortRight" />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type="logoElastic" />
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.connectorsEmpty.guideThreeDescription',
+                                {
+                                  defaultMessage:
+                                    'Enter access and connection details for your data source and run your first sync',
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                  </EuiFlexGroup>
+                </EuiPanel>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+            <EuiFlexGroup direction="row" gutterSize="m">
+              <EuiFlexItem>
+                <EuiButton
+                  data-test-subj="serverlessSearchEmptyConnectorsPromptCreateConnectorButton"
+                  disabled={!data?.canManageConnectors}
+                  fill
+                  iconType="plusInCircle"
+                  onClick={() => createConnector()}
+                  isLoading={isLoading}
+                >
+                  {i18n.translate('xpack.serverlessSearch.connectorsEmpty.selfManagedButton', {
+                    defaultMessage: 'Self-managed connector',
+                  })}
+                </EuiButton>
+              </EuiFlexItem>
+              <EuiFlexItem>
+                <EuiFlexGroup direction="column" gutterSize="s" alignItems="center">
+                  <EuiFlexItem>
+                    <EuiButton
+                      data-test-subj="serverlessSearchEmptyConnectorsPromptCreateElasticManagedConnectorButton"
+                      isLoading={isLoading}
+                      onClick={() =>
+                        navigateToUrl(`${BASE_CONNECTORS_PATH}/${ELASTIC_MANAGED_CONNECTOR_PATH}`)
+                      }
+                    >
+                      {i18n.translate(
+                        'xpack.serverlessSearch.connectorsEmpty.elasticManagedButton',
+                        {
+                          defaultMessage: 'Elastic managed connector',
+                        }
+                      )}
+                    </EuiButton>
+                  </EuiFlexItem>
+                  <EuiFlexItem grow={false}>
+                    <EuiBadge color="accent">Coming soon</EuiBadge>
                   </EuiFlexItem>
                 </EuiFlexGroup>
-              </EuiPanel>
-            </EuiFlexItem>
-            <EuiFlexItem>
-              <EuiButton
-                data-test-subj="serverlessSearchEmptyConnectorsPromptCreateConnectorButton"
-                disabled={!data?.canManageConnectors}
-                fill
-                iconType="plusInCircleFilled"
-                onClick={() => createConnector()}
-                isLoading={isLoading}
-              >
-                {i18n.translate('xpack.serverlessSearch.connectorsEmpty.createConnector', {
-                  defaultMessage: 'Create connector',
-                })}
-              </EuiButton>
-            </EuiFlexItem>
+              </EuiFlexItem>
+            </EuiFlexGroup>
           </EuiFlexGroup>
         </EuiPanel>
       </EuiFlexItem>
-      <EuiFlexItem>
-        <EuiTitle>
-          <h3>
-            {i18n.translate('xpack.serverlessSearch.connectorsEmpty.availableConnectors', {
-              defaultMessage: 'Available connectors',
-            })}
-          </h3>
-        </EuiTitle>
-      </EuiFlexItem>
-      <EuiFlexItem>
-        <EuiFlexGroup gutterSize="s">
-          {connectorTypes.map((connectorType) => (
-            <EuiFlexItem key={connectorType.name}>
-              <EuiToolTip content={connectorType.name}>
-                <EuiIcon
-                  size="l"
-                  title={connectorType.name}
-                  id={connectorType.serviceType}
-                  type={connectorType.iconPath}
-                />
-              </EuiToolTip>
-            </EuiFlexItem>
-          ))}
-        </EuiFlexGroup>
-      </EuiFlexItem>
     </EuiFlexGroup>
   );
 };
diff --git a/x-pack/plugins/serverless_search/public/application/components/connectors_elastic_managed.tsx b/x-pack/plugins/serverless_search/public/application/components/connectors_elastic_managed.tsx
new file mode 100644
index 0000000000000..e645ede3d67e8
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/connectors_elastic_managed.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLink, EuiPageTemplate, EuiText } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+import React, { useMemo } from 'react';
+
+import { LEARN_MORE_LABEL } from '../../../common/i18n_string';
+
+import { useKibanaServices } from '../hooks/use_kibana';
+import { ElasticManagedConnectorComingSoon } from './connectors/elastic_managed_connector_coming_soon';
+
+import { docLinks } from '../../../common/doc_links';
+
+export const ConnectorsElasticManaged = () => {
+  const { console: consolePlugin } = useKibanaServices();
+
+  const embeddableConsole = useMemo(
+    () => (consolePlugin?.EmbeddableConsole ? <consolePlugin.EmbeddableConsole /> : null),
+    [consolePlugin]
+  );
+
+  return (
+    <EuiPageTemplate offset={0} grow restrictWidth data-test-subj="svlSearchConnectorsPage">
+      <EuiPageTemplate.Header
+        pageTitle={i18n.translate('xpack.serverlessSearch.connectors.title', {
+          defaultMessage: 'Connectors',
+        })}
+        data-test-subj="serverlessSearchConnectorsTitle"
+        restrictWidth
+      >
+        <EuiText>
+          <p>
+            <FormattedMessage
+              id="xpack.serverlessSearch.connectors.headerContent"
+              defaultMessage="Sync third-party data sources to Elasticsearch, by deploying Elastic connectors on your own infrastructure. {learnMoreLink}"
+              values={{
+                learnMoreLink: (
+                  <EuiLink
+                    data-test-subj="serverlessSearchConnectorsOverviewLink"
+                    target="_blank"
+                    href={docLinks.connectors}
+                  >
+                    {LEARN_MORE_LABEL}
+                  </EuiLink>
+                ),
+              }}
+            />
+          </p>
+        </EuiText>
+      </EuiPageTemplate.Header>
+      <EuiPageTemplate.Section restrictWidth color="subdued">
+        <ElasticManagedConnectorComingSoon />
+      </EuiPageTemplate.Section>
+      {embeddableConsole}
+    </EuiPageTemplate>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/connectors_overview.tsx b/x-pack/plugins/serverless_search/public/application/components/connectors_overview.tsx
index f059a8d531eac..775cec8db1551 100644
--- a/x-pack/plugins/serverless_search/public/application/components/connectors_overview.tsx
+++ b/x-pack/plugins/serverless_search/public/application/components/connectors_overview.tsx
@@ -7,30 +7,36 @@
 
 import {
   EuiButton,
+  EuiCallOut,
   EuiFlexGroup,
   EuiFlexItem,
-  EuiIcon,
   EuiLink,
   EuiPageTemplate,
+  EuiSpacer,
   EuiText,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import React, { useMemo } from 'react';
+import React, { useMemo, useState } from 'react';
 
+import { GithubLink } from '@kbn/search-api-panels';
 import { docLinks } from '../../../common/doc_links';
 import { LEARN_MORE_LABEL } from '../../../common/i18n_string';
-import { PLUGIN_ID } from '../../../common';
 import { useConnectors } from '../hooks/api/use_connectors';
 import { useCreateConnector } from '../hooks/api/use_create_connector';
 import { useKibanaServices } from '../hooks/use_kibana';
 import { EmptyConnectorsPrompt } from './connectors/empty_connectors_prompt';
 import { ConnectorsTable } from './connectors/connectors_table';
 import { ConnectorPrivilegesCallout } from './connectors/connector_config/connector_privileges_callout';
+import { useAssetBasePath } from '../hooks/use_asset_base_path';
+
+import { BASE_CONNECTORS_PATH, ELASTIC_MANAGED_CONNECTOR_PATH } from '../constants';
+
+const CALLOUT_KEY = 'search.connectors.ElasticManaged.ComingSoon.feedbackCallout';
 
 export const ConnectorsOverview = () => {
   const { data, isLoading: connectorsLoading } = useConnectors();
-  const { http, console: consolePlugin } = useKibanaServices();
+  const { console: consolePlugin } = useKibanaServices();
   const { createConnector, isLoading } = useCreateConnector();
   const embeddableConsole = useMemo(
     () => (consolePlugin?.EmbeddableConsole ? <consolePlugin.EmbeddableConsole /> : null),
@@ -39,6 +45,18 @@ export const ConnectorsOverview = () => {
 
   const canManageConnectors = !data || data.canManageConnectors;
 
+  const {
+    application: { navigateToUrl },
+  } = useKibanaServices();
+
+  const [showCallOut, setShowCallOut] = useState(sessionStorage.getItem(CALLOUT_KEY) !== 'hidden');
+
+  const onDismiss = () => {
+    setShowCallOut(false);
+    sessionStorage.setItem(CALLOUT_KEY, 'hidden');
+  };
+  const assetBasePath = useAssetBasePath();
+
   return (
     <EuiPageTemplate offset={0} grow restrictWidth data-test-subj="svlSearchConnectorsPage">
       <EuiPageTemplate.Header
@@ -47,52 +65,38 @@ export const ConnectorsOverview = () => {
         })}
         data-test-subj="serverlessSearchConnectorsTitle"
         restrictWidth
-        rightSideItems={[
-          <EuiFlexGroup direction="row" alignItems="flexStart" justifyContent="center">
-            <EuiFlexItem>
-              <EuiFlexGroup
-                alignItems="center"
-                gutterSize="xs"
-                justifyContent="flexEnd"
-                direction="row"
-              >
-                <EuiFlexItem grow={false}>
-                  <EuiIcon
-                    size="s"
-                    type={http.basePath.prepend(`/plugins/${PLUGIN_ID}/assets/github.svg`)}
-                  />
-                </EuiFlexItem>
-                <EuiFlexItem grow={false}>
-                  <EuiText size="s">
-                    <EuiLink
+        rightSideItems={
+          connectorsLoading || (data?.connectors || []).length > 0
+            ? [
+                <EuiFlexGroup direction="row" alignItems="center" justifyContent="center">
+                  <EuiFlexItem>
+                    <GithubLink
+                      href={'https://github.com/elastic/connectors'}
+                      label={i18n.translate('xpack.serverlessSearch.connectorsPythonLink', {
+                        defaultMessage: 'elastic/connectors',
+                      })}
+                      assetBasePath={assetBasePath}
                       data-test-subj="serverlessSearchConnectorsOverviewElasticConnectorsLink"
-                      target="_blank"
-                      href="https://github.com/elastic/connectors"
+                    />
+                  </EuiFlexItem>
+                  <EuiFlexItem>
+                    <EuiButton
+                      data-test-subj="serverlessSearchConnectorsOverviewCreateConnectorButton"
+                      disabled={!canManageConnectors}
+                      isLoading={isLoading}
+                      fill
+                      iconType="plusInCircleFilled"
+                      onClick={() => createConnector()}
                     >
-                      {i18n.translate('xpack.serverlessSearch.connectorsPythonLink', {
-                        defaultMessage: 'elastic/connectors',
+                      {i18n.translate('xpack.serverlessSearch.connectors.createConnector', {
+                        defaultMessage: 'Create connector',
                       })}
-                    </EuiLink>
-                  </EuiText>
-                </EuiFlexItem>
-              </EuiFlexGroup>
-            </EuiFlexItem>
-            <EuiFlexItem>
-              <EuiButton
-                data-test-subj="serverlessSearchConnectorsOverviewCreateConnectorButton"
-                disabled={!canManageConnectors}
-                isLoading={isLoading}
-                fill
-                iconType="plusInCircleFilled"
-                onClick={() => createConnector()}
-              >
-                {i18n.translate('xpack.serverlessSearch.connectors.createConnector', {
-                  defaultMessage: 'Create connector',
-                })}
-              </EuiButton>
-            </EuiFlexItem>
-          </EuiFlexGroup>,
-        ]}
+                    </EuiButton>
+                  </EuiFlexItem>
+                </EuiFlexGroup>,
+              ]
+            : undefined
+        }
       >
         <EuiText>
           <p>
@@ -103,7 +107,6 @@ export const ConnectorsOverview = () => {
                 learnMoreLink: (
                   <EuiLink
                     data-test-subj="serverlessSearchConnectorsOverviewLink"
-                    external
                     target="_blank"
                     href={docLinks.connectors}
                   >
@@ -118,7 +121,39 @@ export const ConnectorsOverview = () => {
       <EuiPageTemplate.Section restrictWidth color="subdued">
         <ConnectorPrivilegesCallout />
         {connectorsLoading || (data?.connectors || []).length > 0 ? (
-          <ConnectorsTable />
+          <>
+            {showCallOut && (
+              <>
+                <EuiCallOut
+                  size="m"
+                  title="Coming soon Elastic managed connectors."
+                  iconType="pin"
+                  onDismiss={onDismiss}
+                >
+                  <p>
+                    {i18n.translate(
+                      'xpack.serverlessSearch.connectorsOverview.calloutDescription',
+                      {
+                        defaultMessage:
+                          "We're actively developing Elastic managed connectors, that won't require any self-managed infrastructure. You'll be able to handle all configuration in the UI. This will simplify syncing your data into a serverless Elasticsearch project.",
+                      }
+                    )}
+                  </p>
+                  <EuiButton
+                    data-test-subj="serverlessSearchConnectorsOverviewLinkButtonButton"
+                    color="primary"
+                    onClick={() =>
+                      navigateToUrl(`${BASE_CONNECTORS_PATH}/${ELASTIC_MANAGED_CONNECTOR_PATH}`)
+                    }
+                  >
+                    {LEARN_MORE_LABEL}
+                  </EuiButton>
+                </EuiCallOut>
+                <EuiSpacer size="m" />
+              </>
+            )}
+            <ConnectorsTable />
+          </>
         ) : (
           <EmptyConnectorsPrompt />
         )}
diff --git a/x-pack/plugins/serverless_search/public/application/components/connectors_router.tsx b/x-pack/plugins/serverless_search/public/application/components/connectors_router.tsx
index f8c224ed2c9c6..4085b812d1f3d 100644
--- a/x-pack/plugins/serverless_search/public/application/components/connectors_router.tsx
+++ b/x-pack/plugins/serverless_search/public/application/components/connectors_router.tsx
@@ -9,10 +9,15 @@ import { Route, Routes } from '@kbn/shared-ux-router';
 import React from 'react';
 import { EditConnector } from './connectors/edit_connector';
 import { ConnectorsOverview } from './connectors_overview';
+import { ConnectorsElasticManaged } from './connectors_elastic_managed';
+import { ELASTIC_MANAGED_CONNECTOR_PATH } from '../constants';
 
 export const ConnectorsRouter: React.FC = () => {
   return (
     <Routes>
+      <Route exact path={ELASTIC_MANAGED_CONNECTOR_PATH}>
+        <ConnectorsElasticManaged />
+      </Route>
       <Route exact path={'/:id'}>
         <EditConnector />
       </Route>
diff --git a/x-pack/plugins/serverless_search/public/application/components/web_crawlers/elastic_managed_web_crawler_coming_soon.tsx b/x-pack/plugins/serverless_search/public/application/components/web_crawlers/elastic_managed_web_crawler_coming_soon.tsx
new file mode 100644
index 0000000000000..ba146ed847990
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/web_crawlers/elastic_managed_web_crawler_coming_soon.tsx
@@ -0,0 +1,171 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiPanel,
+  EuiIcon,
+  EuiTitle,
+  EuiText,
+  EuiBadge,
+  EuiButtonEmpty,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+
+import { useKibanaServices } from '../../hooks/use_kibana';
+import { useAssetBasePath } from '../../hooks/use_asset_base_path';
+
+import { BACK_LABEL } from '../../../../common/i18n_string';
+import { DecorativeHorizontalStepper } from '../common/decorative_horizontal_stepper';
+
+export const ElasticManagedWebCrawlersCommingSoon: React.FC = () => {
+  const {
+    application: { navigateToUrl },
+  } = useKibanaServices();
+
+  const assetBasePath = useAssetBasePath();
+  const webCrawlerIcon = assetBasePath + '/web_crawlers.svg';
+
+  return (
+    <EuiFlexGroup alignItems="center" direction="column">
+      <EuiFlexItem>
+        <EuiPanel paddingSize="l" hasShadow={false} hasBorder>
+          <EuiFlexGroup
+            alignItems="center"
+            justifyContent="center"
+            direction="column"
+            gutterSize="l"
+          >
+            <EuiFlexItem>
+              <EuiButtonEmpty
+                data-test-subj="serverlessSearchElasticManagedWebCrawlerEmptyBackButton"
+                iconType="arrowLeft"
+                onClick={() => navigateToUrl(`./`)}
+              >
+                {BACK_LABEL}
+              </EuiButtonEmpty>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiIcon size="xxl" type={webCrawlerIcon} />
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiTitle>
+                <h2>
+                  {i18n.translate('xpack.serverlessSearch.elasticManagedWebCrawlerEmpty.title', {
+                    defaultMessage: 'Elastic managed web crawlers',
+                  })}
+                </h2>
+              </EuiTitle>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiBadge color="accent">Coming soon</EuiBadge>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiText textAlign="center" color="subdued">
+                <p>
+                  {i18n.translate(
+                    'xpack.serverlessSearch.elasticManagedWebCrawlerEmpty.description',
+                    {
+                      defaultMessage:
+                        "We're actively developing Elastic managed web crawlers, that won't require any self-managed infrastructure. You'll be able to handle all configuration in the UI. This will simplify syncing your data into a serverless Elasticsearch project. This new workflow will have two steps:",
+                    }
+                  )}
+                </p>
+              </EuiText>
+            </EuiFlexItem>
+            <EuiFlexGroup
+              alignItems="stretch"
+              justifyContent="center"
+              direction="column"
+              gutterSize="s"
+            >
+              <EuiFlexItem>
+                <EuiPanel color="subdued">
+                  <EuiFlexItem grow={false}>
+                    <DecorativeHorizontalStepper stepCount={2} />
+                  </EuiFlexItem>
+                  <EuiFlexGroup>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            justifyContent="center"
+                            alignItems="center"
+                            direction="row"
+                            gutterSize="s"
+                          >
+                            <EuiFlexItem grow={false}>
+                              <EuiIcon color="primary" size="l" type="globe" />
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem grow={false}>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.elasticManagedWebCrawlerEmpty.guideOneDescription',
+                                {
+                                  defaultMessage: 'Set one or more domain URLs you want to crawl',
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            gutterSize="s"
+                            direction="row"
+                            alignItems="center"
+                            justifyContent="center"
+                          >
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type={webCrawlerIcon} />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type="logoElastic" />
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.elasticManagedWebCrawlerEmpty.guideThreeDescription',
+                                {
+                                  defaultMessage:
+                                    'Configure all the web crawler process using Kibana',
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                  </EuiFlexGroup>
+                </EuiPanel>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexGroup>
+        </EuiPanel>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/web_crawlers/empty_web_crawlers_prompt.tsx b/x-pack/plugins/serverless_search/public/application/components/web_crawlers/empty_web_crawlers_prompt.tsx
new file mode 100644
index 0000000000000..8170ed6da3134
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/web_crawlers/empty_web_crawlers_prompt.tsx
@@ -0,0 +1,269 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiPanel,
+  EuiIcon,
+  EuiTitle,
+  EuiText,
+  EuiLink,
+  EuiButton,
+  EuiBadge,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+
+import { useKibanaServices } from '../../hooks/use_kibana';
+import { useAssetBasePath } from '../../hooks/use_asset_base_path';
+
+import { ELASTIC_MANAGED_WEB_CRAWLERS_PATH, BASE_WEB_CRAWLERS_PATH } from '../../constants';
+import { DecorativeHorizontalStepper } from '../common/decorative_horizontal_stepper';
+
+export const EmptyWebCrawlersPrompt: React.FC = () => {
+  const {
+    application: { navigateToUrl },
+  } = useKibanaServices();
+
+  const assetBasePath = useAssetBasePath();
+  const webCrawlersIcon = assetBasePath + '/web_crawlers.svg';
+  const githubIcon = assetBasePath + '/github_white.svg';
+
+  return (
+    <EuiFlexGroup alignItems="center" direction="column">
+      <EuiFlexItem>
+        <EuiPanel paddingSize="l" hasShadow={false} hasBorder>
+          <EuiFlexGroup
+            alignItems="center"
+            justifyContent="center"
+            direction="column"
+            gutterSize="l"
+          >
+            <EuiFlexItem>
+              <EuiIcon size="xxl" type={webCrawlersIcon} />
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiTitle>
+                <h2>
+                  {i18n.translate('xpack.serverlessSearch.webCrawlersEmpty.title', {
+                    defaultMessage: 'Set up a web crawler',
+                  })}
+                </h2>
+              </EuiTitle>
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiText textAlign="center" color="subdued">
+                <p>
+                  {i18n.translate('xpack.serverlessSearch.webCrawlersEmpty.description', {
+                    defaultMessage:
+                      "To set up and deploy a web crawler you'll be working between data source, your terminal, and the Kibana UI. The high level process looks like this:",
+                  })}
+                </p>
+              </EuiText>
+            </EuiFlexItem>
+            <EuiFlexGroup
+              alignItems="stretch"
+              justifyContent="center"
+              direction="column"
+              gutterSize="s"
+            >
+              <EuiFlexItem>
+                <EuiPanel color="subdued">
+                  <EuiFlexItem grow={false}>
+                    <DecorativeHorizontalStepper stepCount={3} />
+                  </EuiFlexItem>
+                  <EuiFlexGroup>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexGroup
+                          gutterSize="s"
+                          direction="row"
+                          alignItems="center"
+                          justifyContent="center"
+                        >
+                          <EuiFlexItem grow={false}>
+                            <EuiIcon color="primary" size="l" type={webCrawlersIcon} />
+                          </EuiFlexItem>
+                          <EuiFlexItem>
+                            <EuiIcon size="m" type="sortRight" />
+                          </EuiFlexItem>
+                          <EuiFlexItem>
+                            <EuiIcon color="primary" size="l" type="launch" />
+                          </EuiFlexItem>
+                        </EuiFlexGroup>
+                        <EuiFlexItem>
+                          <EuiText>
+                            <p>
+                              <FormattedMessage
+                                id="xpack.serverlessSearch.webCrawlersEmpty.guideTwoDescription"
+                                defaultMessage="Deploy web crawler code on your own infrastructure by running from {source}, or using {docker}"
+                                values={{
+                                  source: (
+                                    <EuiLink
+                                      target="_blank"
+                                      data-test-subj="serverlessSearchEmptyConnectorsPromptSourceLink"
+                                      href={'https://github.com/elastic/crawler'}
+                                    >
+                                      {i18n.translate(
+                                        'xpack.serverlessSearch.webCrawlersEmpty.sourceLabel',
+                                        { defaultMessage: 'source' }
+                                      )}
+                                    </EuiLink>
+                                  ),
+                                  docker: (
+                                    <EuiLink
+                                      target="_blank"
+                                      data-test-subj="serverlessSearchEmptyConnectorsPromptDockerLink"
+                                      href={
+                                        'https://github.com/elastic/crawler?tab=readme-ov-file#running-open-crawler-with-docker'
+                                      }
+                                    >
+                                      {i18n.translate(
+                                        'xpack.serverlessSearch.webCrawlersEmpty.dockerLabel',
+                                        { defaultMessage: 'Docker' }
+                                      )}
+                                    </EuiLink>
+                                  ),
+                                }}
+                              />
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            justifyContent="center"
+                            alignItems="center"
+                            direction="row"
+                            gutterSize="s"
+                          >
+                            <EuiFlexItem grow={false}>
+                              <EuiIcon color="primary" size="l" type="globe" />
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem grow={false}>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.webCrawlersEmpty.guideOneDescription',
+                                {
+                                  defaultMessage: 'Set one or more domain URLs you want to crawl',
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+
+                    <EuiFlexItem>
+                      <EuiFlexGroup
+                        justifyContent="flexStart"
+                        alignItems="center"
+                        direction="column"
+                      >
+                        <EuiFlexItem grow={false}>
+                          <EuiFlexGroup
+                            gutterSize="s"
+                            direction="row"
+                            alignItems="center"
+                            justifyContent="center"
+                          >
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type="globe" />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon size="m" type="sortRight" />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type={webCrawlersIcon} />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon size="m" type="sortRight" />
+                            </EuiFlexItem>
+                            <EuiFlexItem>
+                              <EuiIcon color="primary" size="l" type="logoElasticsearch" />
+                            </EuiFlexItem>
+                          </EuiFlexGroup>
+                        </EuiFlexItem>
+                        <EuiFlexItem>
+                          <EuiText>
+                            <p>
+                              {i18n.translate(
+                                'xpack.serverlessSearch.webCrawlersEmpty.guideThreeDescription',
+                                {
+                                  defaultMessage:
+                                    'Configure your web crawler and connect it to Elasticsearch',
+                                }
+                              )}
+                            </p>
+                          </EuiText>
+                        </EuiFlexItem>
+                      </EuiFlexGroup>
+                    </EuiFlexItem>
+                  </EuiFlexGroup>
+                </EuiPanel>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+            <EuiFlexGroup direction="row" gutterSize="m">
+              <EuiFlexItem>
+                <EuiButton
+                  data-test-subj="serverlessSearchEmptyConnectorsPromptCreateSelfManagedConnectorButton"
+                  fill
+                  iconType={githubIcon}
+                  href={'https://github.com/elastic/crawler'}
+                >
+                  {i18n.translate('xpack.serverlessSearch.webCrawlersEmpty.selfManagedButton', {
+                    defaultMessage: 'Self-managed web crawler',
+                  })}
+                </EuiButton>
+              </EuiFlexItem>
+              <EuiFlexItem>
+                <EuiFlexGroup direction="column" gutterSize="s" alignItems="center">
+                  <EuiFlexItem>
+                    <EuiButton
+                      data-test-subj="serverlessSearchEmptyConnectorsPromptCreateElasticManagedConnectorButton"
+                      onClick={() =>
+                        navigateToUrl(
+                          `${BASE_WEB_CRAWLERS_PATH}/${ELASTIC_MANAGED_WEB_CRAWLERS_PATH}`
+                        )
+                      }
+                    >
+                      {i18n.translate(
+                        'xpack.serverlessSearch.webCrawlersEmpty.elasticManagedButton',
+                        {
+                          defaultMessage: 'Elastic managed web crawler',
+                        }
+                      )}
+                    </EuiButton>
+                  </EuiFlexItem>
+                  <EuiFlexItem grow={false}>
+                    <EuiBadge color="accent">Coming soon</EuiBadge>
+                  </EuiFlexItem>
+                </EuiFlexGroup>
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </EuiFlexGroup>
+        </EuiPanel>
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/web_crawlers_elastic_managed.tsx b/x-pack/plugins/serverless_search/public/application/components/web_crawlers_elastic_managed.tsx
new file mode 100644
index 0000000000000..8ac5a0c59dd14
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/web_crawlers_elastic_managed.tsx
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLink, EuiPageTemplate, EuiText } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+import React, { useMemo } from 'react';
+
+import { LEARN_MORE_LABEL } from '../../../common/i18n_string';
+
+import { useKibanaServices } from '../hooks/use_kibana';
+import { ElasticManagedWebCrawlersCommingSoon } from './web_crawlers/elastic_managed_web_crawler_coming_soon';
+
+export const WebCrawlersElasticManaged = () => {
+  const { console: consolePlugin } = useKibanaServices();
+
+  const embeddableConsole = useMemo(
+    () => (consolePlugin?.EmbeddableConsole ? <consolePlugin.EmbeddableConsole /> : null),
+    [consolePlugin]
+  );
+
+  return (
+    <EuiPageTemplate offset={0} grow restrictWidth data-test-subj="svlSearchConnectorsPage">
+      <EuiPageTemplate.Header
+        pageTitle={i18n.translate('xpack.serverlessSearch.webcrawlers.title', {
+          defaultMessage: 'Web crawlers',
+        })}
+        data-test-subj="serverlessSearchConnectorsTitle"
+        restrictWidth
+      >
+        <EuiText>
+          <p>
+            <FormattedMessage
+              id="xpack.serverlessSearch.webcrawlers.headerContent"
+              defaultMessage="Discover extract and index searchable content from websites and knowledge bases {learnMoreLink}"
+              values={{
+                learnMoreLink: (
+                  <EuiLink
+                    data-test-subj="serverlessSearchConnectorsOverviewLink"
+                    external
+                    target="_blank"
+                    href={'https://github.com/elastic/crawler'}
+                  >
+                    {LEARN_MORE_LABEL}
+                  </EuiLink>
+                ),
+              }}
+            />
+          </p>
+        </EuiText>
+      </EuiPageTemplate.Header>
+      <EuiPageTemplate.Section restrictWidth color="subdued">
+        <ElasticManagedWebCrawlersCommingSoon />
+      </EuiPageTemplate.Section>
+      {embeddableConsole}
+    </EuiPageTemplate>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/web_crawlers_overview.tsx b/x-pack/plugins/serverless_search/public/application/components/web_crawlers_overview.tsx
new file mode 100644
index 0000000000000..b7e3763539536
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/web_crawlers_overview.tsx
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiLink, EuiPageTemplate, EuiText } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+import React, { useMemo } from 'react';
+
+import { LEARN_MORE_LABEL } from '../../../common/i18n_string';
+
+import { useKibanaServices } from '../hooks/use_kibana';
+import { EmptyWebCrawlersPrompt } from './web_crawlers/empty_web_crawlers_prompt';
+
+export const WebCrawlersOverview = () => {
+  const { console: consolePlugin } = useKibanaServices();
+
+  const embeddableConsole = useMemo(
+    () => (consolePlugin?.EmbeddableConsole ? <consolePlugin.EmbeddableConsole /> : null),
+    [consolePlugin]
+  );
+
+  return (
+    <EuiPageTemplate offset={0} grow restrictWidth data-test-subj="svlSearchConnectorsPage">
+      <EuiPageTemplate.Header
+        pageTitle={i18n.translate('xpack.serverlessSearch.webcrawlers.title', {
+          defaultMessage: 'Web crawlers',
+        })}
+        data-test-subj="serverlessSearchConnectorsTitle"
+        restrictWidth
+      >
+        <EuiText>
+          <p>
+            <FormattedMessage
+              id="xpack.serverlessSearch.webcrawlers.headerContent"
+              defaultMessage="Discover extract and index searchable content from websites and knowledge bases {learnMoreLink}"
+              values={{
+                learnMoreLink: (
+                  <EuiLink
+                    data-test-subj="serverlessSearchConnectorsLearnMoreLink"
+                    external
+                    target="_blank"
+                    href={'https://github.com/elastic/crawler'}
+                  >
+                    {LEARN_MORE_LABEL}
+                  </EuiLink>
+                ),
+              }}
+            />
+          </p>
+        </EuiText>
+      </EuiPageTemplate.Header>
+      <EuiPageTemplate.Section restrictWidth color="subdued">
+        <EmptyWebCrawlersPrompt />
+      </EuiPageTemplate.Section>
+      {embeddableConsole}
+    </EuiPageTemplate>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/components/web_crawlers_router.tsx b/x-pack/plugins/serverless_search/public/application/components/web_crawlers_router.tsx
new file mode 100644
index 0000000000000..7e4ae7a5d2657
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/components/web_crawlers_router.tsx
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Route, Routes } from '@kbn/shared-ux-router';
+import React from 'react';
+import { WebCrawlersOverview } from './web_crawlers_overview';
+import { WebCrawlersElasticManaged } from './web_crawlers_elastic_managed';
+
+export const WebCrawlersRouter: React.FC = () => {
+  return (
+    <Routes>
+      <Route exact path="/">
+        <WebCrawlersOverview />
+      </Route>
+      <Route exact path="/elastic_managed">
+        <WebCrawlersElasticManaged />
+      </Route>
+    </Routes>
+  );
+};
diff --git a/x-pack/plugins/serverless_search/public/application/constants.ts b/x-pack/plugins/serverless_search/public/application/constants.ts
index 8e8c15638a860..e5dce2a328d05 100644
--- a/x-pack/plugins/serverless_search/public/application/constants.ts
+++ b/x-pack/plugins/serverless_search/public/application/constants.ts
@@ -12,5 +12,8 @@ export const INDEX_NAME_PLACEHOLDER = 'index_name';
 
 // Paths
 export const BASE_CONNECTORS_PATH = 'connectors';
+export const BASE_WEB_CRAWLERS_PATH = 'web_crawlers';
 export const EDIT_CONNECTOR_PATH = `${BASE_CONNECTORS_PATH}/:id`;
+export const ELASTIC_MANAGED_CONNECTOR_PATH = '/elastic_managed';
+export const ELASTIC_MANAGED_WEB_CRAWLERS_PATH = '/elastic_managed';
 export const FILE_UPLOAD_PATH = '/app/ml/filedatavisualizer';
diff --git a/x-pack/plugins/serverless_search/public/application/web_crawlers.tsx b/x-pack/plugins/serverless_search/public/application/web_crawlers.tsx
new file mode 100644
index 0000000000000..e9a590c6dee57
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/application/web_crawlers.tsx
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreStart } from '@kbn/core-lifecycle-browser';
+
+import { I18nProvider } from '@kbn/i18n-react';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render';
+
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+
+import ReactDOM from 'react-dom';
+import React from 'react';
+import { ReactQueryDevtools } from '@tanstack/react-query-devtools';
+import { Router } from '@kbn/shared-ux-router';
+import { ServerlessSearchContext } from './hooks/use_kibana';
+
+export async function renderApp(
+  element: HTMLElement,
+  core: CoreStart,
+  services: ServerlessSearchContext,
+  queryClient: QueryClient
+) {
+  const { WebCrawlersRouter } = await import('./components/web_crawlers_router');
+
+  ReactDOM.render(
+    <KibanaRenderContextProvider {...core}>
+      <KibanaContextProvider services={{ ...core, ...services }}>
+        <QueryClientProvider client={queryClient}>
+          <ReactQueryDevtools initialIsOpen={false} />
+          <I18nProvider>
+            <Router history={services.history}>
+              <WebCrawlersRouter />
+            </Router>
+          </I18nProvider>
+        </QueryClientProvider>
+      </KibanaContextProvider>
+    </KibanaRenderContextProvider>,
+    element
+  );
+  return () => ReactDOM.unmountComponentAtNode(element);
+}
diff --git a/x-pack/plugins/serverless_search/public/assets/connectors.svg b/x-pack/plugins/serverless_search/public/assets/connectors.svg
index 659e9e5494352..53624f84a8a00 100644
--- a/x-pack/plugins/serverless_search/public/assets/connectors.svg
+++ b/x-pack/plugins/serverless_search/public/assets/connectors.svg
@@ -1 +1,11 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="15 15 70 70" fill="none"><circle cx="50" cy="50" r="35" fill="#0060d5"/><mask id="A" maskUnits="userSpaceOnUse" x="15" y="15" width="70" height="70" mask-type="alpha"><circle cx="50" cy="50" r="35" fill="#0060d5"/></mask><g mask="url(#A)"><path fill-rule="evenodd" d="M49.293 36.565l-2.828-2.828a5 5 0 0 0-7.071 0l-5.657 5.657a5 5 0 0 0 0 7.071l2.828 2.828 12.728-12.728zm-.707-4.95a8 8 0 0 0-11.314 0l-5.657 5.657a8 8 0 0 0 0 11.314l4.95 4.95 16.971-16.971-4.95-4.95zm17.678 21.92l-2.828-2.828-12.728 12.728 2.828 2.828a5 5 0 0 0 7.071 0l5.657-5.657a5 5 0 0 0 0-7.071zm-2.828-7.071l-16.97 16.971 4.95 4.95a8 8 0 0 0 11.314 0l5.657-5.657a8 8 0 0 0 0-11.314l-4.95-4.95z" fill="#fff"/><rect x="23.13" y="21.716" width="20" height="3" rx="1.5" transform="rotate(45 23.13 21.716)" fill="#fff"/><rect x="64.142" y="62.728" width="20" height="3" rx="1.5" transform="rotate(45 64.142 62.728)" fill="#fff"/><rect x="40.101" y="45.757" width="11" height="3" rx="1.5" transform="rotate(45 40.101 45.757)" fill="#fff"/><rect x="47.879" y="37.979" width="11" height="3" rx="1.5" transform="rotate(45 47.879 37.979)" fill="#fff"/></g></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24">
+  <g clip-path="url(#a)">
+    <path fill="#343741" d="m10.059 19.244-5.303-5.303 1.673-.448 4.078 4.078 5.572-1.493 1.492-5.57-4.078-4.08.448-1.672 5.303 5.303-1.716 6.408 3.712 3.712-.224.836-.837.225-3.712-3.713-6.408 1.717Z"/>
+    <path fill="#007871" fill-rule="evenodd" d="m14.652 14.652-3.623.97-2.651-2.651.746-2.786L2.76 3.821l.224-.837.837-.224 6.364 6.364 2.785-.746 2.652 2.652-.97 3.622Zm-.703-3.174-.522 1.95-1.95.521-1.426-1.427.522-1.949 1.95-.522 1.426 1.427Z" clip-rule="evenodd"/>
+  </g>
+  <defs>
+    <clipPath id="a">
+      <path fill="#fff" d="M0 0h24v24H0z"/>
+    </clipPath>
+  </defs>
+</svg>
diff --git a/x-pack/plugins/serverless_search/public/assets/web_crawlers.svg b/x-pack/plugins/serverless_search/public/assets/web_crawlers.svg
new file mode 100644
index 0000000000000..d6e2464c0f003
--- /dev/null
+++ b/x-pack/plugins/serverless_search/public/assets/web_crawlers.svg
@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" viewBox="0 0 24 24">
+  <path fill="#343741" fill-rule="evenodd" d="M11.25 1.933v-.75L12 .75l.75.433v.75l7.593 4.384.65-.375.75.433v.866l-.65.375v8.768l.65.375v.866l-.75.433-.65-.375-7.593 4.384v.75l-.75.433-.75-.433v-.75l-7.593-4.384-.65.375-.75-.433v-.866l.65-.375V7.616l-.65-.375v-.866l.75-.433.65.375 7.593-4.384Zm1.5 6 2.397 1.384 1.098-.634-3.495-2.018v1.268Zm3.147 2.683v2.768l1.098.634V9.982l-1.098.634Zm-.75 4.067-2.397 1.384v1.268l3.495-2.018-1.098-.634Zm-3.897 1.384-2.397-1.384-1.098.634 3.495 2.018v-1.268Zm-3.147-2.683v-2.768l-1.098-.634v4.036l1.098-.634Zm.75-4.067 2.397-1.384V6.665L7.755 8.683l1.098.634Zm8.892-1.5L12.75 4.933V3.665l6.093 3.518-1.098.634Zm.75 7.067V9.116l1.098-.634v7.036l-1.098-.634Zm-5.745 4.183 4.995-2.884 1.098.634-6.093 3.518v-1.268Zm-6.495-2.884 4.995 2.884v1.268l-6.093-3.518 1.098-.634Zm-.75-7.067v5.768l-1.098.634V8.482l1.098.634Zm5.745-4.183L6.255 7.817l-1.098-.634 6.093-3.518v1.268Zm-1.647 5.683L12 9.232l2.397 1.384v2.768L12 14.768l-2.397-1.384v-2.768Z" clip-rule="evenodd"/>
+  <path fill="#007871" d="m12 10.5 1.299.75v1.5L12 13.5l-1.299-.75v-1.5L12 10.5Z"/>
+</svg>
diff --git a/x-pack/plugins/serverless_search/public/navigation_tree.ts b/x-pack/plugins/serverless_search/public/navigation_tree.ts
index ae8f41b8b17f8..524888d0d33e6 100644
--- a/x-pack/plugins/serverless_search/public/navigation_tree.ts
+++ b/x-pack/plugins/serverless_search/public/navigation_tree.ts
@@ -8,7 +8,7 @@
 import type { AppDeepLinkId, NavigationTreeDefinition } from '@kbn/core-chrome-browser';
 import type { ApplicationStart } from '@kbn/core-application-browser';
 import { i18n } from '@kbn/i18n';
-import { CONNECTORS_LABEL } from '../common/i18n_string';
+import { CONNECTORS_LABEL, WEB_CRAWLERS_LABEL } from '../common/i18n_string';
 
 export const navigationTree = ({ isAppRegistered }: ApplicationStart): NavigationTreeDefinition => {
   function isAvailable<T>(appId: string, content: T): T[] {
@@ -54,6 +54,10 @@ export const navigationTree = ({ isAppRegistered }: ApplicationStart): Navigatio
                 title: CONNECTORS_LABEL,
                 link: 'serverlessConnectors',
               },
+              {
+                title: WEB_CRAWLERS_LABEL,
+                link: 'serverlessWebCrawlers',
+              },
             ],
           },
           {
diff --git a/x-pack/plugins/serverless_search/public/plugin.ts b/x-pack/plugins/serverless_search/public/plugin.ts
index d097cd1eb3ad4..3c24211d2a520 100644
--- a/x-pack/plugins/serverless_search/public/plugin.ts
+++ b/x-pack/plugins/serverless_search/public/plugin.ts
@@ -120,6 +120,27 @@ export class ServerlessSearchPlugin
       },
     });
 
+    const webCrawlersTitle = i18n.translate('xpack.serverlessSearch.app.webCrawlers.title', {
+      defaultMessage: 'Web Crawlers',
+    });
+
+    core.application.register({
+      id: 'serverlessWebCrawlers',
+      title: webCrawlersTitle,
+      appRoute: '/app/web_crawlers',
+      euiIconType: 'logoElastic',
+      category: DEFAULT_APP_CATEGORIES.enterpriseSearch,
+      visibleIn: [],
+      async mount({ element, history }: AppMountParameters) {
+        const { renderApp } = await import('./application/web_crawlers');
+        const [coreStart, services] = await core.getStartServices();
+        coreStart.chrome.docTitle.change(webCrawlersTitle);
+        docLinks.setDocLinks(coreStart.docLinks.links);
+
+        return await renderApp(element, coreStart, { history, ...services }, queryClient);
+      },
+    });
+
     const { searchIndices } = setupDeps;
     core.application.register({
       id: 'serverlessHomeRedirect',
diff --git a/x-pack/plugins/serverless_search/tsconfig.json b/x-pack/plugins/serverless_search/tsconfig.json
index 794f146299a0f..854a90fdb5fb5 100644
--- a/x-pack/plugins/serverless_search/tsconfig.json
+++ b/x-pack/plugins/serverless_search/tsconfig.json
@@ -54,6 +54,7 @@
     "@kbn/core-http-server",
     "@kbn/logging",
     "@kbn/security-plugin-types-public",
+    "@kbn/deeplinks-search",
     "@kbn/core-application-browser",
   ]
 }
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/steps/update.tsx b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/steps/update.tsx
index e7a37d415f4af..dba4f13ec9c86 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/steps/update.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/steps/update.tsx
@@ -5,13 +5,22 @@
  * 2.0.
  */
 
-import React, { FunctionComponent } from 'react';
+import React, { FunctionComponent, useState, useMemo } from 'react';
 import { fieldValidators } from '@kbn/es-ui-shared-plugin/static/forms/helpers';
-import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText } from '@elastic/eui';
-import { FIELD_TYPES, UseField } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiSwitch } from '@elastic/eui';
+import {
+  FIELD_TYPES,
+  UseField,
+  useFormContext,
+} from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
 import { Field } from '@kbn/es-ui-shared-plugin/static/forms/components';
 import { JsonFieldWrapper, MustacheTextFieldWrapper } from '@kbn/triggers-actions-ui-plugin/public';
-import { containsCommentsOrEmpty, containsTitleAndDesc, isUrlButCanBeEmpty } from '../validator';
+import {
+  containsCommentsOrEmpty,
+  containsTitleAndDesc,
+  isUrlButCanBeEmpty,
+  validateCreateComment,
+} from '../validator';
 import { casesVars, commentVars, urlVars } from '../action_variables';
 import { HTTP_VERBS } from '../webhook_connectors';
 import { styles } from './update.styles';
@@ -23,185 +32,238 @@ interface Props {
   readOnly: boolean;
 }
 
-export const UpdateStep: FunctionComponent<Props> = ({ display, readOnly }) => (
-  <span data-test-subj="updateStep" style={{ display: display ? 'block' : 'none' }}>
-    <EuiText>
-      <h3>{i18n.STEP_4A}</h3>
-      <small>
-        <p>{i18n.STEP_4A_DESCRIPTION}</p>
-      </small>
-    </EuiText>
-    <EuiSpacer size="s" />
-    <EuiFlexGroup justifyContent="spaceBetween">
-      <EuiFlexItem grow={false}>
-        <UseField
-          path="config.updateIncidentMethod"
-          component={Field}
-          config={{
-            label: i18n.UPDATE_INCIDENT_METHOD,
-            defaultValue: 'put',
-            type: FIELD_TYPES.SELECT,
-            validations: [
-              {
-                validator: emptyField(i18n.UPDATE_METHOD_REQUIRED),
-              },
-            ],
-          }}
-          css={styles.method}
-          componentProps={{
-            euiFieldProps: {
-              'data-test-subj': 'webhookUpdateMethodSelect',
-              options: HTTP_VERBS.map((verb) => ({ text: verb.toUpperCase(), value: verb })),
-              readOnly,
-            },
-          }}
-        />
-      </EuiFlexItem>
-      <EuiFlexItem>
-        <UseField
-          path="config.updateIncidentUrl"
-          config={{
-            label: i18n.UPDATE_INCIDENT_URL,
-            validations: [
-              {
-                validator: urlField(i18n.UPDATE_URL_REQUIRED),
-              },
-            ],
-            helpText: i18n.UPDATE_INCIDENT_URL_HELP,
-          }}
-          component={MustacheTextFieldWrapper}
-          componentProps={{
-            euiFieldProps: {
-              readOnly,
-              'data-test-subj': 'webhookUpdateUrlText',
-              messageVariables: urlVars,
-              paramsProperty: 'updateIncidentUrl',
-              buttonTitle: i18n.ADD_CASES_VARIABLE,
-              showButtonTitle: true,
-            },
-          }}
-        />
-      </EuiFlexItem>
-    </EuiFlexGroup>
-    <EuiFlexGroup>
-      <EuiFlexItem>
-        <UseField
-          path="config.updateIncidentJson"
-          config={{
-            helpText: i18n.UPDATE_INCIDENT_JSON_HELP,
-            label: i18n.UPDATE_INCIDENT_JSON,
-            validations: [
-              {
-                validator: emptyField(i18n.UPDATE_INCIDENT_REQUIRED),
-              },
-              {
-                validator: containsTitleAndDesc(),
-              },
-            ],
-          }}
-          component={JsonFieldWrapper}
-          componentProps={{
-            euiCodeEditorProps: {
-              height: '200px',
-              isReadOnly: readOnly,
-              ['aria-label']: i18n.CODE_EDITOR,
-            },
-            dataTestSubj: 'webhookUpdateIncidentJson',
-            messageVariables: [...casesVars, ...urlVars],
-            paramsProperty: 'updateIncidentJson',
-            buttonTitle: i18n.ADD_CASES_VARIABLE,
-            showButtonTitle: true,
-          }}
-        />
-      </EuiFlexItem>
-    </EuiFlexGroup>
-    <EuiSpacer size="m" />
-    <EuiText>
-      <h3>{i18n.STEP_4B}</h3>
-      <small>
-        <p>{i18n.STEP_4B_DESCRIPTION}</p>
-      </small>
-    </EuiText>
-    <EuiSpacer size="s" />
-    <EuiFlexGroup justifyContent="spaceBetween">
-      <EuiFlexItem grow={false}>
-        <UseField
-          path="config.createCommentMethod"
-          component={Field}
-          config={{
-            label: i18n.CREATE_COMMENT_METHOD,
-            defaultValue: 'put',
-            type: FIELD_TYPES.SELECT,
-            validations: [
-              {
-                validator: emptyField(i18n.CREATE_COMMENT_METHOD_REQUIRED),
-              },
-            ],
-          }}
-          css={styles.method}
-          componentProps={{
-            euiFieldProps: {
-              'data-test-subj': 'webhookCreateCommentMethodSelect',
-              options: HTTP_VERBS.map((verb) => ({ text: verb.toUpperCase(), value: verb })),
-              readOnly,
-            },
-          }}
-        />
-      </EuiFlexItem>
-      <EuiFlexItem>
-        <UseField
-          path="config.createCommentUrl"
-          config={{
-            label: i18n.CREATE_COMMENT_URL,
-            validations: [
-              {
-                validator: isUrlButCanBeEmpty(i18n.CREATE_COMMENT_URL_REQUIRED),
-              },
-            ],
-            helpText: i18n.CREATE_COMMENT_URL_HELP,
-          }}
-          component={MustacheTextFieldWrapper}
-          componentProps={{
-            euiFieldProps: {
-              readOnly,
-              'data-test-subj': 'webhookCreateCommentUrlText',
-              messageVariables: urlVars,
-              paramsProperty: 'createCommentUrl',
-              buttonTitle: i18n.ADD_CASES_VARIABLE,
-              showButtonTitle: true,
-            },
-          }}
-        />
-      </EuiFlexItem>
-    </EuiFlexGroup>
-    <EuiFlexGroup>
-      <EuiFlexItem>
-        <UseField
-          path="config.createCommentJson"
-          config={{
-            helpText: i18n.CREATE_COMMENT_JSON_HELP,
-            label: i18n.CREATE_COMMENT_JSON,
-            validations: [
-              {
-                validator: containsCommentsOrEmpty(i18n.CREATE_COMMENT_MESSAGE),
-              },
-            ],
-          }}
-          component={JsonFieldWrapper}
-          componentProps={{
-            euiCodeEditorProps: {
-              height: '200px',
-              isReadOnly: readOnly,
-              ['aria-label']: i18n.CODE_EDITOR,
-            },
-            dataTestSubj: 'webhookCreateCommentJson',
-            messageVariables: [...commentVars, ...urlVars],
-            paramsProperty: 'createCommentJson',
-            buttonTitle: i18n.ADD_CASES_VARIABLE,
-            showButtonTitle: true,
-          }}
+export const UpdateStep: FunctionComponent<Props> = ({ display, readOnly }) => {
+  const { getFieldDefaultValue } = useFormContext();
+
+  const hasCommentDefaultValue =
+    !!getFieldDefaultValue<boolean | undefined>('config.createCommentUrl') ||
+    !!getFieldDefaultValue<boolean | undefined>('config.createCommentJson');
+
+  const [isAddCommentToggled, setIsAddCommentToggled] = useState(Boolean(hasCommentDefaultValue));
+
+  const onAddCommentToggle = () => {
+    setIsAddCommentToggled((prev) => !prev);
+  };
+
+  const updateIncidentMethodConfig = useMemo(
+    () => ({
+      label: i18n.UPDATE_INCIDENT_METHOD,
+      defaultValue: 'put',
+      type: FIELD_TYPES.SELECT,
+      validations: [{ validator: emptyField(i18n.UPDATE_METHOD_REQUIRED) }],
+    }),
+    []
+  );
+
+  const updateIncidentUrlConfig = useMemo(
+    () => ({
+      label: i18n.UPDATE_INCIDENT_URL,
+      validations: [{ validator: urlField(i18n.UPDATE_URL_REQUIRED) }],
+      helpText: i18n.UPDATE_INCIDENT_URL_HELP,
+    }),
+    []
+  );
+
+  const updateIncidentJsonConfig = useMemo(
+    () => ({
+      label: i18n.UPDATE_INCIDENT_JSON,
+      helpText: i18n.UPDATE_INCIDENT_JSON_HELP,
+      validations: [
+        { validator: emptyField(i18n.UPDATE_INCIDENT_REQUIRED) },
+        { validator: containsTitleAndDesc() },
+      ],
+    }),
+    []
+  );
+
+  const createCommentMethodConfig = useMemo(
+    () => ({
+      label: i18n.CREATE_COMMENT_METHOD,
+      defaultValue: 'put',
+      type: FIELD_TYPES.SELECT,
+      validations: [{ validator: emptyField(i18n.CREATE_COMMENT_METHOD_REQUIRED) }],
+    }),
+    []
+  );
+
+  const createCommentUrlConfig = useMemo(
+    () => ({
+      label: i18n.CREATE_COMMENT_URL,
+      fieldsToValidateOnChange: ['config.createCommentUrl', 'config.createCommentJson'],
+      validations: [
+        { validator: isUrlButCanBeEmpty(i18n.CREATE_COMMENT_URL_FORMAT_REQUIRED) },
+        {
+          validator: validateCreateComment(
+            i18n.CREATE_COMMENT_URL_MISSING,
+            'config.createCommentJson'
+          ),
+        },
+      ],
+      helpText: i18n.CREATE_COMMENT_URL_HELP,
+    }),
+    []
+  );
+
+  const createCommentJsonConfig = useMemo(
+    () => ({
+      label: i18n.CREATE_COMMENT_JSON,
+      helpText: i18n.CREATE_COMMENT_JSON_HELP,
+      fieldsToValidateOnChange: ['config.createCommentJson', 'config.createCommentUrl'],
+      validations: [
+        { validator: containsCommentsOrEmpty(i18n.CREATE_COMMENT_FORMAT_MESSAGE) },
+        {
+          validator: validateCreateComment(
+            i18n.CREATE_COMMENT_JSON_MISSING,
+            'config.createCommentUrl'
+          ),
+        },
+      ],
+    }),
+    []
+  );
+
+  return (
+    <>
+      <span data-test-subj="updateStep" style={{ display: display ? 'block' : 'none' }}>
+        <EuiText>
+          <h3>{i18n.STEP_4A}</h3>
+          <small>
+            <p>{i18n.STEP_4A_DESCRIPTION}</p>
+          </small>
+        </EuiText>
+        <EuiSpacer size="s" />
+        <EuiFlexGroup justifyContent="spaceBetween">
+          <EuiFlexItem grow={false}>
+            <UseField
+              path="config.updateIncidentMethod"
+              component={Field}
+              config={updateIncidentMethodConfig}
+              css={styles.method}
+              componentProps={{
+                euiFieldProps: {
+                  'data-test-subj': 'webhookUpdateMethodSelect',
+                  options: HTTP_VERBS.map((verb) => ({ text: verb.toUpperCase(), value: verb })),
+                  readOnly,
+                },
+              }}
+            />
+          </EuiFlexItem>
+          <EuiFlexItem>
+            <UseField
+              path="config.updateIncidentUrl"
+              config={updateIncidentUrlConfig}
+              component={MustacheTextFieldWrapper}
+              componentProps={{
+                euiFieldProps: {
+                  readOnly,
+                  'data-test-subj': 'webhookUpdateUrlText',
+                  messageVariables: urlVars,
+                  paramsProperty: 'updateIncidentUrl',
+                  buttonTitle: i18n.ADD_CASES_VARIABLE,
+                  showButtonTitle: true,
+                },
+              }}
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiFlexGroup>
+          <EuiFlexItem>
+            <UseField
+              path="config.updateIncidentJson"
+              config={updateIncidentJsonConfig}
+              component={JsonFieldWrapper}
+              componentProps={{
+                euiCodeEditorProps: {
+                  height: '200px',
+                  isReadOnly: readOnly,
+                  ['aria-label']: i18n.CODE_EDITOR,
+                },
+                dataTestSubj: 'webhookUpdateIncidentJson',
+                messageVariables: [...casesVars, ...urlVars],
+                paramsProperty: 'updateIncidentJson',
+                buttonTitle: i18n.ADD_CASES_VARIABLE,
+                showButtonTitle: true,
+              }}
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiSpacer size="m" />
+        <EuiSwitch
+          label={i18n.STEP_4B}
+          showLabel={true}
+          onChange={onAddCommentToggle}
+          checked={isAddCommentToggled}
+          data-test-subj="webhookAddCommentToggle"
         />
-      </EuiFlexItem>
-    </EuiFlexGroup>
-  </span>
-);
+        {isAddCommentToggled && (
+          <>
+            <EuiSpacer size="m" />
+            <EuiText>
+              <small>
+                <p>{i18n.STEP_4B_DESCRIPTION}</p>
+              </small>
+            </EuiText>
+            <EuiFlexGroup justifyContent="spaceBetween">
+              <EuiFlexItem grow={false}>
+                <UseField
+                  path="config.createCommentMethod"
+                  component={Field}
+                  config={createCommentMethodConfig}
+                  css={styles.method}
+                  componentProps={{
+                    euiFieldProps: {
+                      'data-test-subj': 'webhookCreateCommentMethodSelect',
+                      options: HTTP_VERBS.map((verb) => ({
+                        text: verb.toUpperCase(),
+                        value: verb,
+                      })),
+                      readOnly,
+                    },
+                  }}
+                />
+              </EuiFlexItem>
+              <EuiFlexItem>
+                <UseField
+                  path="config.createCommentUrl"
+                  config={createCommentUrlConfig}
+                  component={MustacheTextFieldWrapper}
+                  componentProps={{
+                    euiFieldProps: {
+                      readOnly,
+                      'data-test-subj': 'webhookCreateCommentUrlText',
+                      messageVariables: urlVars,
+                      paramsProperty: 'createCommentUrl',
+                      buttonTitle: i18n.ADD_CASES_VARIABLE,
+                      showButtonTitle: true,
+                    },
+                  }}
+                />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+            <EuiFlexGroup>
+              <EuiFlexItem>
+                <UseField
+                  path="config.createCommentJson"
+                  config={createCommentJsonConfig}
+                  component={JsonFieldWrapper}
+                  componentProps={{
+                    euiCodeEditorProps: {
+                      height: '200px',
+                      isReadOnly: readOnly,
+                      ['aria-label']: i18n.CODE_EDITOR,
+                    },
+                    dataTestSubj: 'webhookCreateCommentJson',
+                    messageVariables: [...commentVars, ...urlVars],
+                    paramsProperty: 'createCommentJson',
+                    buttonTitle: i18n.ADD_CASES_VARIABLE,
+                    showButtonTitle: true,
+                  }}
+                />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </>
+        )}
+      </span>
+    </>
+  );
+};
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/translations.ts b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/translations.ts
index 8c44b6197ef9c..5653fe4adc851 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/translations.ts
+++ b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/translations.ts
@@ -54,13 +54,28 @@ export const UPDATE_METHOD_REQUIRED = i18n.translate(
   }
 );
 
-export const CREATE_COMMENT_URL_REQUIRED = i18n.translate(
+export const CREATE_COMMENT_URL_FORMAT_REQUIRED = i18n.translate(
   'xpack.stackConnectors.components.casesWebhook.error.requiredCreateCommentUrlText',
   {
     defaultMessage: 'Create comment URL must be URL format.',
   }
 );
-export const CREATE_COMMENT_MESSAGE = i18n.translate(
+
+export const CREATE_COMMENT_URL_MISSING = i18n.translate(
+  'xpack.stackConnectors.components.casesWebhook.error.requiredCreateCommentUrlMissing',
+  {
+    defaultMessage: 'Create comment URL is required.',
+  }
+);
+
+export const CREATE_COMMENT_JSON_MISSING = i18n.translate(
+  'xpack.stackConnectors.components.casesWebhook.error.requiredCreateCommentJsonMissing',
+  {
+    defaultMessage: 'Create comment Json is required.',
+  }
+);
+
+export const CREATE_COMMENT_FORMAT_MESSAGE = i18n.translate(
   'xpack.stackConnectors.components.casesWebhook.error.requiredCreateCommentIncidentText',
   {
     defaultMessage: 'Create comment object must be valid JSON.',
@@ -373,7 +388,7 @@ export const STEP_4A_DESCRIPTION = i18n.translate(
 );
 
 export const STEP_4B = i18n.translate('xpack.stackConnectors.components.casesWebhook.step4b', {
-  defaultMessage: 'Add comment in case (optional)',
+  defaultMessage: 'Add comment in case',
 });
 
 export const STEP_4B_DESCRIPTION = i18n.translate(
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/validator.ts b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/validator.ts
index d972c9bbd1f86..8c64042801635 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/validator.ts
+++ b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/validator.ts
@@ -100,6 +100,11 @@ export const containsCommentsOrEmpty =
   (message: string) =>
   (...args: Parameters<ValidationFunc>): ReturnType<ValidationFunc<any, ERROR_CODE>> => {
     const [{ value, path }] = args;
+
+    if (value === null || value === undefined || value === '') {
+      return undefined;
+    }
+
     if (typeof value !== 'string') {
       return {
         code: 'ERR_FIELD_FORMAT',
@@ -107,9 +112,6 @@ export const containsCommentsOrEmpty =
         message,
       };
     }
-    if (value.length === 0) {
-      return undefined;
-    }
 
     const comment = templateActionVariable(
       commentVars.find((actionVariable) => actionVariable.name === 'case.comment')!
@@ -128,16 +130,30 @@ export const isUrlButCanBeEmpty =
   (message: string) =>
   (...args: Parameters<ValidationFunc>) => {
     const [{ value }] = args;
+
     const error: ValidationError<ERROR_CODE> = {
       code: 'ERR_FIELD_FORMAT',
       formatType: 'URL',
       message,
     };
-    if (typeof value !== 'string') {
-      return error;
-    }
-    if (value.length === 0) {
+
+    if (value === null || value === undefined || value === '') {
       return undefined;
     }
-    return isUrl(value) ? undefined : error;
+    return typeof value === 'string' && isUrl(value) ? undefined : error;
+  };
+
+export const validateCreateComment =
+  (message: string, fieldName: string) =>
+  (...args: Parameters<ValidationFunc>) => {
+    const [{ value, formData }] = args;
+    const otherFielValue = formData[fieldName];
+
+    const error: ValidationError<ERROR_CODE> = {
+      code: 'ERR_FIELD_FORMAT',
+      formatType: 'STRING',
+      message,
+    };
+
+    return !value && otherFielValue ? error : undefined;
   };
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/webhook_connectors.test.tsx b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/webhook_connectors.test.tsx
index 713f2bd9e6f83..911875f31eb26 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/webhook_connectors.test.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/cases_webhook/webhook_connectors.test.tsx
@@ -97,6 +97,49 @@ describe('CasesWebhookActionConnectorFields renders', () => {
     expect(await screen.findByTestId('webhookCreateCommentJson')).toBeInTheDocument();
   });
 
+  it('Add comment to case section is rendered only when the toggle button is on', async () => {
+    const incompleteActionConnector = {
+      ...actionConnector,
+      config: {
+        ...actionConnector.config,
+        createCommentUrl: undefined,
+        createCommentJson: undefined,
+      },
+    };
+    render(
+      <ConnectorFormTestProvider connector={incompleteActionConnector}>
+        <CasesWebhookActionConnectorFields
+          readOnly={false}
+          isEdit={false}
+          registerPreSubmitValidator={() => {}}
+        />
+      </ConnectorFormTestProvider>
+    );
+
+    await userEvent.click(await screen.findByTestId('webhookAddCommentToggle'));
+
+    expect(await screen.findByTestId('webhookCreateCommentMethodSelect')).toBeInTheDocument();
+    expect(await screen.findByTestId('createCommentUrlInput')).toBeInTheDocument();
+    expect(await screen.findByTestId('webhookCreateCommentJson')).toBeInTheDocument();
+  });
+
+  it('Toggle button is active when create comment section fields are populated', async () => {
+    render(
+      <ConnectorFormTestProvider connector={actionConnector}>
+        <CasesWebhookActionConnectorFields
+          readOnly={false}
+          isEdit={false}
+          registerPreSubmitValidator={() => {}}
+        />
+      </ConnectorFormTestProvider>
+    );
+
+    expect(await screen.findByTestId('webhookAddCommentToggle')).toHaveAttribute(
+      'aria-checked',
+      'true'
+    );
+  });
+
   it('connector auth toggles work as expected', async () => {
     render(
       <ConnectorFormTestProvider connector={actionConnector}>
diff --git a/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.test.ts
index aa8d248566d9a..5f2f5ee019a5f 100644
--- a/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.test.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.test.ts
@@ -1232,6 +1232,23 @@ describe('ServiceNow service', () => {
       `);
       });
 
+      test('it should return null if no incident found, when incident to be closed is null', async () => {
+        requestMock.mockImplementationOnce(() => ({
+          data: {
+            result: [],
+          },
+        }));
+
+        const res = await service.closeIncident({ incidentId: '2', correlationId: null });
+        expect(logger.warn.mock.calls[0]).toMatchInlineSnapshot(`
+          Array [
+            "[ServiceNow][CloseIncident] No incident found with correlation_id: null or incidentId: 2.",
+          ]
+        `);
+
+        expect(res).toBeNull();
+      });
+
       test('it should return null if found incident with correlation id is null', async () => {
         requestMock.mockImplementationOnce(() => ({
           data: {
diff --git a/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.ts b/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.ts
index 84a8592aaa832..4cfe1ad56cfa7 100644
--- a/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.ts
+++ b/x-pack/plugins/stack_connectors/server/connector_types/lib/servicenow/service.ts
@@ -8,6 +8,7 @@
 import { AxiosResponse } from 'axios';
 
 import { request } from '@kbn/actions-plugin/server/lib/axios_utils';
+import { isEmpty } from 'lodash';
 import {
   ExternalService,
   ExternalServiceParamsCreate,
@@ -306,7 +307,7 @@ export const createExternalService: ServiceFactory = ({
         incidentToBeClosed = await getIncidentByCorrelationId(correlationId);
       }
 
-      if (incidentToBeClosed === null) {
+      if (incidentToBeClosed === null || isEmpty(incidentToBeClosed)) {
         logger.warn(
           `[ServiceNow][CloseIncident] No incident found with correlation_id: ${correlationId} or incidentId: ${incidentId}.`
         );
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
index e977ae228fdfc..cb51a020eeaac 100644
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@@ -6689,12 +6689,6 @@
     "reporting.share.screenCapturePanelContent.optimizeForPrintingLabel": "Optimiser pour l'impression",
     "reporting.shareContextMenu.ExportsButtonLabel": "PDF",
     "reporting.shareContextMenu.ExportsButtonLabelPNG": "Export PNG",
-    "savedObjects.confirmModal.cancelButtonLabel": "Annuler",
-    "savedObjects.confirmModal.overwriteButtonLabel": "Écraser",
-    "savedObjects.confirmModal.overwriteConfirmationMessage": "Êtes-vous sûr de vouloir écraser {title} ?",
-    "savedObjects.confirmModal.overwriteTitle": "Écraser {name} ?",
-    "savedObjects.confirmModal.saveDuplicateButtonLabel": "Enregistrer {name}",
-    "savedObjects.confirmModal.saveDuplicateConfirmationMessage": "Il y a déjà une occurrence de {name} avec le titre \"{title}\". Voulez-vous tout de même enregistrer ?",
     "savedObjects.overwriteRejectedDescription": "La confirmation d'écrasement a été rejetée.",
     "savedObjects.saveDuplicateRejectedDescription": "La confirmation d'enregistrement avec un doublon de titre a été rejetée.",
     "savedObjects.saveModal.cancelButtonLabel": "Annuler",
@@ -26193,7 +26187,6 @@
     "xpack.inventory.badgeFilterWithPopover.openPopoverBadgeLabel": "Ouvrir la fenêtre contextuelle",
     "xpack.inventory.data_view.creation_failed": "Une erreur s'est produite lors de la création de la vue de données",
     "xpack.inventory.eemEnablement.errorTitle": "Erreur lors de l'activation du nouveau modèle d'entité",
-    "xpack.inventory.entityActions.discoverLink": "Ouvrir dans Discover",
     "xpack.inventory.entitiesGrid.euiDataGrid.alertsLabel": "Alertes",
     "xpack.inventory.entitiesGrid.euiDataGrid.alertsTooltip": "Le nombre d'alertes actives",
     "xpack.inventory.entitiesGrid.euiDataGrid.entityNameLabel": "Nom de l'entité",
@@ -26206,6 +26199,7 @@
     "xpack.inventory.entitiesGrid.euiDataGrid.lastSeenTooltip": "Horodatage des dernières données reçues pour l'entité (entity.lastSeenTimestamp)",
     "xpack.inventory.entitiesGrid.euiDataGrid.typeLabel": "Type",
     "xpack.inventory.entitiesGrid.euiDataGrid.typeTooltip": "Type d'entité (entity.type)",
+    "xpack.inventory.entityActions.discoverLink": "Ouvrir dans Discover",
     "xpack.inventory.featureRegistry.inventoryFeatureName": "Inventory",
     "xpack.inventory.home.serviceAlertsTable.tooltip.activeAlertsExplanation": "Alertes actives",
     "xpack.inventory.inventoryLinkTitle": "Inventory",
@@ -43121,8 +43115,6 @@
     "xpack.serverlessSearch.connectors.typeLabel": "Type",
     "xpack.serverlessSearch.connectors.variablesTitle": "Variable pour votre {url}",
     "xpack.serverlessSearch.connectors.waitingForConnection": "En attente de connexion",
-    "xpack.serverlessSearch.connectorsEmpty.availableConnectors": "Connecteurs disponibles",
-    "xpack.serverlessSearch.connectorsEmpty.createConnector": "Créer un connecteur",
     "xpack.serverlessSearch.connectorsEmpty.description": "La configuration et le déploiement d'un connecteur se passe entre la source de données tierce, votre terminal et l'UI sans serveur d'Elasticsearch. Le processus à haut niveau ressemble à ça :",
     "xpack.serverlessSearch.connectorsEmpty.dockerLabel": "Docker",
     "xpack.serverlessSearch.connectorsEmpty.guideOneDescription": "Choisissez une source de données à synchroniser",
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 05416471642cb..b5a0c4a1481df 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -6682,12 +6682,6 @@
     "reporting.share.screenCapturePanelContent.optimizeForPrintingLabel": "印刷用に最適化",
     "reporting.shareContextMenu.ExportsButtonLabel": "PDF",
     "reporting.shareContextMenu.ExportsButtonLabelPNG": "PNGエクスポート",
-    "savedObjects.confirmModal.cancelButtonLabel": "キャンセル",
-    "savedObjects.confirmModal.overwriteButtonLabel": "上書き",
-    "savedObjects.confirmModal.overwriteConfirmationMessage": "{title}を上書きしてよろしいですか？",
-    "savedObjects.confirmModal.overwriteTitle": "{name} を上書きしますか？",
-    "savedObjects.confirmModal.saveDuplicateButtonLabel": "{name} を保存",
-    "savedObjects.confirmModal.saveDuplicateConfirmationMessage": "''{title}''というタイトルの {name} がすでに存在します。保存しますか？",
     "savedObjects.overwriteRejectedDescription": "上書き確認が拒否されました",
     "savedObjects.saveDuplicateRejectedDescription": "重複ファイルの保存確認が拒否されました",
     "savedObjects.saveModal.cancelButtonLabel": "キャンセル",
@@ -26165,7 +26159,6 @@
     "xpack.inventory.badgeFilterWithPopover.openPopoverBadgeLabel": "ポップオーバーを開く",
     "xpack.inventory.data_view.creation_failed": "データビューの作成中にエラーが発生しました",
     "xpack.inventory.eemEnablement.errorTitle": "新しいエンティティモデルの有効化エラー",
-    "xpack.inventory.entityActions.discoverLink": "Discoverで開く",
     "xpack.inventory.entitiesGrid.euiDataGrid.alertsLabel": "アラート",
     "xpack.inventory.entitiesGrid.euiDataGrid.alertsTooltip": "アクティブなアラートの件数",
     "xpack.inventory.entitiesGrid.euiDataGrid.entityNameLabel": "エンティティ名",
@@ -26178,6 +26171,7 @@
     "xpack.inventory.entitiesGrid.euiDataGrid.lastSeenTooltip": "エンティティで最後に受信したデータのタイムスタンプ（entity.lastSeenTimestamp）",
     "xpack.inventory.entitiesGrid.euiDataGrid.typeLabel": "型",
     "xpack.inventory.entitiesGrid.euiDataGrid.typeTooltip": "エンティティのタイプ（entity.type）",
+    "xpack.inventory.entityActions.discoverLink": "Discoverで開く",
     "xpack.inventory.featureRegistry.inventoryFeatureName": "インベントリ",
     "xpack.inventory.home.serviceAlertsTable.tooltip.activeAlertsExplanation": "アクティブアラート",
     "xpack.inventory.inventoryLinkTitle": "インベントリ",
@@ -43087,8 +43081,6 @@
     "xpack.serverlessSearch.connectors.typeLabel": "型",
     "xpack.serverlessSearch.connectors.variablesTitle": "{url}の変数",
     "xpack.serverlessSearch.connectors.waitingForConnection": "接続を待機中",
-    "xpack.serverlessSearch.connectorsEmpty.availableConnectors": "使用可能なコネクター",
-    "xpack.serverlessSearch.connectorsEmpty.createConnector": "コネクターを作成",
     "xpack.serverlessSearch.connectorsEmpty.description": "コネクターを設定およびデプロイするには、サードパーティのデータソース、端末、ElasticsearchサーバーレスUI の間で作業することになります。プロセスの概要は次のとおりです。",
     "xpack.serverlessSearch.connectorsEmpty.dockerLabel": "Docker",
     "xpack.serverlessSearch.connectorsEmpty.guideOneDescription": "同期したいデータソースを選択します。",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 0e0b68b1a3ef9..8c21f00ca8228 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -6601,8 +6601,6 @@
     "reporting.share.screenCapturePanelContent.optimizeForPrintingLabel": "打印优化",
     "reporting.shareContextMenu.ExportsButtonLabel": "PDF",
     "reporting.shareContextMenu.ExportsButtonLabelPNG": "PNG 导出",
-    "savedObjects.confirmModal.cancelButtonLabel": "取消",
-    "savedObjects.confirmModal.overwriteButtonLabel": "覆盖",
     "savedObjects.overwriteRejectedDescription": "已拒绝覆盖确认",
     "savedObjects.saveDuplicateRejectedDescription": "已拒绝使用重复标题保存确认",
     "savedObjects.saveModal.cancelButtonLabel": "取消",
@@ -25691,7 +25689,6 @@
     "xpack.inventory.badgeFilterWithPopover.openPopoverBadgeLabel": "打开弹出框",
     "xpack.inventory.data_view.creation_failed": "创建数据视图时出错",
     "xpack.inventory.eemEnablement.errorTitle": "启用新实体模型时出错",
-    "xpack.inventory.entityActions.discoverLink": "在 Discover 中打开",
     "xpack.inventory.entitiesGrid.euiDataGrid.alertsLabel": "告警",
     "xpack.inventory.entitiesGrid.euiDataGrid.alertsTooltip": "活动告警计数",
     "xpack.inventory.entitiesGrid.euiDataGrid.entityNameLabel": "实体名称",
@@ -25704,6 +25701,7 @@
     "xpack.inventory.entitiesGrid.euiDataGrid.lastSeenTooltip": "上次接收的实体数据的时间戳 (entity.lastSeenTimestamp)",
     "xpack.inventory.entitiesGrid.euiDataGrid.typeLabel": "类型",
     "xpack.inventory.entitiesGrid.euiDataGrid.typeTooltip": "实体的类型 (entity.type)",
+    "xpack.inventory.entityActions.discoverLink": "在 Discover 中打开",
     "xpack.inventory.featureRegistry.inventoryFeatureName": "库存",
     "xpack.inventory.home.serviceAlertsTable.tooltip.activeAlertsExplanation": "活动告警",
     "xpack.inventory.inventoryLinkTitle": "库存",
@@ -42431,8 +42429,6 @@
     "xpack.serverlessSearch.connectors.typeLabel": "类型",
     "xpack.serverlessSearch.connectors.variablesTitle": "您的 {url} 的变量",
     "xpack.serverlessSearch.connectors.waitingForConnection": "等待连接",
-    "xpack.serverlessSearch.connectorsEmpty.availableConnectors": "可用连接器",
-    "xpack.serverlessSearch.connectorsEmpty.createConnector": "创建连接器",
     "xpack.serverlessSearch.connectorsEmpty.description": "要设置并部署连接器，您需要在第三方数据源、终端与 Elasticsearch 无服务器 UI 之间开展工作。高级流程类似于这样：",
     "xpack.serverlessSearch.connectorsEmpty.dockerLabel": "Docker",
     "xpack.serverlessSearch.connectorsEmpty.guideOneDescription": "选择要同步的数据源",
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/index.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/index.test.tsx
index 1ff0d9f679a05..6ad74732844c0 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/index.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/index.test.tsx
@@ -143,7 +143,7 @@ describe('EditConnectorFlyout', () => {
     });
 
     await waitFor(() => {
-      expect(queryByText('This connector is readonly.')).not.toBeInTheDocument();
+      expect(queryByText('This connector is read-only.')).not.toBeInTheDocument();
       expect(getByTestId('nameInput')).toHaveValue('My test');
       expect(getByTestId('test-connector-text-field')).toHaveValue('My text field');
     });
@@ -176,7 +176,7 @@ describe('EditConnectorFlyout', () => {
       />
     );
 
-    expect(getByText('This connector is readonly.')).toBeInTheDocument();
+    expect(getByText('This connector is read-only.')).toBeInTheDocument();
   });
 
   it('shows the buttons', async () => {
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.test.tsx
index baa8eed5265d5..194a3bf1f1524 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.test.tsx
@@ -25,7 +25,7 @@ describe('ReadOnlyConnectorMessage', () => {
       { wrapper: I18nProvider }
     );
 
-    expect(getByText('This connector is readonly.')).toBeInTheDocument();
+    expect(getByText('This connector is read-only.')).toBeInTheDocument();
     expect(getByTestId('read-only-link')).toHaveProperty('href', 'https://example.com/');
     expect(queryByText('Extra Component')).toBeNull();
   });
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.tsx
index f32bc2a34bd6b..354f832090869 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/edit_connector_flyout/read_only.tsx
@@ -22,7 +22,7 @@ export const ReadOnlyConnectorMessage: React.FC<{
     <>
       <EuiText>
         {i18n.translate('xpack.triggersActionsUI.sections.editConnectorForm.descriptionText', {
-          defaultMessage: 'This connector is readonly.',
+          defaultMessage: 'This connector is read-only.',
         })}
       </EuiText>
       <EuiLink data-test-subj="read-only-link" href={href} target="_blank">
diff --git a/x-pack/test/accessibility/apps/group1/users.ts b/x-pack/test/accessibility/apps/group1/users.ts
index e26e6a6f6a54f..138f0995cbaae 100644
--- a/x-pack/test/accessibility/apps/group1/users.ts
+++ b/x-pack/test/accessibility/apps/group1/users.ts
@@ -62,7 +62,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         confirm_password: 'password',
         full_name: 'a11y user',
         email: 'example@example.com',
-        roles: ['apm_user'],
+        roles: ['editor'],
       });
       await testSubjects.click('rolesDropdown');
       await a11y.testAppSnapshot();
@@ -75,7 +75,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         confirm_password: 'password',
         full_name: 'DeleteA11y user',
         email: 'example@example.com',
-        roles: ['apm_user'],
+        roles: ['editor'],
       });
       await testSubjects.click('checkboxSelectRow-deleteA11y');
       await a11y.testAppSnapshot();
diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts
index 3cffbef413fa3..6ba76b071d860 100644
--- a/x-pack/test/api_integration/services/security_solution_api.gen.ts
+++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts
@@ -106,6 +106,7 @@ import {
   InitEntityEngineRequestParamsInput,
   InitEntityEngineRequestBodyInput,
 } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen';
+import { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enablement.gen';
 import { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen';
 import { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen';
 import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen';
@@ -842,6 +843,13 @@ finalize it.
         .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
     },
+    getEntityStoreStatus(kibanaSpace: string = 'default') {
+      return supertest
+        .get(routeWithNamespace('/api/entity_store/status', kibanaSpace))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     /**
      * Get all notes for a given document.
      */
@@ -1030,6 +1038,14 @@ finalize it.
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .send(props.body as object);
     },
+    initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') {
+      return supertest
+        .post(routeWithNamespace('/api/entity_store/enable', kibanaSpace))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .send(props.body as object);
+    },
     /**
      * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine
      */
@@ -1633,6 +1649,9 @@ export interface InitEntityEngineProps {
   params: InitEntityEngineRequestParamsInput;
   body: InitEntityEngineRequestBodyInput;
 }
+export interface InitEntityStoreProps {
+  body: InitEntityStoreRequestBodyInput;
+}
 export interface InstallPrepackedTimelinesProps {
   body: InstallPrepackedTimelinesRequestBodyInput;
 }
diff --git a/x-pack/test/functional/apps/index_lifecycle_management/read_only_view.ts b/x-pack/test/functional/apps/index_lifecycle_management/read_only_view.ts
index 030074a97b4bd..b30ee9ecee763 100644
--- a/x-pack/test/functional/apps/index_lifecycle_management/read_only_view.ts
+++ b/x-pack/test/functional/apps/index_lifecycle_management/read_only_view.ts
@@ -15,6 +15,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const security = getService('security');
 
   describe('Read only view', function () {
+    this.tags('skipFIPS');
     before(async () => {
       await security.testUser.setRoles(['read_ilm']);
 
diff --git a/x-pack/test/functional/apps/infra/home_page.ts b/x-pack/test/functional/apps/infra/home_page.ts
index f36b3394e2a89..fc937afc3f3c9 100644
--- a/x-pack/test/functional/apps/infra/home_page.ts
+++ b/x-pack/test/functional/apps/infra/home_page.ts
@@ -426,8 +426,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
           expect(nodesWithValue).to.eql([
             { name: 'host-5', value: 10, color: '#6092c0' },
             { name: 'host-4', value: 30, color: '#9ab6d5' },
-            { name: 'host-1', value: 50, color: '#f1d9b9' },
-            { name: 'host-2', value: 70, color: '#eba47a' },
+            { name: 'host-1', value: 50, color: '#f6e0b9' },
+            { name: 'host-2', value: 70, color: '#eda77a' },
             { name: 'host-3', value: 90, color: '#e7664c' },
           ]);
         });
diff --git a/x-pack/test/functional/apps/lens/group4/chart_data.ts b/x-pack/test/functional/apps/lens/group4/chart_data.ts
index 3b3a51c289473..fc922f8d2df17 100644
--- a/x-pack/test/functional/apps/lens/group4/chart_data.ts
+++ b/x-pack/test/functional/apps/lens/group4/chart_data.ts
@@ -117,7 +117,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         { key: '5,722.775 - 8,529.22', name: '5,722.775 - 8,529.22', color: '#6092c0' },
         { key: '8,529.22 - 11,335.665', name: '8,529.22 - 11,335.665', color: '#a8bfda' },
         { key: '11,335.665 - 14,142.11', name: '11,335.665 - 14,142.11', color: '#ebeff5' },
-        { key: '14,142.11 - 16,948.555', name: '14,142.11 - 16,948.555', color: '#ecb385' },
+        { key: '14,142.11 - 16,948.555', name: '14,142.11 - 16,948.555', color: '#efb785' },
         { key: '≥ 16,948.555', name: '≥ 16,948.555', color: '#e7664c' },
       ]);
     });
diff --git a/x-pack/test/functional/apps/lens/group5/heatmap.ts b/x-pack/test/functional/apps/lens/group5/heatmap.ts
index 7abcba0cb0780..a61afa2d24d8a 100644
--- a/x-pack/test/functional/apps/lens/group5/heatmap.ts
+++ b/x-pack/test/functional/apps/lens/group5/heatmap.ts
@@ -58,7 +58,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         { key: '5,722.775 - 8,529.22', name: '5,722.775 - 8,529.22', color: '#6092c0' },
         { key: '8,529.22 - 11,335.665', name: '8,529.22 - 11,335.665', color: '#a8bfda' },
         { key: '11,335.665 - 14,142.11', name: '11,335.665 - 14,142.11', color: '#ebeff5' },
-        { key: '14,142.11 - 16,948.555', name: '14,142.11 - 16,948.555', color: '#ecb385' },
+        { key: '14,142.11 - 16,948.555', name: '14,142.11 - 16,948.555', color: '#efb785' },
         { key: '≥ 16,948.555', name: '≥ 16,948.555', color: '#e7664c' },
       ]);
     });
@@ -80,7 +80,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         { key: '7,125.997 - 8,529.22', name: '7,125.997 - 8,529.22', color: '#6092c0' },
         { key: '8,529.22 - 11,335.665', name: '8,529.22 - 11,335.665', color: '#a8bfda' },
         { key: '11,335.665 - 14,142.11', name: '11,335.665 - 14,142.11', color: '#ebeff5' },
-        { key: '14,142.11 - 16,948.555', name: '14,142.11 - 16,948.555', color: '#ecb385' },
+        { key: '14,142.11 - 16,948.555', name: '14,142.11 - 16,948.555', color: '#efb785' },
         { key: '≥ 16,948.555', name: '≥ 16,948.555', color: '#e7664c' },
       ]);
     });
@@ -94,7 +94,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         { key: '7,125.99 - 8,529.2', name: '7,125.99 - 8,529.2', color: '#6092c0' },
         { key: '8,529.2 - 11,335.66', name: '8,529.2 - 11,335.66', color: '#a8bfda' },
         { key: '11,335.66 - 14,142.1', name: '11,335.66 - 14,142.1', color: '#ebeff5' },
-        { key: '14,142.1 - 16,948.55', name: '14,142.1 - 16,948.55', color: '#ecb385' },
+        { key: '14,142.1 - 16,948.55', name: '14,142.1 - 16,948.55', color: '#efb785' },
         {
           color: '#e7664c',
           key: '≥ 16,948.55',
@@ -115,7 +115,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         { key: '0 - 8,529.2', name: '0 - 8,529.2', color: '#6092c0' },
         { key: '8,529.2 - 11,335.66', name: '8,529.2 - 11,335.66', color: '#a8bfda' },
         { key: '11,335.66 - 14,142.1', name: '11,335.66 - 14,142.1', color: '#ebeff5' },
-        { key: '14,142.1 - 16,948.55', name: '14,142.1 - 16,948.55', color: '#ecb385' },
+        { key: '14,142.1 - 16,948.55', name: '14,142.1 - 16,948.55', color: '#efb785' },
         { key: '≥ 16,948.55', name: '≥ 16,948.55', color: '#e7664c' },
       ]);
     });
@@ -133,7 +133,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         { key: '5,722.775 - 8,529.2', name: '5,722.775 - 8,529.2', color: '#6092c0' },
         { key: '8,529.2 - 11,335.66', name: '8,529.2 - 11,335.66', color: '#a8bfda' },
         { key: '11,335.66 - 14,142.1', name: '11,335.66 - 14,142.1', color: '#ebeff5' },
-        { key: '14,142.1 - 16,948.55', name: '14,142.1 - 16,948.55', color: '#ecb385' },
+        { key: '14,142.1 - 16,948.55', name: '14,142.1 - 16,948.55', color: '#efb785' },
         { key: '≥ 16,948.55', name: '≥ 16,948.55', color: '#e7664c' },
       ]);
       // assert the cell has the correct coloring despite the legend rounding
diff --git a/x-pack/test/functional/apps/security/users.ts b/x-pack/test/functional/apps/security/users.ts
index e9711dc29c46b..a8886045b70a4 100644
--- a/x-pack/test/functional/apps/security/users.ts
+++ b/x-pack/test/functional/apps/security/users.ts
@@ -111,9 +111,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       expect(roles.apm_system.reserved).to.be(true);
       expect(roles.apm_system.deprecated).to.be(false);
 
-      expect(roles.apm_user.reserved).to.be(true);
-      expect(roles.apm_user.deprecated).to.be(true);
-
       expect(roles.beats_admin.reserved).to.be(true);
       expect(roles.beats_admin.deprecated).to.be(false);
 
diff --git a/x-pack/test/functional/page_objects/log_wrapper.ts b/x-pack/test/functional/page_objects/log_wrapper.ts
index 97f5a7a89369f..afcead60b2905 100644
--- a/x-pack/test/functional/page_objects/log_wrapper.ts
+++ b/x-pack/test/functional/page_objects/log_wrapper.ts
@@ -7,6 +7,10 @@
 
 import { ToolingLog } from '@kbn/tooling-log';
 
+function isPromise<T>(value: unknown): value is Promise<T> {
+  return value instanceof Promise;
+}
+
 /**
  * Wraps the specified object instance with debug log statements of all method calls.
  *
@@ -19,17 +23,45 @@ export function logWrapper<T extends Record<string, Function>>(
   log: ToolingLog,
   instance: T
 ): T {
+  const logger = prepareLogger(log, prefix);
   return Object.keys(instance).reduce((acc, prop) => {
     const baseFn = acc[prop];
     (acc as Record<string, Function>)[prop] = (...args: unknown[]) => {
-      logMethodCall(log, prefix, prop, args);
-      return baseFn.apply(instance, args);
+      logger.start(prop, args);
+      const result = baseFn.apply(instance, args);
+      if (isPromise(result)) {
+        result.then(logger.end, logger.end);
+      } else {
+        logger.end();
+      }
+      return result;
     };
     return acc;
   }, instance);
 }
 
-function logMethodCall(log: ToolingLog, prefix: string, prop: string, args: unknown[]) {
-  const argsStr = args.map((arg) => (typeof arg === 'string' ? `'${arg}'` : arg)).join(', ');
-  log.debug(`${prefix}.${prop}(${argsStr})`);
+function prepareLogger(log: ToolingLog, prefix: string) {
+  let now = Date.now();
+  let currentContext = '';
+
+  return {
+    start: (prop: string, args: unknown[]) => {
+      if (prop === '') {
+        return;
+      }
+      currentContext = `${prop}(${args
+        .map((arg) => (typeof arg === 'string' ? `'${arg}'` : JSON.stringify(arg)))
+        .join(', ')})`;
+      log.debug(`${prefix}.${currentContext}`);
+      now = Date.now();
+    },
+    end: () => {
+      if (currentContext === '') {
+        return;
+      }
+      log.debug(`${prefix}.${currentContext} - (Took ${Date.now() - now} ms)`);
+      now = Date.now();
+      currentContext = '';
+    },
+  };
 }
diff --git a/x-pack/test/observability_ai_assistant_functional/tests/conversations/index.spec.ts b/x-pack/test/observability_ai_assistant_functional/tests/conversations/index.spec.ts
index de780d2f46b0e..6d509a77b42f7 100644
--- a/x-pack/test/observability_ai_assistant_functional/tests/conversations/index.spec.ts
+++ b/x-pack/test/observability_ai_assistant_functional/tests/conversations/index.spec.ts
@@ -9,6 +9,8 @@ import expect from '@kbn/expect';
 import { MessageRole } from '@kbn/observability-ai-assistant-plugin/common';
 import { ChatFeedback } from '@kbn/observability-ai-assistant-plugin/public/analytics/schemas/chat_feedback';
 import { pick } from 'lodash';
+import { parse as parseCookie } from 'tough-cookie';
+import { kbnTestConfig } from '@kbn/test';
 import {
   createLlmProxy,
   isFunctionTitleRequest,
@@ -17,12 +19,15 @@ import {
 import { interceptRequest } from '../../common/intercept_request';
 import { FtrProviderContext } from '../../ftr_provider_context';
 
+import { editor } from '../../../observability_ai_assistant_api_integration/common/users/users';
+
 export default function ApiTest({ getService, getPageObjects }: FtrProviderContext) {
   const observabilityAIAssistantAPIClient = getService('observabilityAIAssistantAPIClient');
   const ui = getService('observabilityAIAssistantUI');
   const testSubjects = getService('testSubjects');
   const browser = getService('browser');
   const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
   const retry = getService('retry');
   const log = getService('log');
   const telemetry = getService('kibana_ebt_ui');
@@ -35,6 +40,20 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte
 
   const flyoutService = getService('flyout');
 
+  async function login(username: string, password: string | undefined) {
+    const response = await supertestWithoutAuth
+      .post('/internal/security/login')
+      .set('kbn-xsrf', 'xxx')
+      .send({
+        providerType: 'basic',
+        providerName: 'basic',
+        currentURL: '/',
+        params: { username, password },
+      })
+      .expect(200);
+    return parseCookie(response.headers['set-cookie'][0])!;
+  }
+
   async function deleteConversations() {
     const response = await observabilityAIAssistantAPIClient.editor({
       endpoint: 'POST /internal/observability_ai_assistant/conversations',
@@ -66,78 +85,84 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte
   }
 
   async function createOldConversation() {
-    await observabilityAIAssistantAPIClient.editor({
-      endpoint: 'POST /internal/observability_ai_assistant/conversation',
-      params: {
-        body: {
-          conversation: {
-            messages: [
-              {
-                '@timestamp': '2024-04-18T14:28:50.118Z',
-                message: {
-                  role: MessageRole.System,
-                  content:
-                    'You are a helpful assistant for Elastic Observability. Your goal is to help the Elastic Observability users to quickly assess what is happening in their observed systems. You can help them visualise and analyze data, investigate their systems, perform root cause analysis or identify optimisation opportunities.\n\nIt\'s very important to not assume what the user is meaning. Ask them for clarification if needed.\n\nIf you are unsure about which function should be used and with what arguments, ask the user for clarification or confirmation.\n\nIn KQL ("kqlFilter")) escaping happens with double quotes, not single quotes. Some characters that need escaping are: \':()\\        /". Always put a field value in double quotes. Best: service.name:"opbeans-go". Wrong: service.name:opbeans-go. This is very important!\n\nYou can use Github-flavored Markdown in your responses. If a function returns an array, consider using a Markdown table to format the response.\n\nNote that ES|QL (the Elasticsearch Query Language which is a new piped language) is the preferred query language.\n\nYou MUST use the "query" function when the user wants to:\n- visualize data\n- run any arbitrary query\n- breakdown or filter ES|QL queries that are displayed on the current page\n- convert queries from another language to ES|QL\n- asks general questions about ES|QL\n\nDO NOT UNDER ANY CIRCUMSTANCES generate ES|QL queries or explain anything about the ES|QL query language yourself.\nDO NOT UNDER ANY CIRCUMSTANCES try to correct an ES|QL query yourself - always use the "query" function for this.\n\nDO NOT UNDER ANY CIRCUMSTANCES USE ES|QL syntax (`service.name == "foo"`) with "kqlFilter" (`service.name:"foo"`).\n\nEven if the "context" function was used before that, follow it up with the "query" function. If a query fails, do not attempt to correct it yourself. Again you should call the "query" function,\neven if it has been called before.\n\nWhen the "visualize_query" function has been called, a visualization has been displayed to the user. DO NOT UNDER ANY CIRCUMSTANCES follow up a "visualize_query" function call with your own visualization attempt.\nIf the "execute_query" function has been called, summarize these results for the user. The user does not see a visualization in this case.\n\nYou MUST use the get_dataset_info function  function before calling the "query" or "changes" function.\n\nIf a function requires an index, you MUST use the results from the dataset info functions.\n\n\n\nThe user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability, which can be found in the Stack Management app under the option AI Assistants.\nIf the user asks how to change the language, reply in the same language the user asked in.You do not have a working memory. If the user expects you to remember the previous conversations, tell them they can set up the knowledge base.',
-                },
+    const { password } = kbnTestConfig.getUrlParts();
+    const sessionCookie = await login(editor.username, password);
+    const endpoint = '/internal/observability_ai_assistant/conversation';
+    const cookie = sessionCookie.cookieString();
+    const params = {
+      body: {
+        conversation: {
+          messages: [
+            {
+              '@timestamp': '2024-04-18T14:28:50.118Z',
+              message: {
+                role: MessageRole.System,
+                content:
+                  'You are a helpful assistant for Elastic Observability. Your goal is to help the Elastic Observability users to quickly assess what is happening in their observed systems. You can help them visualise and analyze data, investigate their systems, perform root cause analysis or identify optimisation opportunities.\n\nIt\'s very important to not assume what the user is meaning. Ask them for clarification if needed.\n\nIf you are unsure about which function should be used and with what arguments, ask the user for clarification or confirmation.\n\nIn KQL ("kqlFilter")) escaping happens with double quotes, not single quotes. Some characters that need escaping are: \':()\\        /". Always put a field value in double quotes. Best: service.name:"opbeans-go". Wrong: service.name:opbeans-go. This is very important!\n\nYou can use Github-flavored Markdown in your responses. If a function returns an array, consider using a Markdown table to format the response.\n\nNote that ES|QL (the Elasticsearch Query Language which is a new piped language) is the preferred query language.\n\nYou MUST use the "query" function when the user wants to:\n- visualize data\n- run any arbitrary query\n- breakdown or filter ES|QL queries that are displayed on the current page\n- convert queries from another language to ES|QL\n- asks general questions about ES|QL\n\nDO NOT UNDER ANY CIRCUMSTANCES generate ES|QL queries or explain anything about the ES|QL query language yourself.\nDO NOT UNDER ANY CIRCUMSTANCES try to correct an ES|QL query yourself - always use the "query" function for this.\n\nDO NOT UNDER ANY CIRCUMSTANCES USE ES|QL syntax (`service.name == "foo"`) with "kqlFilter" (`service.name:"foo"`).\n\nEven if the "context" function was used before that, follow it up with the "query" function. If a query fails, do not attempt to correct it yourself. Again you should call the "query" function,\neven if it has been called before.\n\nWhen the "visualize_query" function has been called, a visualization has been displayed to the user. DO NOT UNDER ANY CIRCUMSTANCES follow up a "visualize_query" function call with your own visualization attempt.\nIf the "execute_query" function has been called, summarize these results for the user. The user does not see a visualization in this case.\n\nYou MUST use the get_dataset_info function  function before calling the "query" or "changes" function.\n\nIf a function requires an index, you MUST use the results from the dataset info functions.\n\n\n\nThe user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability, which can be found in the Stack Management app under the option AI Assistants.\nIf the user asks how to change the language, reply in the same language the user asked in.You do not have a working memory. If the user expects you to remember the previous conversations, tell them they can set up the knowledge base.',
               },
-              {
-                '@timestamp': '2024-04-18T14:29:01.615Z',
-                message: {
-                  content: 'What are SLOs?',
-                  role: MessageRole.User,
-                },
-              },
-              {
-                '@timestamp': '2024-04-18T14:29:01.876Z',
-                message: {
-                  role: MessageRole.Assistant,
-                  content: '',
-                  function_call: {
-                    name: 'context',
-                    arguments: '{}',
-                    trigger: MessageRole.Assistant,
-                  },
-                },
+            },
+            {
+              '@timestamp': '2024-04-18T14:29:01.615Z',
+              message: {
+                content: 'What are SLOs?',
+                role: MessageRole.User,
               },
-              {
-                '@timestamp': '2024-04-18T14:29:01.876Z',
-                message: {
-                  content:
-                    '{"screen_description":"The user is looking at http://localhost:5601/ftw/app/observabilityAIAssistant/conversations/new. The current time range is 2024-04-18T14:13:49.815Z - 2024-04-18T14:28:49.815Z.","learnings":[]}',
+            },
+            {
+              '@timestamp': '2024-04-18T14:29:01.876Z',
+              message: {
+                role: MessageRole.Assistant,
+                content: '',
+                function_call: {
                   name: 'context',
-                  role: MessageRole.User,
+                  arguments: '{}',
+                  trigger: MessageRole.Assistant,
                 },
               },
-              {
-                '@timestamp': '2024-04-18T14:29:22.945Z',
-                message: {
-                  content:
-                    "SLOs, or Service Level Objectives, are a key part of the Site Reliability Engineering (SRE) methodology. They are a target value or range of values for a service level that is measured by an SLI (Service Level Indicator). \n\nAn SLO is a goal for how often and how much you want your service to meet a particular SLI. For example, you might have an SLO that your service should be up and running 99.9% of the time. \n\nSLOs are important because they set clear expectations for your team and your users about the level of service you aim to provide. They also help you make decisions about where to focus your efforts: if you're meeting your SLOs, you can focus on building new features; if you're not meeting your SLOs, you need to focus on improving reliability. \n\nIn Elastic Observability, you can define and monitor your SLOs to ensure your services are meeting their targets.",
-                  function_call: {
-                    name: '',
-                    arguments: '',
-                    trigger: MessageRole.Assistant,
-                  },
-                  role: MessageRole.Assistant,
-                },
+            },
+            {
+              '@timestamp': '2024-04-18T14:29:01.876Z',
+              message: {
+                content:
+                  '{"screen_description":"The user is looking at http://localhost:5601/ftw/app/observabilityAIAssistant/conversations/new. The current time range is 2024-04-18T14:13:49.815Z - 2024-04-18T14:28:49.815Z.","learnings":[]}',
+                name: 'context',
+                role: MessageRole.User,
               },
-            ],
-            conversation: {
-              title: 'My old conversation',
-              token_count: {
-                completion: 1,
-                prompt: 1,
-                total: 2,
+            },
+            {
+              '@timestamp': '2024-04-18T14:29:22.945Z',
+              message: {
+                content:
+                  "SLOs, or Service Level Objectives, are a key part of the Site Reliability Engineering (SRE) methodology. They are a target value or range of values for a service level that is measured by an SLI (Service Level Indicator). \n\nAn SLO is a goal for how often and how much you want your service to meet a particular SLI. For example, you might have an SLO that your service should be up and running 99.9% of the time. \n\nSLOs are important because they set clear expectations for your team and your users about the level of service you aim to provide. They also help you make decisions about where to focus your efforts: if you're meeting your SLOs, you can focus on building new features; if you're not meeting your SLOs, you need to focus on improving reliability. \n\nIn Elastic Observability, you can define and monitor your SLOs to ensure your services are meeting their targets.",
+                function_call: {
+                  name: '',
+                  arguments: '',
+                  trigger: MessageRole.Assistant,
+                },
+                role: MessageRole.Assistant,
               },
             },
-            '@timestamp': '2024-04-18T14:29:22.948',
-            public: false,
-            numeric_labels: {},
-            labels: {},
+          ],
+          conversation: {
+            title: 'My old conversation',
+            token_count: {
+              completion: 1,
+              prompt: 1,
+              total: 2,
+            },
           },
+          '@timestamp': '2024-04-18T14:29:22.948',
+          public: false,
+          numeric_labels: {},
+          labels: {},
         },
       },
-    });
+    };
+    await supertestWithoutAuth
+      .post(endpoint)
+      .set('kbn-xsrf', 'xxx')
+      .set('Cookie', cookie)
+      .send(params.body);
   }
 
   describe('Conversations', () => {
diff --git a/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts b/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts
index 88ef256b353e6..a6bf7e7e9d5f2 100644
--- a/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts
+++ b/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts
@@ -49,6 +49,9 @@ export default function ({ getService }: FtrProviderContext) {
         'Fleet-Usage-Logger',
         'Fleet-Usage-Sender',
         'ML:saved-objects-sync',
+        'ProductDocBase:EnsureUpToDate',
+        'ProductDocBase:InstallAll',
+        'ProductDocBase:UninstallAll',
         'SLO:ORPHAN_SUMMARIES-CLEANUP-TASK',
         'Synthetics:Clean-Up-Package-Policies',
         'UPTIME:SyntheticsService:Sync-Saved-Monitor-Objects',
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts
similarity index 78%
rename from x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts
rename to x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts
index f51fbd15ceead..1fbaaa9b3fc71 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts
@@ -14,7 +14,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
 
   const utils = EntityStoreUtils(getService);
-  describe('@ess @skipInServerlessMKI Entity Store Engine APIs', () => {
+  describe('@ess @skipInServerlessMKI Entity Store APIs', () => {
     const dataView = dataViewRouteHelpersFactory(supertest);
 
     before(async () => {
@@ -42,6 +42,18 @@ export default ({ getService }: FtrProviderContext) => {
       });
     });
 
+    describe('enablement', () => {
+      afterEach(async () => {
+        await utils.cleanEngines();
+      });
+
+      it('should enable the entity store, creating both user and host engines', async () => {
+        await utils.enableEntityStore();
+        await utils.expectEngineAssetsExist('user');
+        await utils.expectEngineAssetsExist('host');
+      });
+    });
+
     describe('get and list', () => {
       before(async () => {
         await utils.initEntityEngineForEntityTypesAndWait(['host', 'user']);
@@ -182,6 +194,42 @@ export default ({ getService }: FtrProviderContext) => {
       });
     });
 
+    describe('status', () => {
+      afterEach(async () => {
+        await utils.cleanEngines();
+      });
+      it('should return "not_installed" when no engines have been initialized', async () => {
+        const { body } = await api.getEntityStoreStatus().expect(200);
+
+        expect(body).to.eql({
+          engines: [],
+          status: 'not_installed',
+        });
+      });
+
+      it('should return "installing" when at least one engine is being initialized', async () => {
+        await utils.enableEntityStore();
+
+        const { body } = await api.getEntityStoreStatus().expect(200);
+
+        expect(body.status).to.eql('installing');
+        expect(body.engines.length).to.eql(2);
+        expect(body.engines[0].status).to.eql('installing');
+        expect(body.engines[1].status).to.eql('installing');
+      });
+
+      it('should return "started" when all engines are started', async () => {
+        await utils.initEntityEngineForEntityTypesAndWait(['host', 'user']);
+
+        const { body } = await api.getEntityStoreStatus().expect(200);
+
+        expect(body.status).to.eql('running');
+        expect(body.engines.length).to.eql(2);
+        expect(body.engines[0].status).to.eql('started');
+        expect(body.engines[1].status).to.eql('started');
+      });
+    });
+
     describe('apply_dataview_indices', () => {
       before(async () => {
         await utils.initEntityEngineForEntityTypesAndWait(['host']);
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine_nondefault_spaces.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts
similarity index 100%
rename from x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine_nondefault_spaces.ts
rename to x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/index.ts
index 5f2d15db240c6..899dbc68102f3 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/index.ts
@@ -10,8 +10,8 @@ import { FtrProviderContext } from '../../../../ftr_provider_context';
 export default function ({ loadTestFile }: FtrProviderContext) {
   describe('Entity Analytics - Entity Store', function () {
     loadTestFile(require.resolve('./entities_list'));
-    loadTestFile(require.resolve('./engine'));
+    loadTestFile(require.resolve('./entity_store'));
     loadTestFile(require.resolve('./field_retention_operators'));
-    loadTestFile(require.resolve('./engine_nondefault_spaces'));
+    loadTestFile(require.resolve('./entity_store_nondefault_spaces'));
   });
 }
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts
index 7ee32e20640d6..fff1040b81f29 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts
@@ -90,6 +90,16 @@ export const EntityStoreUtils = (
     );
   };
 
+  const enableEntityStore = async () => {
+    const res = await api.initEntityStore({ body: {} }, namespace);
+    if (res.status !== 200) {
+      log.error(`Failed to enable entity store`);
+      log.error(JSON.stringify(res.body));
+    }
+    expect(res.status).to.eql(200);
+    return res;
+  };
+
   const expectTransformStatus = async (
     transformId: string,
     exists: boolean,
@@ -144,5 +154,6 @@ export const EntityStoreUtils = (
     expectTransformStatus,
     expectEngineAssetsExist,
     expectEngineAssetsDoNotExist,
+    enableEntityStore,
   };
 };
diff --git a/x-pack/test/spaces_api_integration/common/lib/authentication.ts b/x-pack/test/spaces_api_integration/common/lib/authentication.ts
index 27f644c3f5cd5..cbd261008dacb 100644
--- a/x-pack/test/spaces_api_integration/common/lib/authentication.ts
+++ b/x-pack/test/spaces_api_integration/common/lib/authentication.ts
@@ -90,10 +90,6 @@ export const AUTHENTICATION = {
     username: 'a_kibana_rbac_space_1_saved_objects_read_user',
     password: 'password',
   },
-  APM_USER: {
-    username: 'a_apm_user',
-    password: 'password',
-  },
   MACHINE_LEARING_ADMIN: {
     username: 'a_machine_learning_admin',
     password: 'password',
diff --git a/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts b/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts
index 2f93cc09fd032..f917a6efed15f 100644
--- a/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts
+++ b/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts
@@ -469,16 +469,6 @@ export const createUsersAndRoles = async (es: Client, supertest: SuperTestAgent)
     },
   });
 
-  await es.security.putUser({
-    username: AUTHENTICATION.APM_USER.username,
-    body: {
-      password: AUTHENTICATION.APM_USER.password,
-      roles: ['apm_user'],
-      full_name: 'a apm user',
-      email: 'a_apm_user@elastic.co',
-    },
-  });
-
   await es.security.putUser({
     username: AUTHENTICATION.MACHINE_LEARING_ADMIN.username,
     body: {
diff --git a/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts b/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts
index 1c2db5f6bcd7c..d40413f9457e3 100644
--- a/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts
+++ b/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts
@@ -57,7 +57,6 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext
           legacyAll: AUTHENTICATION.KIBANA_LEGACY_USER,
           dualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER,
           dualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER,
-          apmUser: AUTHENTICATION.APM_USER,
           machineLearningAdmin: AUTHENTICATION.MACHINE_LEARING_ADMIN,
           machineLearningUser: AUTHENTICATION.MACHINE_LEARNING_USER,
           monitoringUser: AUTHENTICATION.MONITORING_USER,
@@ -83,7 +82,6 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext
           legacyAll: AUTHENTICATION.KIBANA_LEGACY_USER,
           dualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER,
           dualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER,
-          apmUser: AUTHENTICATION.APM_USER,
           machineLearningAdmin: AUTHENTICATION.MACHINE_LEARING_ADMIN,
           machineLearningUser: AUTHENTICATION.MACHINE_LEARNING_USER,
           monitoringUser: AUTHENTICATION.MONITORING_USER,
@@ -484,29 +482,6 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext
         }
       );
 
-      getAllTest(`apm_user can't access any spaces from ${scenario.spaceId}`, {
-        spaceId: scenario.spaceId,
-        user: scenario.users.apmUser,
-        tests: {
-          exists: {
-            statusCode: 403,
-            response: expectRbacForbidden,
-          },
-          copySavedObjectsPurpose: {
-            statusCode: 403,
-            response: expectRbacForbidden,
-          },
-          shareSavedObjectsPurpose: {
-            statusCode: 403,
-            response: expectRbacForbidden,
-          },
-          includeAuthorizedPurposes: {
-            statusCode: 403,
-            response: expectRbacForbidden,
-          },
-        },
-      });
-
       getAllTest(`machine_learning_admin can't access any spaces from ${scenario.spaceId}`, {
         spaceId: scenario.spaceId,
         user: scenario.users.machineLearningAdmin,
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/common/apm_api_supertest.ts b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/common/apm_api_supertest.ts
index 19f102335d99f..3b05b5d08d29d 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/common/apm_api_supertest.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/common/apm_api_supertest.ts
@@ -46,7 +46,7 @@ export function createApmApiClient(st: supertest.Agent) {
         .set('Content-type', 'multipart/form-data');
 
       for (const field of fields) {
-        await formDataRequest.field(field[0], field[1]);
+        void formDataRequest.field(field[0], field[1]);
       }
 
       res = await formDataRequest;
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/feature_flags.ts b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/feature_flags.ts
index 88096d6258e27..15af0d68d8db7 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/feature_flags.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/apm_api_integration/feature_flags.ts
@@ -77,9 +77,7 @@ export default function ({ getService }: APMFtrContextProvider) {
   const svlUserManager = getService('svlUserManager');
   const svlCommonApi = getService('svlCommonApi');
 
-  // https://github.com/elastic/kibana/pull/190690
-  // skipping since "rejects requests to list source maps" fails with 400
-  describe.skip('apm feature flags', () => {
+  describe('apm feature flags', () => {
     let roleAuthc: RoleCredentials;
     let internalReqHeader: InternalRequestHeader;
 
diff --git a/x-pack/test_serverless/functional/page_objects/svl_search_connectors_page.ts b/x-pack/test_serverless/functional/page_objects/svl_search_connectors_page.ts
index 615e3397a45ce..78554ea05beda 100644
--- a/x-pack/test_serverless/functional/page_objects/svl_search_connectors_page.ts
+++ b/x-pack/test_serverless/functional/page_objects/svl_search_connectors_page.ts
@@ -14,7 +14,7 @@ export function SvlSearchConnectorsPageProvider({ getService }: FtrProviderConte
   return {
     connectorConfigurationPage: {
       async createConnector() {
-        await testSubjects.click('serverlessSearchConnectorsOverviewCreateConnectorButton');
+        await testSubjects.click('serverlessSearchEmptyConnectorsPromptCreateConnectorButton');
         await testSubjects.existOrFail('serverlessSearchEditConnectorButton');
         await testSubjects.exists('serverlessSearchConnectorLinkElasticsearchRunWithDockerButton');
         await testSubjects.exists('serverlessSearchConnectorLinkElasticsearchRunFromSourceButton');
@@ -90,9 +90,9 @@ export function SvlSearchConnectorsPageProvider({ getService }: FtrProviderConte
       },
       async expectConnectorOverviewPageComponentsToExist() {
         await testSubjects.existOrFail('serverlessSearchConnectorsTitle');
-        await testSubjects.existOrFail('serverlessSearchConnectorsOverviewElasticConnectorsLink');
+        // await testSubjects.existOrFail('serverlessSearchConnectorsOverviewElasticConnectorsLink');
         await testSubjects.exists('serverlessSearchEmptyConnectorsPromptCreateConnectorButton');
-        await testSubjects.existOrFail('serverlessSearchConnectorsOverviewCreateConnectorButton');
+        // await testSubjects.existOrFail('serverlessSearchConnectorsOverviewCreateConnectorButton');
       },
       async expectConnectorTableToExist() {
         await testSubjects.existOrFail('serverlessSearchConnectorTable');
diff --git a/x-pack/test_serverless/functional/test_suites/search/navigation.ts b/x-pack/test_serverless/functional/test_suites/search/navigation.ts
index 97952d68f8fd1..24009866b2b15 100644
--- a/x-pack/test_serverless/functional/test_suites/search/navigation.ts
+++ b/x-pack/test_serverless/functional/test_suites/search/navigation.ts
@@ -241,6 +241,7 @@ export default function ({ getPageObject, getService }: FtrProviderContext) {
       await solutionNavigation.sidenav.expectLinkExists({ text: 'Data' });
       await solutionNavigation.sidenav.expectLinkExists({ text: 'Index Management' });
       await solutionNavigation.sidenav.expectLinkExists({ text: 'Connectors' });
+      await solutionNavigation.sidenav.expectLinkExists({ text: 'Web crawlers' });
       await solutionNavigation.sidenav.expectLinkExists({ text: 'Build' });
       await solutionNavigation.sidenav.expectLinkExists({ text: 'Dev Tools' });
       await solutionNavigation.sidenav.expectLinkExists({ text: 'Playground' });
@@ -265,6 +266,7 @@ export default function ({ getPageObject, getService }: FtrProviderContext) {
         'data',
         'management:index_management',
         'serverlessConnectors',
+        'serverlessWebCrawlers',
         'build',
         'dev_tools',
         'searchPlayground',
diff --git a/yarn.lock b/yarn.lock
index 719e45bb7cab7..5b3b6f246ff42 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1748,11 +1748,25 @@
   resolved "https://registry.yarnpkg.com/@elastic/eslint-plugin-eui/-/eslint-plugin-eui-0.0.2.tgz#56b9ef03984a05cc213772ae3713ea8ef47b0314"
   integrity sha512-IoxURM5zraoQ7C8f+mJb9HYSENiZGgRVcG4tLQxE61yHNNRDXtGDWTZh8N1KIHcsqN1CEPETjuzBXkJYF/fDiQ==
 
-"@elastic/eui@97.3.1":
-  version "97.3.1"
-  resolved "https://registry.yarnpkg.com/@elastic/eui/-/eui-97.3.1.tgz#b0f07c603042bd359544b41829507e65f4fa3cd2"
-  integrity sha512-zJs3aaO6qjTdxJM2mPahcqaC6FfaC34yTc3qpQq7+Cbhw2xGrwx8bAfIzhttLU87mwgr59Sqv9Ojvwk8c3js7A==
+"@elastic/eui-theme-borealis@0.0.2":
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/@elastic/eui-theme-borealis/-/eui-theme-borealis-0.0.2.tgz#4b65f13073b1887a12641063ace96539fa923674"
+  integrity sha512-ekePJ+V9UMCUDqjNLECjM+Vi/qHkJcu6lhm1GenUFs3awPxaLhvasb3pN++qnWYkXWo90vmZER62MTHpxlQyQA==
+
+"@elastic/eui-theme-common@0.0.2":
+  version "0.0.2"
+  resolved "https://registry.yarnpkg.com/@elastic/eui-theme-common/-/eui-theme-common-0.0.2.tgz#3da6078a5d255c5740423d26409e5e06536a5db3"
+  integrity sha512-tIyXrylrLhmOWiRbxuJSiHHVJpt4fVd5frzhUGoSN2frobOT9RLh8Klzyd4kmHasZ7bB1vETPR5fytqgocRvdA==
+  dependencies:
+    "@types/lodash" "^4.14.202"
+    lodash "^4.17.21"
+
+"@elastic/eui@97.3.1-borealis.2":
+  version "97.3.1-borealis.2"
+  resolved "https://registry.yarnpkg.com/@elastic/eui/-/eui-97.3.1-borealis.2.tgz#32d9616ddbab11ef6e97739cf728a667220ca74c"
+  integrity sha512-j0WsE+WWtV3eEbRqyjr8hJ1swQIbCEGc9iViMtDK/XeVCVqs++dJE/+jPdjharMjXLrstOr0cx0uvtsH6OWTUw==
   dependencies:
+    "@elastic/eui-theme-common" "0.0.2"
     "@hello-pangea/dnd" "^16.6.0"
     "@types/lodash" "^4.14.202"
     "@types/numeral" "^2.0.5"
@@ -5550,6 +5564,10 @@
   version "0.0.0"
   uid ""
 
+"@kbn/llm-tasks-plugin@link:x-pack/plugins/ai_infra/llm_tasks":
+  version "0.0.0"
+  uid ""
+
 "@kbn/locator-examples-plugin@link:examples/locator_examples":
   version "0.0.0"
   uid ""
@@ -6034,6 +6052,14 @@
   version "0.0.0"
   uid ""
 
+"@kbn/product-doc-base-plugin@link:x-pack/plugins/ai_infra/product_doc_base":
+  version "0.0.0"
+  uid ""
+
+"@kbn/product-doc-common@link:x-pack/packages/ai-infra/product-doc-common":
+  version "0.0.0"
+  uid ""
+
 "@kbn/profiling-data-access-plugin@link:x-pack/plugins/observability_solution/profiling_data_access":
   version "0.0.0"
   uid ""
@@ -12127,19 +12153,19 @@
   resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d"
   integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==
 
-"@xyflow/react@^12.3.4":
-  version "12.3.4"
-  resolved "https://registry.yarnpkg.com/@xyflow/react/-/react-12.3.4.tgz#cccc57f7a992faecc5ed1dda82838b31c1afa522"
-  integrity sha512-KjFkj84S+wK8aJF/PORxSkOAeotTTPz++hus+Y95NFMIJGVyl8jjVaaz5B1zyV0prk6ZkbMp6q0vqMjJdZT25Q==
+"@xyflow/react@^12.3.5":
+  version "12.3.5"
+  resolved "https://registry.yarnpkg.com/@xyflow/react/-/react-12.3.5.tgz#88ca2efe2ddf1300bc171a2ef797f7cb41386ca4"
+  integrity sha512-wAYqpicdrVo1rxCu0X3M9s3YIF45Agqfabw0IBryTGqjWvr2NyfciI8gIP4MB+NKpWWN5kxZ9tiZ9u8lwC7iAg==
   dependencies:
-    "@xyflow/system" "0.0.45"
+    "@xyflow/system" "0.0.46"
     classcat "^5.0.3"
     zustand "^4.4.0"
 
-"@xyflow/system@0.0.45":
-  version "0.0.45"
-  resolved "https://registry.yarnpkg.com/@xyflow/system/-/system-0.0.45.tgz#ca1f4d843d2925ce9c5763f16abf51a4c69953ef"
-  integrity sha512-szP1LjDD4jlRYYhxvgZqOCTMToUVNqjQkrlhb0fhv1sXomU1+yMDdhpQT+FjE4d+rKx08fS10sOuZUl2ycXaDw==
+"@xyflow/system@0.0.46":
+  version "0.0.46"
+  resolved "https://registry.yarnpkg.com/@xyflow/system/-/system-0.0.46.tgz#b0a5915d59c0ea5ca6d24e1eb90c5a0d7eda7864"
+  integrity sha512-bmFXvboVdiydIFZmDCjrbBCYgB0d5pYdkcZPWbAxGmhMRUZ+kW3CksYgYxWabrw51rwpWitLEadvLrivG0mVfA==
   dependencies:
     "@types/d3-drag" "^3.0.7"
     "@types/d3-selection" "^3.0.10"