From 7ae666fdc8606a6755c8ef077fd1c4f155b55b9e Mon Sep 17 00:00:00 2001 From: Kyra Cho Date: Mon, 18 Nov 2024 06:28:42 +0000 Subject: [PATCH 1/6] Remove ES|QL Query Generation quick prompt --- .../assistant/content/quick_prompts/index.tsx | 12 +----------- .../content/quick_prompts/translations.ts | 15 --------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx b/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx index adb952d661214..5b58991c3210c 100644 --- a/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx +++ b/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx @@ -12,7 +12,7 @@ import { import { APP_UI_ID } from '../../../../common'; import * as i18n from './translations'; import { - KNOWLEDGE_BASE_CATEGORY, + // KNOWLEDGE_BASE_CATEGORY, PROMPT_CONTEXT_ALERT_CATEGORY, PROMPT_CONTEXT_DETECTION_RULES_CATEGORY, PROMPT_CONTEXT_EVENT_CATEGORY, @@ -34,16 +34,6 @@ export const BASE_SECURITY_QUICK_PROMPTS: PromptResponse[] = [ promptType: PromptTypeEnum.quick, consumer: APP_UI_ID, }, - { - name: i18n.ESQL_QUERY_GENERATION_TITLE, - content: i18n.ESQL_QUERY_GENERATION_PROMPT, - color: '#9170B8', - categories: [KNOWLEDGE_BASE_CATEGORY], - isDefault: true, - id: i18n.ESQL_QUERY_GENERATION_TITLE, - promptType: PromptTypeEnum.quick, - consumer: APP_UI_ID, - }, { name: i18n.RULE_CREATION_TITLE, content: i18n.RULE_CREATION_PROMPT, diff --git a/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/translations.ts b/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/translations.ts index 41b9e7ddb197b..1d122b0169be2 100644 --- a/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/translations.ts +++ b/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/translations.ts @@ -22,21 +22,6 @@ export const ALERT_SUMMARIZATION_PROMPT = i18n.translate( } ); -export const ESQL_QUERY_GENERATION_TITLE = i18n.translate( - 'xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationTitle', - { - defaultMessage: 'ES|QL Query Generation', - } -); - -export const ESQL_QUERY_GENERATION_PROMPT = i18n.translate( - 'xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationPrompt', - { - defaultMessage: - "As an expert user of Elastic Security, please generate an accurate and valid ESQL query to detect the use case below. Your response should be formatted to be able to use immediately in an Elastic Security timeline or detection rule. Take your time with the answer, check your knowledge really well on all the functions I am asking for. For ES|QL answers specifically, you should only ever answer with what's available in your private knowledge. I cannot afford for queries to be inaccurate. Assume I am using the Elastic Common Schema and Elastic Agent.\n\nEnsure the answers are formatted in a way which is easily copyable as a separate code block in markdown.", - } -); - export const RULE_CREATION_TITLE = i18n.translate( 'xpack.securitySolution.assistant.quickPrompts.ruleCreationTitle', { From 6b851a4e7b4678fd77099642a1968326c1cf0d3d Mon Sep 17 00:00:00 2001 From: Kyra Cho Date: Mon, 18 Nov 2024 06:39:28 +0000 Subject: [PATCH 2/6] remove previously commented line --- .../public/assistant/content/quick_prompts/index.tsx | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx b/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx index 5b58991c3210c..1bf997eb4de2f 100644 --- a/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx +++ b/x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx @@ -12,7 +12,6 @@ import { import { APP_UI_ID } from '../../../../common'; import * as i18n from './translations'; import { - // KNOWLEDGE_BASE_CATEGORY, PROMPT_CONTEXT_ALERT_CATEGORY, PROMPT_CONTEXT_DETECTION_RULES_CATEGORY, PROMPT_CONTEXT_EVENT_CATEGORY, From 50ab424d73c5cb68ab16900c76d8054eb921f0a7 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 21 Nov 2024 12:50:33 -0700 Subject: [PATCH 3/6] remove legacy prompt --- .../server/ai_assistant_service/helpers.ts | 30 +++++++++++++++++++ .../server/ai_assistant_service/index.ts | 2 +- .../elastic_assistant/server/plugin.ts | 6 +++- 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts index 57b7745a89c78..e4fdc74143f6a 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts @@ -9,6 +9,8 @@ import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; import type { KibanaRequest } from '@kbn/core-http-server'; import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import type { MlPluginSetup } from '@kbn/ml-plugin/server'; +import { DeleteByQueryRequest } from '@elastic/elasticsearch/lib/api/types'; +import { getResourceName } from '.'; import { knowledgeBaseIngestPipeline } from '../ai_assistant_data_clients/knowledge_base/ingest_pipeline'; import { GetElser } from '../types'; @@ -96,3 +98,31 @@ export const deletePipeline = async ({ esClient, id }: DeletePipelineParams): Pr return response.acknowledged; }; + +export const removeLegacyQuickPrompt = async (esClient: ElasticsearchClient) => { + const deleteQuery: DeleteByQueryRequest = { + index: `${getResourceName('prompts')}-*`, + query: { + bool: { + must: [ + { + term: { + name: 'ES|QL Query Generation', + }, + }, + { + term: { + prompt_type: 'quick', + }, + }, + { + term: { + is_default: true, + }, + }, + ], + }, + }, + }; + return esClient.deleteByQuery(deleteQuery); +}; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts index 81ddd69fb67d3..233b5781ddf68 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts @@ -40,7 +40,7 @@ import { hasAIAssistantLicense } from '../routes/helpers'; const TOTAL_FIELDS_LIMIT = 2500; -function getResourceName(resource: string) { +export function getResourceName(resource: string) { return `.kibana-elastic-ai-assistant-${resource}`; } diff --git a/x-pack/plugins/elastic_assistant/server/plugin.ts b/x-pack/plugins/elastic_assistant/server/plugin.ts index 4386b95c3fa7a..8950168fe9f48 100755 --- a/x-pack/plugins/elastic_assistant/server/plugin.ts +++ b/x-pack/plugins/elastic_assistant/server/plugin.ts @@ -25,7 +25,7 @@ import { RequestContextFactory } from './routes/request_context_factory'; import { PLUGIN_ID } from '../common/constants'; import { registerRoutes } from './routes/register_routes'; import { appContextService } from './services/app_context'; -import { createGetElserId } from './ai_assistant_service/helpers'; +import { createGetElserId, removeLegacyQuickPrompt } from './ai_assistant_service/helpers'; export class ElasticAssistantPlugin implements @@ -109,6 +109,10 @@ export class ElasticAssistantPlugin this.getElserId = createGetElserId(this.mlTrainedModelsProvider); } }); + removeLegacyQuickPrompt(core.elasticsearch.client.asInternalUser).then((res) => { + if (res?.total) + this.logger.info(`Removed ${res.total} legacy quick prompts from AI Assistant`); + }); return { actions: plugins.actions, From 9f5061ac1e8468cd16573eda94dd9fdeca4e8f82 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 21 Nov 2024 13:01:43 -0700 Subject: [PATCH 4/6] i18n --- .../server/ai_assistant_service/helpers.ts | 10 +++++++++- x-pack/plugins/translations/translations/fr-FR.json | 2 -- x-pack/plugins/translations/translations/ja-JP.json | 2 -- x-pack/plugins/translations/translations/zh-CN.json | 2 -- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts index e4fdc74143f6a..4fae331a5cf47 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts @@ -10,6 +10,7 @@ import type { KibanaRequest } from '@kbn/core-http-server'; import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import type { MlPluginSetup } from '@kbn/ml-plugin/server'; import { DeleteByQueryRequest } from '@elastic/elasticsearch/lib/api/types'; +import { i18n } from '@kbn/i18n'; import { getResourceName } from '.'; import { knowledgeBaseIngestPipeline } from '../ai_assistant_data_clients/knowledge_base/ingest_pipeline'; import { GetElser } from '../types'; @@ -107,7 +108,7 @@ export const removeLegacyQuickPrompt = async (esClient: ElasticsearchClient) => must: [ { term: { - name: 'ES|QL Query Generation', + name: ESQL_QUERY_GENERATION_TITLE, }, }, { @@ -126,3 +127,10 @@ export const removeLegacyQuickPrompt = async (esClient: ElasticsearchClient) => }; return esClient.deleteByQuery(deleteQuery); }; + +const ESQL_QUERY_GENERATION_TITLE = i18n.translate( + 'xpack.elasticAssistantPlugin.assistant.quickPrompts.esqlQueryGenerationTitle', + { + defaultMessage: 'ES|QL Query Generation', + } +); diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 45533bf57574a..317cd2403d4b9 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -37235,8 +37235,6 @@ "xpack.securitySolution.assistant.quickPrompts.alertSummarizationTitle": "Synthèse de l’alerte", "xpack.securitySolution.assistant.quickPrompts.AutomationPrompt": "Quelle intégration d’Elastic Agent activée par Fleet dois-je utiliser pour collecter des logs et des évènements de :", "xpack.securitySolution.assistant.quickPrompts.AutomationTitle": "Conseil sur l’intégration d’agent", - "xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationPrompt": "En tant qu'utilisateur expert d'Elastic Security, veuillez générer une requête ESQL valide et précise pour détecter le cas d'utilisation ci-dessous. Votre réponse doit être formatée pour pouvoir être utilisée immédiatement dans une chronologie ou une règle de détection d’Elastic Security. Prenez votre temps pour répondre, vérifiez bien vos connaissances et toutes les fonctions que je vous demande. Pour les réponses ES|QL en particulier, vous devez toujours répondre uniquement avec ce qui est disponible dans vos connaissances personnelles. Je ne peux pas me permettre que les requêtes soient inexactes. Supposez que j'utilise le Elastic Common Schema et l'agent Elastic. Veillez à ce que les réponses soient formatées de manière à pouvoir être facilement copiées sous la forme d'un bloc de code distinct dans le markdown.", - "xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationTitle": "Génération de requête ES|QL", "xpack.securitySolution.assistant.quickPrompts.ruleCreationPrompt": "En tant qu’utilisateur expert d’Elastic Security, veuillez générer une requête EQL valide et précise pour détecter le cas d’utilisation ci-dessous. Votre réponse doit être formatée pour pouvoir être utilisée immédiatement dans une chronologie ou une règle de détection d’Elastic Security. Si Elastic Security a déjà une règle prédéfinie pour le cas d’utilisation ou pour un cas similaire, veuillez fournir un lien vers cette règle et la décrire.", "xpack.securitySolution.assistant.quickPrompts.ruleCreationTitle": "Génération de requête", "xpack.securitySolution.assistant.quickPrompts.splQueryConversionPrompt": "J’ai la requête suivante d’une plateforme SIEM précédente. En tant qu’utilisateur expert d’Elastic Security, veuillez suggérer un équivalent EQL Elastic. Je dois être capable de la copier immédiatement dans une chronologie Elastic Security.", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 9d947185a869d..c8f70289391b8 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -37203,8 +37203,6 @@ "xpack.securitySolution.assistant.quickPrompts.alertSummarizationTitle": "アラート要約", "xpack.securitySolution.assistant.quickPrompts.AutomationPrompt": "ログやイベントの収集には、どのFleet対応Elasticエージェント統合を使用すべきですか。", "xpack.securitySolution.assistant.quickPrompts.AutomationTitle": "エージェント統合のアドバイス", - "xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationPrompt": "Elasticセキュリティのエキスパートユーザーとして、以下のユースケースを検出するための正確で有効なESQLクエリを作成してください。回答は、Elasticセキュリティのタイムラインまたは検出ルールですぐに使用できるように書式設定してください。答えに時間をかけて、求められているすべての機能について、あなたの知識をよく確認してください。ES|QLの回答は、特に、あなたの個人的な知識で利用可能なもののみを答えてください。クエリが不正確であることは許容できません。Elastic Common SchemaとElasticエージェントを使用していると仮定します。回答がマークダウンの独立したコードブロックとして簡単にコピーできるように書式設定されていることを確認してください。", - "xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationTitle": "ES|QLクエリ生成", "xpack.securitySolution.assistant.quickPrompts.ruleCreationPrompt": "Elasticセキュリティのエキスパートユーザーとして、以下のユースケースを検出するための正確で有効なEQLクエリを作成してください。回答は、Elasticセキュリティのタイムラインまたは検出ルールですぐに使用できるように書式設定してください。そのユースケースに対応するルールがすでにElasticセキュリティに組み込まれている場合、または類似のルールが組み込まれている場合は、そのルールへのリンクと説明を入力してください。", "xpack.securitySolution.assistant.quickPrompts.ruleCreationTitle": "クエリ生成", "xpack.securitySolution.assistant.quickPrompts.splQueryConversionPrompt": "以前のSIEMプラットフォームから次のクエリを受け取りました。Elasticセキュリティのエキスパートユーザーとして、同等のElastic EQLを提案してください。すぐにそれをElasticのセキュリティタイムラインにコピーできます。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 661a43585defa..b4c7e6d4886fc 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -36600,8 +36600,6 @@ "xpack.securitySolution.assistant.quickPrompts.alertSummarizationTitle": "告警汇总", "xpack.securitySolution.assistant.quickPrompts.AutomationPrompt": "我应使用哪个启用 Fleet 的 Elastic 代理集成从以下项中收集日志和事件:", "xpack.securitySolution.assistant.quickPrompts.AutomationTitle": "代理集成建议", - "xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationPrompt": "作为 Elastic Security 的专家用户,请生成准确、有效的 ESQL 查询来检测以下用例。应对您的响应进行格式化,以便可以立即在 Elastic Security 时间线或检测规则中使用。请花点时间提供答案,检验您是否清楚了解我所询问的所有功能。具体来说,对于 ES|QL 答案,您应仅根据自己的个人观点进行解答。我无法承担查询不准确的后果。假设我正使用 Elastic Common Schema 和 Elastic 代理。确保以可轻松复制为 Markdown 中的独立代码块的方式设置答案的格式。", - "xpack.securitySolution.assistant.quickPrompts.esqlQueryGenerationTitle": "ES|QL 查询生成", "xpack.securitySolution.assistant.quickPrompts.ruleCreationPrompt": "作为 Elastic Security 的专家用户,请生成准确、有效的 EQL 查询来检测以下用例。应对您的响应进行格式化,以便可以立即在 Elastic Security 时间线或检测规则中使用。如果 Elastic Security 已经为此用例预构建了规则,或具有类似规则,请提供该规则的链接并做出描述。", "xpack.securitySolution.assistant.quickPrompts.ruleCreationTitle": "查询生成", "xpack.securitySolution.assistant.quickPrompts.splQueryConversionPrompt": "我具有以下来自之前 SIEM 平台的查询。作为 Elastic Security 的专家用户,请提议一个 Elastic EQL 等价查询。我应能够立即将其复制到 Elastic Security 时间线。", From b4fb74e38fc61588d9a60ca166e4b126807bc09e Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 21 Nov 2024 13:06:04 -0700 Subject: [PATCH 5/6] swallow errors --- .../server/ai_assistant_service/helpers.ts | 49 +++++++++++-------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts index 4fae331a5cf47..2a4ad628eb757 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts @@ -101,31 +101,38 @@ export const deletePipeline = async ({ esClient, id }: DeletePipelineParams): Pr }; export const removeLegacyQuickPrompt = async (esClient: ElasticsearchClient) => { - const deleteQuery: DeleteByQueryRequest = { - index: `${getResourceName('prompts')}-*`, - query: { - bool: { - must: [ - { - term: { - name: ESQL_QUERY_GENERATION_TITLE, + try { + const deleteQuery: DeleteByQueryRequest = { + index: `${getResourceName('prompts')}-*`, + query: { + bool: { + must: [ + { + term: { + name: ESQL_QUERY_GENERATION_TITLE, + }, }, - }, - { - term: { - prompt_type: 'quick', + { + term: { + prompt_type: 'quick', + }, }, - }, - { - term: { - is_default: true, + { + term: { + is_default: true, + }, }, - }, - ], + ], + }, }, - }, - }; - return esClient.deleteByQuery(deleteQuery); + }; + return esClient.deleteByQuery(deleteQuery); + } catch (e) { + // swallow any errors + return { + total: 0, + }; + } }; const ESQL_QUERY_GENERATION_TITLE = i18n.translate( From ffe373c4424f8ed6be6f09c0e766bab9ff663538 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 21 Nov 2024 15:51:26 -0700 Subject: [PATCH 6/6] catch eslint --- x-pack/plugins/elastic_assistant/server/plugin.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/elastic_assistant/server/plugin.ts b/x-pack/plugins/elastic_assistant/server/plugin.ts index 8950168fe9f48..110dbbc05f2a6 100755 --- a/x-pack/plugins/elastic_assistant/server/plugin.ts +++ b/x-pack/plugins/elastic_assistant/server/plugin.ts @@ -109,10 +109,12 @@ export class ElasticAssistantPlugin this.getElserId = createGetElserId(this.mlTrainedModelsProvider); } }); - removeLegacyQuickPrompt(core.elasticsearch.client.asInternalUser).then((res) => { - if (res?.total) - this.logger.info(`Removed ${res.total} legacy quick prompts from AI Assistant`); - }); + removeLegacyQuickPrompt(core.elasticsearch.client.asInternalUser) + .then((res) => { + if (res?.total) + this.logger.info(`Removed ${res.total} legacy quick prompts from AI Assistant`); + }) + .catch(() => {}); return { actions: plugins.actions,