Merge branch 'main' into issue-5291-expand-flyout-removed

.github/workflows/co-docs-builder.yml

@@ -21,11 +21,16 @@ on:
 jobs:
   publish:
     if: contains(github.event.pull_request.labels.*.name, 'ci:doc-build')
-    uses: elastic/workflows/.github/workflows/docs-elastic-co-publish.yml@main
+    uses: elastic/workflows/.github/workflows/docs-versioned-publish.yml@main
     with:
-      subdirectory: 'docs/serverless/'
+      # Refers to Vercel project
+      project-name: elastic-dot-co-docs-preview-docs
+      # Which prebuild step (dev or not)
+      prebuild: wordlake-docs
+      # Docsmobile project dir
+      site-repo: docs-site    
     secrets:
       VERCEL_GITHUB_TOKEN: ${{ secrets.VERCEL_GITHUB_TOKEN_PUBLIC }}
       VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN_PUBLIC }}
       VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID_PUBLIC }}
-      VERCEL_PROJECT_ID_DOCS_CO: ${{ secrets.VERCEL_PROJECT_ID_DOCS_CO_PUBLIC }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID_ELASTIC_DOT_CO_DOCS_PRODUCTION_PUBLIC }}

docs/assistant/ai-alert-triage.asciidoc

@@ -1,5 +1,5 @@
 [[assistant-triage]]
-= Triage alerts with Elastic AI Assistant
+= Triage alerts
 Elastic AI Assistant can help you enhance and streamline your alert triage workflows by assessing multiple recent alerts in your environment, and helping you interpret an alert and its context. 
 
 When you view an alert in {elastic-sec}, details such as related documents, hosts, and users appear alongside a synopsis of the events that triggered the alert. This data provides a starting point for understanding a potential threat. AI Assistant can answer questions about this data and offer insights and actionable recommendations to remediate the issue.

docs/assistant/ai-esql-queries.asciidoc

@@ -0,0 +1,23 @@
+[[esql-queries-assistant]]
+= Generate, customize, and learn about {esql} queries
+
+:frontmatter-description: Elastic AI Assistant can help you write ES|QL queries.
+:frontmatter-tags-products: [security]
+:frontmatter-tags-content-type: [guide]
+:frontmatter-tags-user-goals: [get-started]
+
+Elastic AI Assistant can help you learn about and leverage the Elasticsearch Query Language ({esql}). 
+
+With AI Assistant's <<ai-assistant-knowledge-base, {esql} knowledge base>> enabled, AI Assistant benefits from specialized training data that enables it to answer questions related to {esql} at an expert level. 
+
+AI Assistant can help with {esql} in many ways, including:
+
+* **Education and training**: AI Assistant can serve as a powerful {esql} learning tool. Ask it for examples, explanations of complex queries, and best practices.
+* **Writing new queries**: Prompt AI Assistant to provide a query that accomplishes a particular task, and it will generate a query matching your description. For example: "Write a query to identify documents with `curl.exe` usage and calculate the sum of `destination.bytes`" or "What query would return all user logins to [a host] in the last six hours?"
+* **Providing feedback to optimize existing queries**: Send AI Assistant a query you want to work on and ask it for improvements, refactoring, a general assessment, or to optimize the query's performance with large data sets.
+* **Customizing queries for your environment**: Since each environment is unique, you may need to customize queries that you used in other contexts. AI Assistant can suggest necessary modifications based on contextual information you provide. 
+* **Troubleshooting**: Having trouble with a query or getting unexpected results? Ask AI Assistant to help you troubleshoot.
+
+In these ways and others, AI Assistant can enable you to make use of {esql}'s advanced search capabilities to accomplish goals across {elastic-sec}. 
+
+

docs/assistant/assistant-use-cases.asciidoc

@@ -0,0 +1,10 @@
+[[assistant-use-cases]]
+= AI Assistant use cases
+
+Elastic AI Assistant's flexibility means you can use it for many different purposes. These topics describe some of the possible uses for AI Assistant within {elastic-sec}:
+
+* <<attack-discovery-ai-assistant-incident-reporting>>
+* <<assistant-triage>>
+* <<esql-queries-assistant>>
+
+For general information about AI Assistant, refer to <<security-assistant, AI Assistant>>.

docs/assistant/azure-openai-setup.asciidoc

@@ -72,7 +72,7 @@ Now, set up the Azure OpenAI model:
 ** If you select `gpt-4`, set the **Model version** to `0125-Preview`. 
 ** If you select `gpt-4-32k`, set the **Model version** to `default`.
 +
-IMPORTANT: The models available to you will depend on https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#model-summary-table-and-region-availability[region availability]. For best results, use `GPT 4 Turbo version 0125-preview` or `GPT 4-32k` with the maximum Tokens-Per-Minute (TPM) capacity. In most regions, the GPT 4 Turbo model offers the largest supported context window.
+IMPORTANT: The models available to you depend on https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#model-summary-table-and-region-availability[region availability]. For best results, use `GPT-4o 2024-05-13` with the maximum Tokens-Per-Minute (TPM) capacity. For more information on how different models perform for different tasks, refer to the <<llm-performance-matrix>>.
 +
 . Under **Deployment type**, select **Standard**.
 . Name your deployment.

docs/assistant/connect-to-openai.asciidoc

@@ -12,7 +12,7 @@ This page provides step-by-step instructions for setting up an OpenAI connector
 
 Before creating an API key, you must choose a model. Refer to the https://platform.openai.com/docs/models/gpt-4-turbo-and-gpt-4[OpenAI docs] to select a model. Take note of the specific model name (for example `gpt-4-turbo`); you'll need it when configuring {kib}.
 
-NOTE: `GPT-4 Turbo` offers increased performance. `GPT-4` and `GPT-3.5` are also supported. 
+NOTE: `GPT-4o` offers increased performance over previous versions. For more information on how different models perform for different tasks, refer to the <<llm-performance-matrix>>.
 
 [discrete]
 === Create an API key
@@ -51,6 +51,7 @@ To integrate with {kib}:
 . Provide a name for your connector, such as `OpenAI (GPT-4 Turbo Preview)`, to help keep track of the model and version you are using.
 . Under **Select an OpenAI provider**, choose **OpenAI**.
 . The **URL** field can be left as default.
+. Under **Default model**, specify which https://platform.openai.com/docs/models/gpt-4-turbo-and-gpt-4[model] you want to use.
 . Paste the API key that you created into the corresponding field.
 . Click **Save**.
 

docs/assistant/llm-connector-guides.asciidoc

@@ -0,0 +1,11 @@
+[[llm-connector-guides]]
+= Set up connectors for large language models (LLM)
+
+This section contains instructions for setting up connectors for LLMs so you can use <<security-assistant, Elastic AI Assistant>> and <<attack-discovery, Attack discovery>>. 
+
+Setup guides are available for the following LLM providers:
+
+* <<assistant-connect-to-azure-openai, Azure OpenAI>>
+* <<assistant-connect-to-bedrock, Amazon Bedrock>>
+* <<assistant-connect-to-openai, OpenAI>>
+

docs/assistant/security-assistant.asciidoc

@@ -8,19 +8,11 @@
 
 The Elastic AI Assistant utilizes generative AI to bolster your cybersecurity operations team. It allows users to interact with {elastic-sec} for tasks such as alert investigation, incident response, and query generation or conversion using natural language and much more.
 
-AI Assistant can connect to multiple LLM providers so you can select the best model for your needs.
-
 [role="screenshot"]
 image::images/assistant-basic-view.png[Image of AI Assistant chat window,90%]
 
 WARNING: The Elastic AI Assistant is designed to enhance your analysis with smart dialogues. Its capabilities are still developing. Users should exercise caution as the quality of its responses might vary. Your insights and feedback will help us improve this feature. Always cross-verify AI-generated advice for accuracy.
 
-.Recommended models
-[sidebar]
---
-While AI Assistant is compatible with many different models, our testing found increased quality with Azure 32k, and faster and more cost-effective responses with Claude 3 Haiku and OpenAI GPT4 Turbo.
---
-
 .Requirements
 [sidebar]
 --
@@ -50,9 +42,13 @@ NOTE: Elastic can automatically anonymize event data that you provide to AI Assi
 [[set-up-ai-assistant]]
 == Set up AI Assistant
 
-You must create a generative AI connector before you can use AI Assistant. 
+You must create a generative AI connector before you can use AI Assistant. AI Assistant can connect to multiple large language model (LLM) providers so you can select the best model for your needs. To set up a connector, refer to <<llm-connector-guides,LLM connector setup guides>>.
 
-For more information about setting up generative AI connectors, refer to <<assistant-connect-to-bedrock>>, <<assistant-connect-to-openai>>, or <<assistant-connect-to-azure-openai>>.
+.Recommended models
+[sidebar]
+--
+While AI Assistant is compatible with many different models, our testing found increased quality with Azure 32k, and faster, more cost-effective responses with Claude 3 Haiku and OpenAI GPT4 Turbo. For more information, refer to the <<llm-performance-matrix>>.
+--
 
 [discrete]
 [[start-chatting]]
@@ -193,8 +189,14 @@ In addition to practical advice, AI Assistant can offer conceptual advice, tips,
 * “I need to monitor for unusual file creation patterns that could indicate ransomware activity. How would I construct this query using EQL?”
 
 
-include::ai-alert-triage.asciidoc[leveloffset=+1]
+include::assistant-use-cases.asciidoc[leveloffset=+1]
+include::ai-alert-triage.asciidoc[leveloffset=+2]
+include::use-attack-discovery-ai-assistant-incident-reporting.asciidoc[leveloffset=+2]
+include::ai-esql-queries.asciidoc[leveloffset=+2]
+
+include::llm-connector-guides.asciidoc[leveloffset=+1]
+include::azure-openai-setup.asciidoc[leveloffset=+2]
+include::connect-to-openai.asciidoc[leveloffset=+2]
+include::connect-to-bedrock.asciidoc[leveloffset=+2]
+
 include::llm-performance-matrix.asciidoc[leveloffset=+1]
-include::azure-openai-setup.asciidoc[leveloffset=+1]
-include::connect-to-openai.asciidoc[leveloffset=+1]
-include::connect-to-bedrock.asciidoc[leveloffset=+1]

docs/assistant/use-attack-discovery-ai-assistant-incident-reporting.asciidoc

@@ -0,0 +1,60 @@
+[[attack-discovery-ai-assistant-incident-reporting]]
+= Identify, investigate, and document threats
+
+:frontmatter-description: Elastic AI Assistant can help you write ES|QL queries.
+:frontmatter-tags-products: [security]
+:frontmatter-tags-content-type: [guide]
+:frontmatter-tags-user-goals: [get-started]
+
+Together, <<security-assistant, Elastic AI Assistant>> and <<attack-discovery,Attack discovery>> can help you identify and mitigate threats, investigate incidents, and generate incident reports in various languages so you can monitor and protect your environment. 
+
+In this guide, you'll learn how to:
+
+* <<use-case-incident-reporting-use-attack-discovery-to-identify-threats, Use Attack discovery to identify threats>>
+* <<use-case-incident-reporting-use-ai-assistant-to-analyze-a-threat, Use AI Assistant to analyze a threat>>
+* <<use-case-incident-reporting-create-a-case-using-ai-assistant,Create a case using AI Assistant>>
+* <<use-case-incident-reporting-translate,Translate incident information to a different human language using AI Assistant>>
+
+
+[discrete]
+[[use-case-incident-reporting-use-attack-discovery-to-identify-threats]]
+== Use Attack discovery to identify threats
+Attack discovery can detect a wide range of threats by finding relationships among alerts that may indicate a coordinated attack. This enables you to comprehend how threats move through and affect your systems. Attack discovery generates a detailed summary of each potential threat, which can serve as the basis for further analysis. Learn how to <<attack-discovery,get started with Attack discovery>>.
+
+image::images/attck-disc-11-alerts-disc.png[An Attack discovery card showing an attack with 11 related alerts,90%]
+
+In the example above, Attack discovery found connections between eleven alerts, and used them to identify and describe an attack chain.
+
+After Attack discovery outlines your threat landscape, use Elastic AI Assistant to quickly analyze a threat in detail. 
+
+[discrete]
+[[use-case-incident-reporting-use-ai-assistant-to-analyze-a-threat]]
+== Use AI Assistant to analyze a threat
+
+From a discovery on the Attack discovery page, click **View in AI Assistant** to start a chat that includes the discovery as context. 
+
+AI Assistant can quickly compile essential data and provide suggestions to help you generate an incident report and plan an effective response. You can ask it to provide relevant data or answer questions, such as “How can I remediate this threat?” or “What {esql} query would isolate actions taken by this user?” 
+
+image::images/attck-disc-esql-query-gen-example.png[An AI Assistant dialogue in which the user asks for a purpose-built {esql} query,90%]
+
+The image above shows an {esql} query generated by AI Assistant in response to a user prompt. Learn more about <<esql-queries-assistant,using AI Assistant for {esql}>>.
+
+At any point in a conversation with AI Assistant, you can add data, narrative summaries, and other information from its responses to {elastic-sec}'s case management system to generate incident reports. 
+
+[discrete]
+[[use-case-incident-reporting-create-a-case-using-ai-assistant]]
+== Create a case using AI Assistant
+
+From the AI Assistant dialog window, click **Add to case** (image:images/icon-add-to-case.png[Add to case icon,19,16]) next to a message to add the information in that message to a <<cases-overview,case>>. Cases help centralize relevant details in one place for easy sharing with stakeholders.
+
+If you add a message that contains a discovery to a case, AI Assistant automatically adds the attack summary and all associated alerts to the case. You can also add AI Assistant messages that contain remediation steps and relevant data to the case. 
+
+[discrete]
+[[use-case-incident-reporting-translate]]
+== Translate incident information to a different human language using AI Assistant
+AI Assistant can translate its findings into other human languages, helping to enable collaboration among global security teams, and making it easier to operate within multilingual organizations. 
+
+After AI Assistant provides information in one language, you can ask it to translate its responses. For example, if it provides remediation steps for an incident, you can instruct it to “Translate these remediation steps into Japanese.” You can then add the translated output to a case. This can help team members receive the same information and insights regardless of their primary language.
+
+NOTE: In our internal testing, AI Assistant translations preserved the accuracy of the original content. However, all LLMs can make mistakes, so use caution.
+

docs/attack-discovery/attack-discovery.asciidoc

@@ -9,10 +9,24 @@
 
 preview::["This feature is in technical preview. It may change in the future, and you should exercise caution when using it in production environments. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of GA features."]
 
-NOTE: This feature is available starting with {elastic-sec} version 8.14.0.
-
 Attack discovery leverages large language models (LLMs) to analyze alerts in your environment and identify threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. This can help make the most of each security analyst's time, fight alert fatigue, and reduce your mean time to respond.
 
+For a demo, refer to the following video.
+=======
+++++
+<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script>
+<img
+  style="width: 100%; margin: auto; display: block;"
+  class="vidyard-player-embed"
+  src="https://play.vidyard.com/eT92arEbpRddmSM4JeyzdX.jpg"
+  data-uuid="eT92arEbpRddmSM4JeyzdX"
+  data-v="4"
+  data-type="inline"
+/>
+</br>
+++++
+=======
+
 This page describes:
 
 * <<attack-discovery-generate-discoveries, How to generate discoveries>>
@@ -38,7 +52,7 @@ image::images/select-model-empty-state.png[]
 +
 . Once you've selected a connector, click **Generate** to start the analysis.
 
-It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery only analyzes alerts from the past 24 hours.
+It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours.
 
 IMPORTANT: Attack discovery uses the same data anonymization settings as <<security-assistant, Elastic AI Assistant>>. To configure which alert fields are sent to the LLM and which of those fields are obfuscated, use the Elastic AI Assistant settings. Consider the privacy policies of third-party LLMs before sending them sensitive data.
 

docs/events/timeline-templates.asciidoc

@@ -136,8 +136,7 @@ NOTE: You cannot delete prebuilt templates.
 === Export and import Timeline templates
 
 You can import and export Timeline templates, which enables importing templates
-from one {kib} space or instance to another. Exported templates are saved in an
-http://ndjson.org[`ndjson`] file.
+from one {kib} space or instance to another. Exported templates are saved in an `ndjson` file.
 
 . Go to *Timelines* -> *Templates*.
 . To export templates, do one of the following:

docs/events/timeline-ui-overview.asciidoc

@@ -158,8 +158,7 @@ then select an action from the *Bulk actions* menu.
 == Export and import Timelines
 
 You can export and import Timelines, which enables you to share Timelines from one
-{kib} space or instance to another. Exported Timelines are saved as
-http://ndjson.org[`.ndjson`] files.
+{kib} space or instance to another. Exported Timelines are saved as `.ndjson` files.
 
 To export Timelines:
 

docs/getting-started/elastic-endpoint-reqs.asciidoc

@@ -9,4 +9,18 @@
 To properly deploy {elastic-endpoint} without a Mobile Device Management (MDM) profile, you must manually enable additional permissions on the endpoint before {elastic-endpoint} can be fully functional. For more information, refer to the instructions for your macOS version:
 
 * <<deploy-elastic-endpoint>>
-* <<deploy-elastic-endpoint-ven>>
+* <<deploy-elastic-endpoint-ven>>
+
+[discrete]
+== Minimum system requirements
+
+[width="100%",options="header"]
+|===
+|Requirement |Value
+
+|**CPU** |Under 2%
+|**Disk space** |1 GB
+|**Resident set size (RSS) memory** |500 MB
+|===
+
+

docs/getting-started/siem-ui.asciidoc

@@ -299,8 +299,7 @@ drop area for further introspection.
 ==== Export and import timelines
 
 You can import and export timelines, which enables importing timelines from one
-{kib} space or instance to another. Exported timelines are saved in an
-http://ndjson.org[`ndjson`] file.
+{kib} space or instance to another. Exported Timelines are saved in an `ndjson` file.
 
 . Go to *SIEM* -> *Timelines*.
 . To export timelines, do one of the following:

docs/getting-started/threat-intel-integrations.asciidoc

@@ -26,19 +26,7 @@ There are a few scenarios when data won't display in the Threat Intelligence vie
 +
 [TIP]
 =========================
-If you know the name of {agent} integration you want to install, you can search for it directly. You can use the following {agent} integrations with the Threat Intelligence view:
-
-* AbuseCH
-* AlienVault OTX
-* Anomali
-* Cybersixgill
-* Maltiverse
-* MISP
-* Mimecast
-* Recorded Future
-* ThreatQuotient
-
-
+If you know the name of {agent} integration you want to install, you can search for it directly. Alternatively, choose the **Threat Intelligence** category to display a list of available {integrations-docs}/threat-intelligence-intro[threat intelligence {integrations}].
 =========================
 . Select an {agent} integration, then complete the installation steps.
 . Return to the Threat Intelligence view on the Overview dashboard. If indicator data isn't displaying, refresh the page or refer to these <<troubleshoot-indicators-page, troubleshooting steps>>.

docs/release-notes.asciidoc

@@ -3,6 +3,7 @@
 
 This section summarizes the changes in each release.
 
+* <<release-notes-8.14.1, {elastic-sec} version 8.14.1>>
 * <<release-notes-8.14.0, {elastic-sec} version 8.14.0>>
 * <<release-notes-8.13.4, {elastic-sec} version 8.13.4>>
 * <<release-notes-8.13.3, {elastic-sec} version 8.13.3>>