diff --git a/docs/assistant/llm-performance-matrix.asciidoc b/docs/assistant/llm-performance-matrix.asciidoc new file mode 100644 index 0000000000..e36b7bf01d --- /dev/null +++ b/docs/assistant/llm-performance-matrix.asciidoc @@ -0,0 +1,15 @@ +[[llm-performance-matrix]] += Large language model performance matrix + +This table describes the performance of various large language models (LLMs) for different use cases in {elastic-sec}, based on our internal testing. To learn more about these use cases, refer to <> or <>. + +[cols="1,1,1,1,1,1,1", options="header"] +|=== +| *Feature* | *Model* | | | | | +| | *Claude 3: Opus* | *Claude 3: Sonnet* | *Claude 3: Haiku* | *GPT-4o* | *GPT-4 Turbo*| *GPT-4 32K* + +| *Assistant - General* | Excellent | Excellent | Excellent | Excellent | Excellent | Excellent +| *Assistant - {esql} Generation*| Great | Great | Poor | Excellent | Poor | Excellent +| *Assistant - Alert Questions* | Excellent | Excellent | Excellent | Excellent | Poor | Good (limited context) +| *Attack discovery* | Excellent | Great | Poor | Poor | Good | Good (limited context) +|=== diff --git a/docs/assistant/security-assistant.asciidoc b/docs/assistant/security-assistant.asciidoc index eed0a54a63..8a3a0e2dcd 100644 --- a/docs/assistant/security-assistant.asciidoc +++ b/docs/assistant/security-assistant.asciidoc @@ -223,6 +223,7 @@ In addition to practical advice, AI Assistant can offer conceptual advice, tips, include::ai-alert-triage.asciidoc[leveloffset=+1] +include::llm-performance-matrix.asciidoc[leveloffset=+1] include::azure-openai-setup.asciidoc[leveloffset=+1] include::connect-to-openai.asciidoc[leveloffset=+1] include::connect-to-bedrock.asciidoc[leveloffset=+1] diff --git a/docs/serverless/assistant/llm-performance-matrix.mdx b/docs/serverless/assistant/llm-performance-matrix.mdx new file mode 100644 index 0000000000..bec3ea79a5 --- /dev/null +++ b/docs/serverless/assistant/llm-performance-matrix.mdx @@ -0,0 +1,19 @@ +--- +id: llm-performance-matrix +slug: /serverless/security/llm-performance-matrix +title: Large language model performance matrix +description: Learn how different models perform on different tasks in ((elastic-sec)). +tags: ["security", "overview", "get-started"] +status: in review +--- + +This table describes the performance of various large language models (LLMs) for different use cases in ((elastic-sec)), based on our internal testing. To learn more about these use cases, refer to or . + +| **Feature:** | **Model** | | | | | | +|-------------------------------|-----------------------|--------------------|--------------------|------------|-----------------|----------------| +| | **Claude 3: Opus** | **Claude 3: Sonnet** | **Claude 3: Haiku** | **GPT-4o** | **GPT-4 Turbo** | **GPT-4 32K** | +| **Assistant: general** | Excellent | Excellent | Excellent | Excellent | Excellent | Excellent | +| **Assistant: ((esql)) generation** | Great | Great | Poor | Excellent | Poor | Excellent | +| **Assistant: alert questions** | Excellent | Excellent | Excellent | Excellent | Poor | Good (limited context) | +| **Attack discovery** | Excellent | Great | Poor | Poor | Good | Good (limited context) | + diff --git a/docs/serverless/serverless-security.docnav.json b/docs/serverless/serverless-security.docnav.json new file mode 100644 index 0000000000..fbc65af420 --- /dev/null +++ b/docs/serverless/serverless-security.docnav.json @@ -0,0 +1,658 @@ +{ + "mission": "Elastic Security", + "id": "serverless-security", + "landingPageId": "serverlessSecurityWhatIsSecurityServerless", + "icon": "logoSecurity", + "description": "Description to be written", + "items": [ + { + "pageId": "serverlessSecurityOverview", + "classic-sources": [ "enSecurityEsOverview" ] + }, + { + "pageId": "serverlessSecurityBilling" + }, + { + "pageId": "serverlessSecurityCreateProject" + }, + { + "pageId": "serverlessSecurityEsUiOverview", + "classic-sources": [ "enSecurityEsUiOverview" ] + }, + { + "pageId": "attackDiscovery" + }, + { + "label": "Elastic AI Assistant", + "pageId": "serverlessSecurityAIAssistant", + "classic-sources": [ "enSecuritySecurityAssistant" ], + "items": [ + { + "id":"serverlessSecurityAssistantAlertTriage" + }, + { + "id":"llm-performance-matrix" + }, + { + "id": "serverlessSecurityConnectBedrock" + }, + { + "id": "serverlessSecurityConnectOpenAI" + }, + { + "id": "serverlessSecurityConnectAzureOpenAI" + } + ] + }, + { + "label": "Ingest data", + "pageId": "serverlessSecurityIngestData", + "classic-sources": [ "enSecurityIngestData" ], + "items": [ + { + "id": "serverlessSecurityThreatIntelligence", + "classic-sources": [ "enSecurityEsThreatIntelIntegrations" ] + } + ] + }, + { + "label": "Secure your endpoints", + "pageId": "serverlessSecurityInstallDefend", + "classic-sources": [ "enSecurityInstallEndpoint" ], + "items": [ + { + "label": "Prevent Agent uninstallation", + "id": "serverlessSecurityAgentTamperProtection" + }, + { + "label": "Configure an integration policy", + "id": "serverlessSecurityConfigureEndpointIntegrationPolicy", + "classic-sources": [ "enSecurityConfigureEndpointIntegrationPolicy" ], + "items": [ + { + "label": "Configure protection updates", + "id": "serverlessSecurityProtectionArtifactControl" + }, + { + "id": "serverlessSecurityEndpointDiagnosticData", + "classic-sources": [ "enSecurityEndpointDiagnosticData" ] + }, + { + "label": "Self-healing rollback (Windows)", + "id": "serverlessSecuritySelfHealingRollback", + "classic-sources": [ "enSecuritySelfHealingRollback" ] + }, + { + "label": "File system monitoring (Linux)", + "id": "serverlessSecurityLinuxFileMonitoring", + "classic-sources": [ "enSecurityLinuxFileMonitoring" ] + } + ] + }, + { + "id": "serverlessSecurityElasticEndpointDeployReqs", + "classic-sources": [ "enSecurityElasticEndpointDeployReqs" ], + "items": [ + { + "label": "macOS Catalina through Monterey", + "id": "serverlessSecurityDeployElasticEndpoint", + "classic-sources": [ "enSecurityDeployElasticEndpoint" ] + }, + { + "label": "macOS Ventura and higher", + "id": "serverlessSecurityDeployElasticEndpointVen", + "classic-sources": [ "enSecurityDeployElasticEndpointVen" ] + }, + { + "label": "Enable the Endgame sensor (Optional)", + "id": "serverlessSecurityEndgameSensorFullDiskAccess", + "classic-sources": [ "enSecurityEndgameSensorFullDiskAccess" ] + } + ] + }, + { + "id": "serverlessSecurityUninstallAgent" + }, + { + "label": "Uninstall Elastic Endpoint", + "id": "serverlessSecurityUninstallEndpoint", + "classic-sources": [ "enSecurityUninstallEndpoint" ] + } + ] + }, + { + "pageId": "serverlessSecurityCloudNativeSecurityOverview", + "classic-sources": [ "enSecurityCloudNativeSecurityOverview" ], + "items": [ + { + "id": "serverlessSecuritySecurityPostureManagement", + "classic-sources": [ "enSecuritySecurityPostureManagement" ] + }, + { + "id": "serverlessEnableCloudSecurity" + }, + { + "id": "serverlessSecurityCspm", + "classic-sources": [ "enSecurityCspm" ], + "items": [ + { + "id": "serverlessSecurityCspmGetStarted", + "classic-sources": [ "enSecurityCspmGetStarted" ] + }, + { + "id": "serverlessSecurityCspmGetStartedGcp", + "classic-sources": [ "enSecurityCspmGetStartedGcp" ] + }, + { + "id": "serverlessSecurityCspmGetStartedAzure", + "classic-sources": [ "enSecurityCspmGetStartedAzure" ] + }, + { + "id": "serverlessSecurityCspmFindingsPage", + "classic-sources": [ "enSecurityCspmFindingsPage" ] + }, + { + "id": "serverlessSecurityBenchmarkRules", + "classic-sources": [ "enSecurityCspmBenchmarkRules" ] + }, + { + "id": "serverlessSecurityCloudPostureDashboard", + "classic-sources": [ "enSecurityCloudPostureDashboard" ] + }, + { + "id": "serverlessSecurityCspmSecurityPostureFaq", + "classic-sources": [ "enSecurityCspmSecurityPostureFaq" ] + } + ] + }, + { + "id": "serverlessSecurityKspm", + "classic-sources": [ "enSecurityKspm" ], + "items": [ + { + "id": "serverlessSecurityGetStartedWithKspm", + "classic-sources": [ "enSecurityGetStartedWithKspm" ] + }, + { + "id": "serverlessSecurityCspmFindingsPage", + "classic-sources": [ "enSecurityCspmFindingsPage" ] + }, + { + "id": "serverlessSecurityBenchmarkRules", + "classic-sources": [ "enSecurityBenchmarkRules" ] + }, + { + "id": "serverlessSecurityCloudPostureDashboard", + "classic-sources": [ "enSecurityCloudPostureDashboard" ] + }, + { + "id": "serverlessSecuritySecurityPostureFaq", + "classic-sources": [ "enSecuritySecurityPostureFaq" ] + } + ] + }, + { + "id": "serverlessSecurityVulnManagementOverview", + "classic-sources": [ "enSecurityVulnManagementOverview" ], + "items": [ + { + "id": "serverlessSecurityVulnManagementGetStarted", + "classic-sources": [ "enSecurityVulnManagementGetStarted" ] + }, + { + "id": "serverlessSecurityVulnManagementFindings", + "classic-sources": [ "enSecurityVulnManagementFindings" ] + }, + { + "id": "serverlessSecurityVulnManagementDashboardDash", + "classic-sources": [ "ensSecurityVulnManagementDashboardDash" ] + }, + { + "id": "serverlessSecurityVulnManagementFaq", + "classic-sources": [ "enSecurityVulnManagementFaq" ] + } + ] + }, + { + "id": "serverlessSecurityD4cOverview", + "classic-sources": [ "enSecurityD4cOverview" ], + "items": [ + { + "id": "serverlessSecurityD4cGetStarted", + "classic-sources": [ "enSecurityD4cGetStarted" ] + }, + { + "id": "serverlessSecurityD4cPolicyGuide", + "classic-sources": [ "enSecurityD4cPolicyGuide" ] + }, + { + "id": "serverlessSecurityKubernetesDashboardDash", + "classic-sources": [ "enSecurityKubernetesDashboard" ] + } + ] + }, + { + "id": "serverlessSecurityCloudWorkloadProtection", + "classic-sources": [ "enSecurityCloudWorkloadProtection" ], + "items": [ + { + "id": "serverlessSecuritySessionView", + "classic-sources": [ "enSecuritySessionView" ] + }, + { + "id": "serverlessSecurityEnvironmentVariableCapture", + "classic-sources": [ "enSecurityEnvironmentVariableCapture" ] + } + ] + } + ] + }, + { + "pageId": "serverlessSecurityExploreYourData", + "classic-sources": [ "enSecurityExploreYourData" ], + "items": [ + { + "id": "serverlessSecurityHostsOverview", + "classic-sources": [ "enSecurityHostsOverview" ] + }, + { + "id": "serverlessSecurityNetworkPageOverview", + "classic-sources": [ "enSecurityNetworkPageOverview" ] + }, + { + "id": "serverlessSecurityUsersPage", + "classic-sources": [ "enSecurityUsersPage" ] + }, + { + "id": "serverlessSecurityDataViewsInSec", + "classic-sources": [ "enSecurityDataViewsInSec" ] + }, + { + "label": "Create runtime fields", + "id": "serverlessSecurityRuntimeFields", + "classic-sources": [ "enSecurityRuntimeFields" ] + }, + { + "id": "serverlessSecuritySiemFieldReference", + "classic-sources": [ "enSecuritySiemFieldReference" ] + } + ] + }, + { + "pageId": "serverlessSecurityDashboardsOverview", + "classic-sources": [ "enSecurityDashboardsOverview" ], + "items": [ + { + "label": "Overview", + "id": "serverlessSecurityOverviewDashboard", + "classic-sources": [ "enSecurityOverviewDashboard" ] + }, + { + "label": "Detection & Response", + "id": "serverlessSecurityDetectionResponseDashboard", + "classic-sources": [ "enSecurityDetectionResponseDashboard" ] + }, + { + "label": "Kubernetes", + "id": "serverlessSecurityKubernetesDashboardDash", + "classic-sources": [ "enSecurityKubernetesDashboard" ] + }, + { + "label": "Cloud Security Posture", + "id": "serverlessSecurityCloudPostureDashboard", + "classic-sources": [ "enSecurityCloudPostureDashboard" ] + }, + { + "label": "Entity Analytics", + "id": "serverlessSecurityDetectionEntityDashboard", + "classic-sources": [ "enSecurityDetectionEntityDashboard" ] + }, + { + "label": "Data Quality", + "id": "serverlessSecurityDataQualityDash" + }, + { + "label": "Cloud Native Vulnerability Management", + "id": "serverlessSecurityVulnManagementDashboardDash", + "classic-sources": [ "ensSecurityVulnManagementDashboardDash" ] + }, + { + "label": "Detection rule monitoring", + "id": "serverlessSecurityRuleMonitoringDashboard", + "classic-sources": [ "enSecurityRuleMonitoringDashboard" ] + } ] + }, + { + "pageId": "serverlessSecurityDetectionEngineOverview", + "classic-sources": [ "enSecurityDetectionEngineOverview" ] + }, + { + "label": "Rules", + "pageId": "serverlessSecurityAboutRules", + "classic-sources": [ "enSecurityAboutRules" ], + "items": [ + { + "id": "serverlessSecurityRulesUiCreate", + "classic-sources": [ "enSecurityRulesUiCreate" ], + "items": [ + { + "id": "serverlessSecurityInteractiveInvestigationGuides", + "classic-sources": [ "enSecurityInteractiveInvestigationGuides" ] + }, + { + "id": "serverlessSecurityBuildingBlockRule", + "classic-sources": [ "enSecurityBuildingBlockRule" ] + } + ] + }, + { + "label": "Use Elastic prebuilt rules", + "id": "serverlessSecurityPrebuiltRulesManagement", + "classic-sources": [ "enSecurityPrebuiltRulesManagement" ] + }, + { + "id": "serverlessSecurityRulesUiManagement", + "classic-sources": [ "enSecurityRulesUiManagement" ] + }, + { + "id": "serverlessSecurityAlertsUiMonitor", + "classic-sources": [ "enSecurityAlertsUiMonitor" ] + }, + { + "id": "serverlessSecurityDetectionsUiExceptions", + "classic-sources": [ "enSecurityDetectionsUiExceptions" ], + "items": [ + { + "id": "serverlessSecurityValueListsExceptions", + "classic-sources": [ "enSecurityValueListsExceptions" ] + }, + { + "id": "serverlessSecurityAddExceptions", + "classic-sources": [ "enSecurityAddExceptions" ] + }, + { + "id": "serverlessSecuritySharedExceptionLists", + "classic-sources": [ "enSecuritySharedExceptionLists" ] + } + ] + }, + { + "id": "serverlessSecurityRulesCoverage", + "classic-sources": [ "enSecurityRulesCoverage" ] + }, + { + "id": "serverlessSecurityTuningDetectionSignals", + "classic-sources": [ "enSecurityTuningDetectionSignals" ] + }, + { + "id": "serverlessSecurityTsDetectionRules", + "classic-sources": [ "enSecurityTsDetectionRules" ] + }, + { + "id": "serverlessSecurityPrebuiltRules", + "classic-sources": [ "enSecurityPrebuiltRules" ], + "classic-skip": true + } + ] + }, + { + "label": "Alerts", + "pageId": "serverlessSecurityAlertsUiManage", + "classic-sources": [ "enSecurityAlertsUiManage" ], + "items": [ + { + "label": "Visualize alerts", + "id": "serverlessSecurityVisualizeAlerts", + "classic-sources": [ "enSecurityVisualizeAlerts" ] + }, + { + "label": "View alert details", + "id": "serverlessSecurityViewAlertDetails", + "classic-sources": [ "enSecurityViewAlertDetails" ] + }, + { + "label": "Add alerts to cases", + "id": "serverlessSecuritySignalsToCases", + "classic-sources": [ "enSecuritySignalsToCases" ] + }, + { + "label": "Suppress alerts", + "id": "serverlessSecurityAlertSuppression", + "classic-sources": [ "enSecurityAlertSuppression" ] + }, + { + "id": "serverlessSecurityReduceNotificationsAlerts", + "classic-sources": [ "enSecurityReduceNotificationsAlerts" ] + }, + { + "id": "serverlessSecurityVisualEventAnalyzer", + "classic-sources": [ "enSecurityVisualEventAnalyzer" ] + }, + { + "id": "serverlessSecurityQueryAlertIndices", + "classic-sources": [ "enSecurityQueryAlertIndices" ] + }, + { + "id": "serverlessSecurityAlertSchema", + "classic-sources": [ "enSecurityAlertSchema" ] + } + ] + }, + { + "label": "Advanced Entity Analytics", + "pageId": "serverlessSecurityAdvancedEntityAnalytics", + "items": [ + { + "label": "Entity risk scoring", + "id": "serverlessSecurityEntityRiskScoring", + "items": [ + { + "label": "Asset criticality", + "id": "serverlessSecurityAssetCriticality" + }, + { + "label": "Turn on risk scoring", + "id": "serverlessSecurityTurnOnRiskEngine" + }, + { + "label": "View risk score data", + "id": "serverlessSecurityAnalyzeRiskScoreData" + } + ] + }, + { + "label": "Advanced behavioral detections", + "id": "serverlessSecurityAdvancedBehavioralDetections", + "items": [ + { + "pageId": "serverlessSecurityMachineLearning", + "classic-sources": [ "enSecurityMachineLearning" ] + }, + { + "id": "serverlessSecurityTuningAnomalyResults", + "classic-sources": [ "enSecurityTuningAnomalyResults" ] + }, + { + "id": "serverlessSecurityBehavioralDetectionUseCases" + }, + { + "id": "serverlessSecurityPrebuiltMlJobs", + "classic-sources": [ "enSecurityPrebuiltMlJobs" ] + } + ] + } + ] + }, + { + "pageId": "serverlessSecurityInvestigateEvents", + "classic-sources": [ "enSecurityInvestigateEvents" ], + "items": [ + { + "id": "serverlessSecurityTimelinesUi", + "classic-sources": [ "enSecurityTimelinesUi" ], + "items": [ + { + "id": "serverlessSecurityTimelineTemplatesUi", + "classic-sources": [ "enSecurityTimelineTemplatesUi" ] + }, + { + "id": "serverlessSecurityTimelineObjectSchema", + "classic-sources": [ "enSecurityTimelineObjectSchema" ] + } + ] + }, + { + "id": "serverlessSecurityCasesOverview", + "classic-sources": [ "enSecurityCasesOverview" ], + "items": [ + { + "id": "serverlessSecurityCasesOpenManage", + "classic-sources": [ "enSecurityCasesOpenManage" ] + }, + { + "id": "serverlessSecurityCasesUiIntegrations", + "classic-sources": [ "enSecurityCasesUiIntegrations" ] + } + ] + }, + { + "id": "serverlessSecurityIndicatorsOfCompromise", + "classic-sources": [ "enSecurityIndicatorsOfCompromise" ] + } + ] + }, + { + "pageId": "serverlessSecurityUseOsquery", + "classic-sources": [ "enSecurityUseOsquery" ], + "items": [ + { + "id": "serverlessSecurityOsqueryResponseAction", + "classic-sources": [ "enSecurityOsqueryResponseAction" ] + }, + { + "id": "serverlessSecurityInvestGuideRunOsquery", + "classic-sources": [ "enSecurityInvestGuideRunOsquery" ] + }, + { + "id": "serverlessSecurityAlertsRunOsquery", + "classic-sources": [ "enSecurityAlertsRunOsquery" ] + }, + { + "id": "serverlessSecurityViewOsqueryResults", + "classic-sources": [ "enSecurityViewOsqueryResults" ] + }, + { + "id": "serverlessSecurityOsqueryPlaceholderFields", + "classic-sources": [ "enSecurityOsqueryPlaceholderFields" ] + } + ] + }, + { + "pageId": "serverlessSecurityResponseActions", + "classic-sources": [ "enSecurityResponseActions" ], + "items": [ + { + "id": "serverlessSecurityAutomatedResponseActions" + }, + { + "id": "serverlessSecurityHostIsolationOv", + "classic-sources": [ "enSecurityHostIsolationOv" ] + }, + { + "id": "serverlessSecurityResponseActionsHistory", + "classic-sources": [ "enSecurityResponseActionsHistory" ] + }, + { + "id": "serverlessSecurityThirdPartyActions" + }, + { + "id": "serverlessSecurityResponseActionsConfig" + } + ] + }, + { + "pageId": "serverlessSecurityManageEndpointProtection", + "classic-sources": [ "enSecuritySecManageIntro" ], + "items": [ + { + "id": "serverlessSecurityEndpointsPage", + "classic-sources": [ "enSecurityAdminPageOv" ] + }, + { + "id": "serverlessSecurityPoliciesPageOv", + "classic-sources": [ "enSecurityPoliciesPageOv" ] + }, + { + "id": "serverlessSecurityTrustedAppsOv", + "classic-sources": [ "enSecurityTrustedAppsOv" ] + }, + { + "id": "serverlessSecurityEventFilters", + "classic-sources": [ "enSecurityEventFilters" ] + }, + { + "id": "serverlessSecurityHostIsolationExceptions", + "classic-sources": [ "enSecurityHostIsolationExceptions" ] + }, + { + "id": "serverlessSecurityBlocklist", + "classic-sources": [ "enSecurityBlocklist" ] + }, + { + "id": "serverlessSecurityEndpointEventCapture" + }, + { + "id": "serverlessSecurityOptimizeEdr", + "classic-sources": [ "enSecurityEndpointArtifacts" ] + }, + { + "id": "serverlessSecurityTroubleshootEndpoints", + "classic-sources": [ "enSecurityTsManagement" ] + } + ] + }, + { + "pageId": "serverlessSecurityAssetManagement" + }, + { + "pageId": "serverlessSecurityManageSettings", + "items": [ + { + "id": "serverlessSecurityProjectSettings" + }, + { + "id": "serverlessSecurityAdvancedSettings", + "classic-sources": [ "enSecurityAdvancedSettings" ] + }, + { + "id": "serverlessSecuritySecRequirements", + "classic-sources": [ "enSecuritySecRequirements" ], + "items": [ + { + "id": "serverlessSecurityDetectionsPermissionsSection", + "classic-sources": [ "enSecurityDetectionsPermissionsSection" ] + }, + { + "id": "serverlessSecurityCasePermissions", + "classic-sources": [ "enSecurityCasePermissions" ] + }, + { + "id": "serverlessSecurityERSRequirements" + }, + { + "id": "serverlessSecurityMlRequirements", + "classic-sources": [ "enSecurityMlRequirements" ] + }, + { + "id": "serverlessSecurityConfMapUi", + "classic-sources": [ "enSecurityConfMapUi" ] + } + ] + } + ] + }, + { + "pageId": "serverlessSecurityTechnicalPreviewLimitations" + } + ] +}