[Serverless] [Attack discovery] twin PR for AI IA and AD note update (#…

…5512)

* creates AI for security section, updates note on AD page

* Update docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx

Co-authored-by: Nastasha Solomon <[email protected]>

* fix build errors, update docnav

* fixes build error

* fixes broken link

* fixes docnav

* troubleshoot build error

* remove unnecessary page

* merge conflict shenanigans

* Delete docs/serverless/assistant/llm-connector-guides.mdx

---------

Co-authored-by: Nastasha Solomon <[email protected]>

docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx

@@ -0,0 +1,8 @@
+---
+slug: /serverless/security/ai-for-security
+title: AI for security
+description: Learn about Elastic's native AI security tools.
+tags: [ 'serverless', 'security', 'overview', 'LLM', 'artificial intelligence' ]
+status: in review
+---
+You can use ((elastic-sec))’s built-in AI tools to speed up your work and augment your team’s capabilities. The pages in this section describe <DocLink slug="/serverless/security/ai-assistant"/>, which answers questions and enhances your workflows throughout Elastic Security, and <DocLink slug="/serverless/security/attack-discovery"/>, which speeds up the triage process by finding patterns and identifying attacks spanning multiple alerts. 

docs/serverless/attack-discovery/attack-discovery.mdx → docs/serverless/AI-for-security/attack-discovery.mdx

@@ -41,7 +41,13 @@ While Attack discovery is compatible with many different models, our testing fou
 
 3. Once you've selected a connector, click **Generate** to start the analysis. 
 
-It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours.
+It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. 
+
+<DocCallOut title="Important">
+Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. By default it only analyzes up to 20 alerts within this timeframe, but you can expand this up to 100 by going to **AI Assistant → Settings (<DocIcon type="gear" title="settings icon"/>) → Knowledge Base** and updating the **Alerts** setting.
+</DocCallOut>
+
+![AI Assistant knowledge base menu](../images/ai-assistant/assistant-kb-menu.png)
 
 
 <DocCallOut title="Important">

docs/serverless/assistant/llm-connector-guides.mdx → docs/serverless/AI-for-security/llm-connector-guides.mdx

@@ -14,5 +14,4 @@ Setup guides are available for the following LLM providers:
 * <DocLink slug="/serverless/security/connect-to-bedrock" text="Amazon Bedrock"/>
 * <DocLink slug="/serverless/security/connect-to-openai" text="OpenAI"/>
 * <DocLink slug="/serverless/security/connect-to-google-vertex" text="Google Vertex"/>
-* <DocLink slug="/serverless/security/connect-to-byo-llm" text="Bring your own local LLM"/>
 

docs/serverless/serverless-security.docnav.json

@@ -18,15 +18,17 @@
     {
       "slug": "/serverless/security/security-ui", 
       "classic-sources": [ "enSecurityEsUiOverview" ]
-    },
-    {
-      "slug": "/serverless/security/attack-discovery"
-    },    
+    }, 
     {
-      "label": "AI Assistant",
-      "slug": "/serverless/security/ai-assistant",
-      "classic-sources": [ "enSecuritySecurityAssistant" ],
+      "label": "AI for security",
+      "slug": "/serverless/security/ai-for-security",
       "items": [
+        {
+          "slug": "/serverless/security/ai-assistant"
+        },  
+        {
+          "slug": "/serverless/security/attack-discovery"
+        },   
         {
           "slug": "/serverless/security/llm-connector-guides",
           "items": [