From f6696a69ec58e3af0b0abbdf22b9171e7ec2b3eb Mon Sep 17 00:00:00 2001
From: Benjamin Ironside Goldstein
<91905639+benironside@users.noreply.github.com>
Date: Mon, 8 Jul 2024 14:56:36 -0400
Subject: [PATCH] [Serverless] [Attack discovery] twin PR for AI IA and AD note
update (#5512)
* creates AI for security section, updates note on AD page
* Update docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx
Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
* fix build errors, update docnav
* fixes build error
* fixes broken link
* fixes docnav
* troubleshoot build error
* remove unnecessary page
* merge conflict shenanigans
* Delete docs/serverless/assistant/llm-connector-guides.mdx
---------
Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
---
.../ai-assistant-alert-triage.mdx | 0
.../ai-assistant-esql-queries.mdx | 0
.../ai-assistant.mdx | 0
.../ai-for-security-landing-pg.mdx | 8 ++++++++
.../ai-use-cases.mdx | 0
.../attack-discovery.mdx | 8 +++++++-
.../connect-to-azure-openai.mdx | 0
.../connect-to-bedrock.mdx | 0
.../connect-to-openai.mdx | 0
.../connect-to-vertex.mdx | 0
.../images/attck-disc-11-alerts-disc.png | Bin
.../attck-disc-esql-query-gen-example.png | Bin
.../llm-connector-guides.mdx | 1 -
.../llm-performance-matrix.mdx | 0
...ack-disc-ai-assistant-incident-reporting.mdx | 0
docs/serverless/serverless-security.docnav.json | 16 +++++++++-------
16 files changed, 24 insertions(+), 9 deletions(-)
rename docs/serverless/{assistant => AI-for-security}/ai-assistant-alert-triage.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/ai-assistant-esql-queries.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/ai-assistant.mdx (100%)
create mode 100644 docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx
rename docs/serverless/{assistant => AI-for-security}/ai-use-cases.mdx (100%)
rename docs/serverless/{attack-discovery => AI-for-security}/attack-discovery.mdx (90%)
rename docs/serverless/{assistant => AI-for-security}/connect-to-azure-openai.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/connect-to-bedrock.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/connect-to-openai.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/connect-to-vertex.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/images/attck-disc-11-alerts-disc.png (100%)
rename docs/serverless/{assistant => AI-for-security}/images/attck-disc-esql-query-gen-example.png (100%)
rename docs/serverless/{assistant => AI-for-security}/llm-connector-guides.mdx (90%)
rename docs/serverless/{assistant => AI-for-security}/llm-performance-matrix.mdx (100%)
rename docs/serverless/{assistant => AI-for-security}/usecase-attack-disc-ai-assistant-incident-reporting.mdx (100%)
diff --git a/docs/serverless/assistant/ai-assistant-alert-triage.mdx b/docs/serverless/AI-for-security/ai-assistant-alert-triage.mdx
similarity index 100%
rename from docs/serverless/assistant/ai-assistant-alert-triage.mdx
rename to docs/serverless/AI-for-security/ai-assistant-alert-triage.mdx
diff --git a/docs/serverless/assistant/ai-assistant-esql-queries.mdx b/docs/serverless/AI-for-security/ai-assistant-esql-queries.mdx
similarity index 100%
rename from docs/serverless/assistant/ai-assistant-esql-queries.mdx
rename to docs/serverless/AI-for-security/ai-assistant-esql-queries.mdx
diff --git a/docs/serverless/assistant/ai-assistant.mdx b/docs/serverless/AI-for-security/ai-assistant.mdx
similarity index 100%
rename from docs/serverless/assistant/ai-assistant.mdx
rename to docs/serverless/AI-for-security/ai-assistant.mdx
diff --git a/docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx b/docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx
new file mode 100644
index 0000000000..b4a5b206ac
--- /dev/null
+++ b/docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx
@@ -0,0 +1,8 @@
+---
+slug: /serverless/security/ai-for-security
+title: AI for security
+description: Learn about Elastic's native AI security tools.
+tags: [ 'serverless', 'security', 'overview', 'LLM', 'artificial intelligence' ]
+status: in review
+---
+You can use ((elastic-sec))’s built-in AI tools to speed up your work and augment your team’s capabilities. The pages in this section describe , which answers questions and enhances your workflows throughout Elastic Security, and , which speeds up the triage process by finding patterns and identifying attacks spanning multiple alerts.
\ No newline at end of file
diff --git a/docs/serverless/assistant/ai-use-cases.mdx b/docs/serverless/AI-for-security/ai-use-cases.mdx
similarity index 100%
rename from docs/serverless/assistant/ai-use-cases.mdx
rename to docs/serverless/AI-for-security/ai-use-cases.mdx
diff --git a/docs/serverless/attack-discovery/attack-discovery.mdx b/docs/serverless/AI-for-security/attack-discovery.mdx
similarity index 90%
rename from docs/serverless/attack-discovery/attack-discovery.mdx
rename to docs/serverless/AI-for-security/attack-discovery.mdx
index 6e910f541e..1603aea9ae 100644
--- a/docs/serverless/attack-discovery/attack-discovery.mdx
+++ b/docs/serverless/AI-for-security/attack-discovery.mdx
@@ -41,7 +41,13 @@ While Attack discovery is compatible with many different models, our testing fou
3. Once you've selected a connector, click **Generate** to start the analysis.
-It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours.
+It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected.
+
+
+Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. By default it only analyzes up to 20 alerts within this timeframe, but you can expand this up to 100 by going to **AI Assistant → Settings () → Knowledge Base** and updating the **Alerts** setting.
+
+
+![AI Assistant knowledge base menu](../images/ai-assistant/assistant-kb-menu.png)
diff --git a/docs/serverless/assistant/connect-to-azure-openai.mdx b/docs/serverless/AI-for-security/connect-to-azure-openai.mdx
similarity index 100%
rename from docs/serverless/assistant/connect-to-azure-openai.mdx
rename to docs/serverless/AI-for-security/connect-to-azure-openai.mdx
diff --git a/docs/serverless/assistant/connect-to-bedrock.mdx b/docs/serverless/AI-for-security/connect-to-bedrock.mdx
similarity index 100%
rename from docs/serverless/assistant/connect-to-bedrock.mdx
rename to docs/serverless/AI-for-security/connect-to-bedrock.mdx
diff --git a/docs/serverless/assistant/connect-to-openai.mdx b/docs/serverless/AI-for-security/connect-to-openai.mdx
similarity index 100%
rename from docs/serverless/assistant/connect-to-openai.mdx
rename to docs/serverless/AI-for-security/connect-to-openai.mdx
diff --git a/docs/serverless/assistant/connect-to-vertex.mdx b/docs/serverless/AI-for-security/connect-to-vertex.mdx
similarity index 100%
rename from docs/serverless/assistant/connect-to-vertex.mdx
rename to docs/serverless/AI-for-security/connect-to-vertex.mdx
diff --git a/docs/serverless/assistant/images/attck-disc-11-alerts-disc.png b/docs/serverless/AI-for-security/images/attck-disc-11-alerts-disc.png
similarity index 100%
rename from docs/serverless/assistant/images/attck-disc-11-alerts-disc.png
rename to docs/serverless/AI-for-security/images/attck-disc-11-alerts-disc.png
diff --git a/docs/serverless/assistant/images/attck-disc-esql-query-gen-example.png b/docs/serverless/AI-for-security/images/attck-disc-esql-query-gen-example.png
similarity index 100%
rename from docs/serverless/assistant/images/attck-disc-esql-query-gen-example.png
rename to docs/serverless/AI-for-security/images/attck-disc-esql-query-gen-example.png
diff --git a/docs/serverless/assistant/llm-connector-guides.mdx b/docs/serverless/AI-for-security/llm-connector-guides.mdx
similarity index 90%
rename from docs/serverless/assistant/llm-connector-guides.mdx
rename to docs/serverless/AI-for-security/llm-connector-guides.mdx
index 1c1a8b8fd1..fcdedd575a 100644
--- a/docs/serverless/assistant/llm-connector-guides.mdx
+++ b/docs/serverless/AI-for-security/llm-connector-guides.mdx
@@ -14,5 +14,4 @@ Setup guides are available for the following LLM providers:
*
*
*
-*
diff --git a/docs/serverless/assistant/llm-performance-matrix.mdx b/docs/serverless/AI-for-security/llm-performance-matrix.mdx
similarity index 100%
rename from docs/serverless/assistant/llm-performance-matrix.mdx
rename to docs/serverless/AI-for-security/llm-performance-matrix.mdx
diff --git a/docs/serverless/assistant/usecase-attack-disc-ai-assistant-incident-reporting.mdx b/docs/serverless/AI-for-security/usecase-attack-disc-ai-assistant-incident-reporting.mdx
similarity index 100%
rename from docs/serverless/assistant/usecase-attack-disc-ai-assistant-incident-reporting.mdx
rename to docs/serverless/AI-for-security/usecase-attack-disc-ai-assistant-incident-reporting.mdx
diff --git a/docs/serverless/serverless-security.docnav.json b/docs/serverless/serverless-security.docnav.json
index b351b56af9..07682a08d4 100644
--- a/docs/serverless/serverless-security.docnav.json
+++ b/docs/serverless/serverless-security.docnav.json
@@ -18,15 +18,17 @@
{
"slug": "/serverless/security/security-ui",
"classic-sources": [ "enSecurityEsUiOverview" ]
- },
- {
- "slug": "/serverless/security/attack-discovery"
- },
+ },
{
- "label": "AI Assistant",
- "slug": "/serverless/security/ai-assistant",
- "classic-sources": [ "enSecuritySecurityAssistant" ],
+ "label": "AI for security",
+ "slug": "/serverless/security/ai-for-security",
"items": [
+ {
+ "slug": "/serverless/security/ai-assistant"
+ },
+ {
+ "slug": "/serverless/security/attack-discovery"
+ },
{
"slug": "/serverless/security/llm-connector-guides",
"items": [