From f6696a69ec58e3af0b0abbdf22b9171e7ec2b3eb Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Mon, 8 Jul 2024 14:56:36 -0400 Subject: [PATCH] [Serverless] [Attack discovery] twin PR for AI IA and AD note update (#5512) * creates AI for security section, updates note on AD page * Update docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> * fix build errors, update docnav * fixes build error * fixes broken link * fixes docnav * troubleshoot build error * remove unnecessary page * merge conflict shenanigans * Delete docs/serverless/assistant/llm-connector-guides.mdx --------- Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- .../ai-assistant-alert-triage.mdx | 0 .../ai-assistant-esql-queries.mdx | 0 .../ai-assistant.mdx | 0 .../ai-for-security-landing-pg.mdx | 8 ++++++++ .../ai-use-cases.mdx | 0 .../attack-discovery.mdx | 8 +++++++- .../connect-to-azure-openai.mdx | 0 .../connect-to-bedrock.mdx | 0 .../connect-to-openai.mdx | 0 .../connect-to-vertex.mdx | 0 .../images/attck-disc-11-alerts-disc.png | Bin .../attck-disc-esql-query-gen-example.png | Bin .../llm-connector-guides.mdx | 1 - .../llm-performance-matrix.mdx | 0 ...ack-disc-ai-assistant-incident-reporting.mdx | 0 docs/serverless/serverless-security.docnav.json | 16 +++++++++------- 16 files changed, 24 insertions(+), 9 deletions(-) rename docs/serverless/{assistant => AI-for-security}/ai-assistant-alert-triage.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/ai-assistant-esql-queries.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/ai-assistant.mdx (100%) create mode 100644 docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx rename docs/serverless/{assistant => AI-for-security}/ai-use-cases.mdx (100%) rename docs/serverless/{attack-discovery => AI-for-security}/attack-discovery.mdx (90%) rename docs/serverless/{assistant => AI-for-security}/connect-to-azure-openai.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/connect-to-bedrock.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/connect-to-openai.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/connect-to-vertex.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/images/attck-disc-11-alerts-disc.png (100%) rename docs/serverless/{assistant => AI-for-security}/images/attck-disc-esql-query-gen-example.png (100%) rename docs/serverless/{assistant => AI-for-security}/llm-connector-guides.mdx (90%) rename docs/serverless/{assistant => AI-for-security}/llm-performance-matrix.mdx (100%) rename docs/serverless/{assistant => AI-for-security}/usecase-attack-disc-ai-assistant-incident-reporting.mdx (100%) diff --git a/docs/serverless/assistant/ai-assistant-alert-triage.mdx b/docs/serverless/AI-for-security/ai-assistant-alert-triage.mdx similarity index 100% rename from docs/serverless/assistant/ai-assistant-alert-triage.mdx rename to docs/serverless/AI-for-security/ai-assistant-alert-triage.mdx diff --git a/docs/serverless/assistant/ai-assistant-esql-queries.mdx b/docs/serverless/AI-for-security/ai-assistant-esql-queries.mdx similarity index 100% rename from docs/serverless/assistant/ai-assistant-esql-queries.mdx rename to docs/serverless/AI-for-security/ai-assistant-esql-queries.mdx diff --git a/docs/serverless/assistant/ai-assistant.mdx b/docs/serverless/AI-for-security/ai-assistant.mdx similarity index 100% rename from docs/serverless/assistant/ai-assistant.mdx rename to docs/serverless/AI-for-security/ai-assistant.mdx diff --git a/docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx b/docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx new file mode 100644 index 0000000000..b4a5b206ac --- /dev/null +++ b/docs/serverless/AI-for-security/ai-for-security-landing-pg.mdx @@ -0,0 +1,8 @@ +--- +slug: /serverless/security/ai-for-security +title: AI for security +description: Learn about Elastic's native AI security tools. +tags: [ 'serverless', 'security', 'overview', 'LLM', 'artificial intelligence' ] +status: in review +--- +You can use ((elastic-sec))’s built-in AI tools to speed up your work and augment your team’s capabilities. The pages in this section describe , which answers questions and enhances your workflows throughout Elastic Security, and , which speeds up the triage process by finding patterns and identifying attacks spanning multiple alerts. \ No newline at end of file diff --git a/docs/serverless/assistant/ai-use-cases.mdx b/docs/serverless/AI-for-security/ai-use-cases.mdx similarity index 100% rename from docs/serverless/assistant/ai-use-cases.mdx rename to docs/serverless/AI-for-security/ai-use-cases.mdx diff --git a/docs/serverless/attack-discovery/attack-discovery.mdx b/docs/serverless/AI-for-security/attack-discovery.mdx similarity index 90% rename from docs/serverless/attack-discovery/attack-discovery.mdx rename to docs/serverless/AI-for-security/attack-discovery.mdx index 6e910f541e..1603aea9ae 100644 --- a/docs/serverless/attack-discovery/attack-discovery.mdx +++ b/docs/serverless/AI-for-security/attack-discovery.mdx @@ -41,7 +41,13 @@ While Attack discovery is compatible with many different models, our testing fou 3. Once you've selected a connector, click **Generate** to start the analysis. -It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. +It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. + + +Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. By default it only analyzes up to 20 alerts within this timeframe, but you can expand this up to 100 by going to **AI Assistant → Settings () → Knowledge Base** and updating the **Alerts** setting. + + +![AI Assistant knowledge base menu](../images/ai-assistant/assistant-kb-menu.png) diff --git a/docs/serverless/assistant/connect-to-azure-openai.mdx b/docs/serverless/AI-for-security/connect-to-azure-openai.mdx similarity index 100% rename from docs/serverless/assistant/connect-to-azure-openai.mdx rename to docs/serverless/AI-for-security/connect-to-azure-openai.mdx diff --git a/docs/serverless/assistant/connect-to-bedrock.mdx b/docs/serverless/AI-for-security/connect-to-bedrock.mdx similarity index 100% rename from docs/serverless/assistant/connect-to-bedrock.mdx rename to docs/serverless/AI-for-security/connect-to-bedrock.mdx diff --git a/docs/serverless/assistant/connect-to-openai.mdx b/docs/serverless/AI-for-security/connect-to-openai.mdx similarity index 100% rename from docs/serverless/assistant/connect-to-openai.mdx rename to docs/serverless/AI-for-security/connect-to-openai.mdx diff --git a/docs/serverless/assistant/connect-to-vertex.mdx b/docs/serverless/AI-for-security/connect-to-vertex.mdx similarity index 100% rename from docs/serverless/assistant/connect-to-vertex.mdx rename to docs/serverless/AI-for-security/connect-to-vertex.mdx diff --git a/docs/serverless/assistant/images/attck-disc-11-alerts-disc.png b/docs/serverless/AI-for-security/images/attck-disc-11-alerts-disc.png similarity index 100% rename from docs/serverless/assistant/images/attck-disc-11-alerts-disc.png rename to docs/serverless/AI-for-security/images/attck-disc-11-alerts-disc.png diff --git a/docs/serverless/assistant/images/attck-disc-esql-query-gen-example.png b/docs/serverless/AI-for-security/images/attck-disc-esql-query-gen-example.png similarity index 100% rename from docs/serverless/assistant/images/attck-disc-esql-query-gen-example.png rename to docs/serverless/AI-for-security/images/attck-disc-esql-query-gen-example.png diff --git a/docs/serverless/assistant/llm-connector-guides.mdx b/docs/serverless/AI-for-security/llm-connector-guides.mdx similarity index 90% rename from docs/serverless/assistant/llm-connector-guides.mdx rename to docs/serverless/AI-for-security/llm-connector-guides.mdx index 1c1a8b8fd1..fcdedd575a 100644 --- a/docs/serverless/assistant/llm-connector-guides.mdx +++ b/docs/serverless/AI-for-security/llm-connector-guides.mdx @@ -14,5 +14,4 @@ Setup guides are available for the following LLM providers: * * * -* diff --git a/docs/serverless/assistant/llm-performance-matrix.mdx b/docs/serverless/AI-for-security/llm-performance-matrix.mdx similarity index 100% rename from docs/serverless/assistant/llm-performance-matrix.mdx rename to docs/serverless/AI-for-security/llm-performance-matrix.mdx diff --git a/docs/serverless/assistant/usecase-attack-disc-ai-assistant-incident-reporting.mdx b/docs/serverless/AI-for-security/usecase-attack-disc-ai-assistant-incident-reporting.mdx similarity index 100% rename from docs/serverless/assistant/usecase-attack-disc-ai-assistant-incident-reporting.mdx rename to docs/serverless/AI-for-security/usecase-attack-disc-ai-assistant-incident-reporting.mdx diff --git a/docs/serverless/serverless-security.docnav.json b/docs/serverless/serverless-security.docnav.json index b351b56af9..07682a08d4 100644 --- a/docs/serverless/serverless-security.docnav.json +++ b/docs/serverless/serverless-security.docnav.json @@ -18,15 +18,17 @@ { "slug": "/serverless/security/security-ui", "classic-sources": [ "enSecurityEsUiOverview" ] - }, - { - "slug": "/serverless/security/attack-discovery" - }, + }, { - "label": "AI Assistant", - "slug": "/serverless/security/ai-assistant", - "classic-sources": [ "enSecuritySecurityAssistant" ], + "label": "AI for security", + "slug": "/serverless/security/ai-for-security", "items": [ + { + "slug": "/serverless/security/ai-assistant" + }, + { + "slug": "/serverless/security/attack-discovery" + }, { "slug": "/serverless/security/llm-connector-guides", "items": [