From ca84dd74a2e2103a9bdab027f0713ccec9d17425 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Thu, 30 Nov 2023 17:21:15 -0500 Subject: [PATCH] Expand AI Assistant query advice (#4294) * first pass at incorporating Dhru's input * incorporates edits * Update docs/assistant/security-assistant.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * Update docs/assistant/security-assistant.asciidoc Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> * incorporates feedback * Update docs/assistant/security-assistant.asciidoc Co-authored-by: Joe Peeples --------- Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Co-authored-by: Joe Peeples (cherry picked from commit b37854d5dc83302ebc93de6d970aa35495f91b20) --- docs/assistant/security-assistant.asciidoc | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/assistant/security-assistant.asciidoc b/docs/assistant/security-assistant.asciidoc index f815d5648e..afe188a15e 100644 --- a/docs/assistant/security-assistant.asciidoc +++ b/docs/assistant/security-assistant.asciidoc @@ -177,4 +177,17 @@ To enable the knowledge base: . Turn on the *Knowledge Base* option. . Click *Save*. The knowledge base is now active. + -When the knowledge base is active, a quick prompt for {esql} queries becomes available. It provides a good starting point for your {esql} conversations and questions. \ No newline at end of file +When the knowledge base is active, a quick prompt for {esql} queries becomes available. It provides a good starting point for your {esql} conversations and questions. + +[discrete] +[[ai-assistant-queries]] +### Get the most from your queries + +Elastic AI Assistant helps you take full advantage of the {elastic-sec} platform to improve your security operations. Its ability to assist you depends on the specificity and detail of your questions. The more context and detail you provide, the more tailored and useful its responses will be. + +To maximize its usefulness, consider using more detailed prompts or asking for additional information. For instance, after asking for an {esql} query example, you could ask a follow-up question like, “Could you give me some other examples?” You can also ask for clarification or further exposition, for example "Please provide comments explaining the query you just gave." + +In addition to practical advice, AI Assistant can offer conceptual advice, tips, and best practices for enhancing your security measures. You can ask it, for example: + +* “How do I set up a {ml} job in {elastic-sec} to detect anomalies in network traffic volume over time?” +* “I need to monitor for unusual file creation patterns that could indicate ransomware activity. How would I construct this query using EQL?”