From 95fea5eeb4376ced39e10a0fed08f1d2c1354e9c Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 17 Jun 2024 12:04:00 -0700 Subject: [PATCH 1/4] first test of new org --- .../ai-alert-triage.asciidoc | 0 .../ai-esql-queries.asciidoc | 0 docs/AI-for-security/ai-for-security.asciidoc | 24 ++++++++++++++++++ .../ai-use-cases.asciidoc} | 0 .../attack-discovery.asciidoc | 0 .../azure-openai-setup.asciidoc | 0 .../connect-to-bedrock.asciidoc | 0 .../connect-to-openai.asciidoc | 0 .../images/add-alert-context.gif | Bin .../images/add-discovery-to-assistant.gif | Bin .../images/ai-assistant-button.png | Bin .../images/ai-triage-add-to-case.png | Bin .../images/assistant-anonymization-menu.png | Bin .../images/assistant-basic-view.png | Bin .../images/assistant-settings-menu.png | Bin .../images/assistant.gif | Bin .../images/attack-discovery-full-card.png | Bin .../images/attck-disc-11-alerts-disc.png | Bin .../attck-disc-esql-query-gen-example.png | Bin .../images/icon-add-note.png | Bin .../images/icon-add-to-case.png | Bin .../images/icon-add-to-timeline.png | Bin .../images/icon-clear-red.png | Bin .../images/icon-copy.png | Bin .../images/icon-settings.png | Bin .../images/icon-system-prompt.png | Bin .../images/knowledge-base-settings.png | Bin .../images/quick-prompts.png | Bin .../images/select-model-empty-state.png | Bin .../images/system-prompt.gif | Bin .../llm-connector-guides.asciidoc | 0 .../llm-performance-matrix.asciidoc | 0 .../security-assistant.asciidoc | 11 -------- ...y-ai-assistant-incident-reporting.asciidoc | 0 .../images/icon-add-to-timeline.png | Bin 599 -> 0 bytes docs/attack-discovery/images/icon-copy.png | Bin 538 -> 0 bytes docs/index.asciidoc | 4 +-- 37 files changed, 25 insertions(+), 14 deletions(-) rename docs/{assistant => AI-for-security}/ai-alert-triage.asciidoc (100%) rename docs/{assistant => AI-for-security}/ai-esql-queries.asciidoc (100%) create mode 100644 docs/AI-for-security/ai-for-security.asciidoc rename docs/{assistant/assistant-use-cases.asciidoc => AI-for-security/ai-use-cases.asciidoc} (100%) rename docs/{attack-discovery => AI-for-security}/attack-discovery.asciidoc (100%) rename docs/{assistant => AI-for-security}/azure-openai-setup.asciidoc (100%) rename docs/{assistant => AI-for-security}/connect-to-bedrock.asciidoc (100%) rename docs/{assistant => AI-for-security}/connect-to-openai.asciidoc (100%) rename docs/{assistant => AI-for-security}/images/add-alert-context.gif (100%) rename docs/{attack-discovery => AI-for-security}/images/add-discovery-to-assistant.gif (100%) rename docs/{assistant => AI-for-security}/images/ai-assistant-button.png (100%) rename docs/{assistant => AI-for-security}/images/ai-triage-add-to-case.png (100%) rename docs/{assistant => AI-for-security}/images/assistant-anonymization-menu.png (100%) rename docs/{assistant => AI-for-security}/images/assistant-basic-view.png (100%) rename docs/{assistant => AI-for-security}/images/assistant-settings-menu.png (100%) rename docs/{assistant => AI-for-security}/images/assistant.gif (100%) rename docs/{attack-discovery => AI-for-security}/images/attack-discovery-full-card.png (100%) rename docs/{assistant => AI-for-security}/images/attck-disc-11-alerts-disc.png (100%) rename docs/{assistant => AI-for-security}/images/attck-disc-esql-query-gen-example.png (100%) rename docs/{assistant => AI-for-security}/images/icon-add-note.png (100%) rename docs/{assistant => AI-for-security}/images/icon-add-to-case.png (100%) rename docs/{assistant => AI-for-security}/images/icon-add-to-timeline.png (100%) rename docs/{assistant => AI-for-security}/images/icon-clear-red.png (100%) rename docs/{assistant => AI-for-security}/images/icon-copy.png (100%) rename docs/{assistant => AI-for-security}/images/icon-settings.png (100%) rename docs/{assistant => AI-for-security}/images/icon-system-prompt.png (100%) rename docs/{assistant => AI-for-security}/images/knowledge-base-settings.png (100%) rename docs/{assistant => AI-for-security}/images/quick-prompts.png (100%) rename docs/{attack-discovery => AI-for-security}/images/select-model-empty-state.png (100%) rename docs/{assistant => AI-for-security}/images/system-prompt.gif (100%) rename docs/{assistant => AI-for-security}/llm-connector-guides.asciidoc (100%) rename docs/{assistant => AI-for-security}/llm-performance-matrix.asciidoc (100%) rename docs/{assistant => AI-for-security}/security-assistant.asciidoc (96%) rename docs/{assistant => AI-for-security}/use-attack-discovery-ai-assistant-incident-reporting.asciidoc (100%) delete mode 100644 docs/attack-discovery/images/icon-add-to-timeline.png delete mode 100644 docs/attack-discovery/images/icon-copy.png diff --git a/docs/assistant/ai-alert-triage.asciidoc b/docs/AI-for-security/ai-alert-triage.asciidoc similarity index 100% rename from docs/assistant/ai-alert-triage.asciidoc rename to docs/AI-for-security/ai-alert-triage.asciidoc diff --git a/docs/assistant/ai-esql-queries.asciidoc b/docs/AI-for-security/ai-esql-queries.asciidoc similarity index 100% rename from docs/assistant/ai-esql-queries.asciidoc rename to docs/AI-for-security/ai-esql-queries.asciidoc diff --git a/docs/AI-for-security/ai-for-security.asciidoc b/docs/AI-for-security/ai-for-security.asciidoc new file mode 100644 index 0000000000..6795fec35d --- /dev/null +++ b/docs/AI-for-security/ai-for-security.asciidoc @@ -0,0 +1,24 @@ +[[ai-for-security]] += AI for security + +:frontmatter-description: Learn to use AI capabilities in {elastic-sec}. +:frontmatter-tags-products: [security] +:frontmatter-tags-content-type: [overview] +:frontmatter-tags-user-goals: [get-started] + +The guides in this section describe use-cases for AI Assistant and Attack discovery. Refer to them to learn about each tool's individual capabilities, and what they can do together. + +include::security-assistant.asciidoc[leveloffset=+1] +include::attack-discovery.asciidoc[leveloffset=+1] + +include::ai-use-cases.asciidoc[leveloffset=+1] +include::ai-alert-triage.asciidoc[leveloffset=+2] +include::use-attack-discovery-ai-assistant-incident-reporting.asciidoc[leveloffset=+2] +include::ai-esql-queries.asciidoc[leveloffset=+2] + +include::llm-connector-guides.asciidoc[leveloffset=+1] +include::azure-openai-setup.asciidoc[leveloffset=+2] +include::connect-to-openai.asciidoc[leveloffset=+2] +include::connect-to-bedrock.asciidoc[leveloffset=+2] + +include::llm-performance-matrix.asciidoc[leveloffset=+1] diff --git a/docs/assistant/assistant-use-cases.asciidoc b/docs/AI-for-security/ai-use-cases.asciidoc similarity index 100% rename from docs/assistant/assistant-use-cases.asciidoc rename to docs/AI-for-security/ai-use-cases.asciidoc diff --git a/docs/attack-discovery/attack-discovery.asciidoc b/docs/AI-for-security/attack-discovery.asciidoc similarity index 100% rename from docs/attack-discovery/attack-discovery.asciidoc rename to docs/AI-for-security/attack-discovery.asciidoc diff --git a/docs/assistant/azure-openai-setup.asciidoc b/docs/AI-for-security/azure-openai-setup.asciidoc similarity index 100% rename from docs/assistant/azure-openai-setup.asciidoc rename to docs/AI-for-security/azure-openai-setup.asciidoc diff --git a/docs/assistant/connect-to-bedrock.asciidoc b/docs/AI-for-security/connect-to-bedrock.asciidoc similarity index 100% rename from docs/assistant/connect-to-bedrock.asciidoc rename to docs/AI-for-security/connect-to-bedrock.asciidoc diff --git a/docs/assistant/connect-to-openai.asciidoc b/docs/AI-for-security/connect-to-openai.asciidoc similarity index 100% rename from docs/assistant/connect-to-openai.asciidoc rename to docs/AI-for-security/connect-to-openai.asciidoc diff --git a/docs/assistant/images/add-alert-context.gif b/docs/AI-for-security/images/add-alert-context.gif similarity index 100% rename from docs/assistant/images/add-alert-context.gif rename to docs/AI-for-security/images/add-alert-context.gif diff --git a/docs/attack-discovery/images/add-discovery-to-assistant.gif b/docs/AI-for-security/images/add-discovery-to-assistant.gif similarity index 100% rename from docs/attack-discovery/images/add-discovery-to-assistant.gif rename to docs/AI-for-security/images/add-discovery-to-assistant.gif diff --git a/docs/assistant/images/ai-assistant-button.png b/docs/AI-for-security/images/ai-assistant-button.png similarity index 100% rename from docs/assistant/images/ai-assistant-button.png rename to docs/AI-for-security/images/ai-assistant-button.png diff --git a/docs/assistant/images/ai-triage-add-to-case.png b/docs/AI-for-security/images/ai-triage-add-to-case.png similarity index 100% rename from docs/assistant/images/ai-triage-add-to-case.png rename to docs/AI-for-security/images/ai-triage-add-to-case.png diff --git a/docs/assistant/images/assistant-anonymization-menu.png b/docs/AI-for-security/images/assistant-anonymization-menu.png similarity index 100% rename from docs/assistant/images/assistant-anonymization-menu.png rename to docs/AI-for-security/images/assistant-anonymization-menu.png diff --git a/docs/assistant/images/assistant-basic-view.png b/docs/AI-for-security/images/assistant-basic-view.png similarity index 100% rename from docs/assistant/images/assistant-basic-view.png rename to docs/AI-for-security/images/assistant-basic-view.png diff --git a/docs/assistant/images/assistant-settings-menu.png b/docs/AI-for-security/images/assistant-settings-menu.png similarity index 100% rename from docs/assistant/images/assistant-settings-menu.png rename to docs/AI-for-security/images/assistant-settings-menu.png diff --git a/docs/assistant/images/assistant.gif b/docs/AI-for-security/images/assistant.gif similarity index 100% rename from docs/assistant/images/assistant.gif rename to docs/AI-for-security/images/assistant.gif diff --git a/docs/attack-discovery/images/attack-discovery-full-card.png b/docs/AI-for-security/images/attack-discovery-full-card.png similarity index 100% rename from docs/attack-discovery/images/attack-discovery-full-card.png rename to docs/AI-for-security/images/attack-discovery-full-card.png diff --git a/docs/assistant/images/attck-disc-11-alerts-disc.png b/docs/AI-for-security/images/attck-disc-11-alerts-disc.png similarity index 100% rename from docs/assistant/images/attck-disc-11-alerts-disc.png rename to docs/AI-for-security/images/attck-disc-11-alerts-disc.png diff --git a/docs/assistant/images/attck-disc-esql-query-gen-example.png b/docs/AI-for-security/images/attck-disc-esql-query-gen-example.png similarity index 100% rename from docs/assistant/images/attck-disc-esql-query-gen-example.png rename to docs/AI-for-security/images/attck-disc-esql-query-gen-example.png diff --git a/docs/assistant/images/icon-add-note.png b/docs/AI-for-security/images/icon-add-note.png similarity index 100% rename from docs/assistant/images/icon-add-note.png rename to docs/AI-for-security/images/icon-add-note.png diff --git a/docs/assistant/images/icon-add-to-case.png b/docs/AI-for-security/images/icon-add-to-case.png similarity index 100% rename from docs/assistant/images/icon-add-to-case.png rename to docs/AI-for-security/images/icon-add-to-case.png diff --git a/docs/assistant/images/icon-add-to-timeline.png b/docs/AI-for-security/images/icon-add-to-timeline.png similarity index 100% rename from docs/assistant/images/icon-add-to-timeline.png rename to docs/AI-for-security/images/icon-add-to-timeline.png diff --git a/docs/assistant/images/icon-clear-red.png b/docs/AI-for-security/images/icon-clear-red.png similarity index 100% rename from docs/assistant/images/icon-clear-red.png rename to docs/AI-for-security/images/icon-clear-red.png diff --git a/docs/assistant/images/icon-copy.png b/docs/AI-for-security/images/icon-copy.png similarity index 100% rename from docs/assistant/images/icon-copy.png rename to docs/AI-for-security/images/icon-copy.png diff --git a/docs/assistant/images/icon-settings.png b/docs/AI-for-security/images/icon-settings.png similarity index 100% rename from docs/assistant/images/icon-settings.png rename to docs/AI-for-security/images/icon-settings.png diff --git a/docs/assistant/images/icon-system-prompt.png b/docs/AI-for-security/images/icon-system-prompt.png similarity index 100% rename from docs/assistant/images/icon-system-prompt.png rename to docs/AI-for-security/images/icon-system-prompt.png diff --git a/docs/assistant/images/knowledge-base-settings.png b/docs/AI-for-security/images/knowledge-base-settings.png similarity index 100% rename from docs/assistant/images/knowledge-base-settings.png rename to docs/AI-for-security/images/knowledge-base-settings.png diff --git a/docs/assistant/images/quick-prompts.png b/docs/AI-for-security/images/quick-prompts.png similarity index 100% rename from docs/assistant/images/quick-prompts.png rename to docs/AI-for-security/images/quick-prompts.png diff --git a/docs/attack-discovery/images/select-model-empty-state.png b/docs/AI-for-security/images/select-model-empty-state.png similarity index 100% rename from docs/attack-discovery/images/select-model-empty-state.png rename to docs/AI-for-security/images/select-model-empty-state.png diff --git a/docs/assistant/images/system-prompt.gif b/docs/AI-for-security/images/system-prompt.gif similarity index 100% rename from docs/assistant/images/system-prompt.gif rename to docs/AI-for-security/images/system-prompt.gif diff --git a/docs/assistant/llm-connector-guides.asciidoc b/docs/AI-for-security/llm-connector-guides.asciidoc similarity index 100% rename from docs/assistant/llm-connector-guides.asciidoc rename to docs/AI-for-security/llm-connector-guides.asciidoc diff --git a/docs/assistant/llm-performance-matrix.asciidoc b/docs/AI-for-security/llm-performance-matrix.asciidoc similarity index 100% rename from docs/assistant/llm-performance-matrix.asciidoc rename to docs/AI-for-security/llm-performance-matrix.asciidoc diff --git a/docs/assistant/security-assistant.asciidoc b/docs/AI-for-security/security-assistant.asciidoc similarity index 96% rename from docs/assistant/security-assistant.asciidoc rename to docs/AI-for-security/security-assistant.asciidoc index a5aaf2c4d7..503b0b837c 100644 --- a/docs/assistant/security-assistant.asciidoc +++ b/docs/AI-for-security/security-assistant.asciidoc @@ -189,14 +189,3 @@ In addition to practical advice, AI Assistant can offer conceptual advice, tips, * “I need to monitor for unusual file creation patterns that could indicate ransomware activity. How would I construct this query using EQL?” -include::assistant-use-cases.asciidoc[leveloffset=+1] -include::ai-alert-triage.asciidoc[leveloffset=+2] -include::use-attack-discovery-ai-assistant-incident-reporting.asciidoc[leveloffset=+2] -include::ai-esql-queries.asciidoc[leveloffset=+2] - -include::llm-connector-guides.asciidoc[leveloffset=+1] -include::azure-openai-setup.asciidoc[leveloffset=+2] -include::connect-to-openai.asciidoc[leveloffset=+2] -include::connect-to-bedrock.asciidoc[leveloffset=+2] - -include::llm-performance-matrix.asciidoc[leveloffset=+1] diff --git a/docs/assistant/use-attack-discovery-ai-assistant-incident-reporting.asciidoc b/docs/AI-for-security/use-attack-discovery-ai-assistant-incident-reporting.asciidoc similarity index 100% rename from docs/assistant/use-attack-discovery-ai-assistant-incident-reporting.asciidoc rename to docs/AI-for-security/use-attack-discovery-ai-assistant-incident-reporting.asciidoc diff --git a/docs/attack-discovery/images/icon-add-to-timeline.png b/docs/attack-discovery/images/icon-add-to-timeline.png deleted file mode 100644 index c01802253c9bcdce92c73a72a5b247e06b9d2761..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 599 zcmeAS@N?(olHy`uVBq!ia0vp^NWwh5fMn+o3~+T5%7 z^7HH8WT6f1ECwb5lNdi~q&~SD6+CtQF}d*hsgY@7M<>se3-9cd>}+&MVrc2Va->H< z`1jx0=GSw~_%}VReYi(6O+{?Y`OVe>(``4pT@by%xkbR}hlg*B)Rr_I!L92>PONw@ z=zpeV*NgQHN0t^c>rdw{f4%DWy`Gq_vAy=zvdpW#p~ zn0c^H`sdm|R#J+(4$>B?pKH#25#(5Nt4`MK*2%U#es0Q+3KzKQqRKSmHkd@o8~;+C z{>V_^?aLUce(%M$bG;vblvn_w43$Gp|Brg_5c4cj+2Wk(^5RSzz20vndcDV=cX(gD k@cqn*3!QgsPBK_Bu)X|~^h@G@J}81bUHx3vIVCg!0Oq04R{#J2 diff --git a/docs/attack-discovery/images/icon-copy.png b/docs/attack-discovery/images/icon-copy.png deleted file mode 100644 index e0a53121d987f6eb82effd57debf7c25ded374ee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 538 zcmeAS@N?(olHy`uVBq!ia0vp^Ng-hKr`#a1CD1Nnu&Wz_nP>xpQ_ z{JMB_qUpjGj!i6kZ@N5{s(YoXnT7WkbhR?qK#$A12wbOH6NEb8Gsg3C*VS99BF!o1?BnzqY|RLf14 Y4D*jR{poC!`VI Date: Mon, 17 Jun 2024 13:40:52 -0700 Subject: [PATCH 2/4] fixes build error --- docs/index.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.asciidoc b/docs/index.asciidoc index c56b3adfab..6791f36c90 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -18,7 +18,7 @@ include::getting-started/index.asciidoc[] include::getting-started/security-ui.asciidoc[] -include::assistant/ai-for-security.asciidoc[] +include::AI-for-security/ai-for-security.asciidoc[] include::dashboards/dashboards-overview.asciidoc[] From fff812ae5064a3eacc59b14be20317af9c485d0e Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 17 Jun 2024 14:34:58 -0700 Subject: [PATCH 3/4] updates landing pages --- docs/AI-for-security/ai-for-security.asciidoc | 2 +- docs/AI-for-security/ai-use-cases.asciidoc | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/AI-for-security/ai-for-security.asciidoc b/docs/AI-for-security/ai-for-security.asciidoc index 6795fec35d..66bf3672b6 100644 --- a/docs/AI-for-security/ai-for-security.asciidoc +++ b/docs/AI-for-security/ai-for-security.asciidoc @@ -6,7 +6,7 @@ :frontmatter-tags-content-type: [overview] :frontmatter-tags-user-goals: [get-started] -The guides in this section describe use-cases for AI Assistant and Attack discovery. Refer to them to learn about each tool's individual capabilities, and what they can do together. +You can use {elastic-sec}'s built-in AI tools to speed up your work and augment your team's capabilities. The pages in this section describe <>, which answers questions and enhances your workflows throughout {elastic-sec}, and <>, which speeds up the triage process by finding patterns and identifying attacks spanning multiple alerts. include::security-assistant.asciidoc[leveloffset=+1] include::attack-discovery.asciidoc[leveloffset=+1] diff --git a/docs/AI-for-security/ai-use-cases.asciidoc b/docs/AI-for-security/ai-use-cases.asciidoc index 5a92f80197..41f860054b 100644 --- a/docs/AI-for-security/ai-use-cases.asciidoc +++ b/docs/AI-for-security/ai-use-cases.asciidoc @@ -1,10 +1,10 @@ [[assistant-use-cases]] = AI Assistant use cases -Elastic AI Assistant's flexibility means you can use it for many different purposes. These topics describe some of the possible uses for AI Assistant within {elastic-sec}: +The guides in this section describe use-cases for AI Assistant and Attack discovery. Refer to them for examples of each tool's individual capabilities, and of what they can do together. * <> * <> * <> -For general information about AI Assistant, refer to <>. \ No newline at end of file +For general information, refer to <> or <>. \ No newline at end of file From 435b4fa7ae768db07d3e914cd64ad3d88ee4f151 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 21 Jun 2024 15:37:39 -0700 Subject: [PATCH 4/4] incorporates Nat's review --- docs/AI-for-security/ai-for-security.asciidoc | 10 +++++----- docs/AI-for-security/ai-use-cases.asciidoc | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/AI-for-security/ai-for-security.asciidoc b/docs/AI-for-security/ai-for-security.asciidoc index 66bf3672b6..0a08f8d4da 100644 --- a/docs/AI-for-security/ai-for-security.asciidoc +++ b/docs/AI-for-security/ai-for-security.asciidoc @@ -11,14 +11,14 @@ You can use {elastic-sec}'s built-in AI tools to speed up your work and augment include::security-assistant.asciidoc[leveloffset=+1] include::attack-discovery.asciidoc[leveloffset=+1] +include::llm-connector-guides.asciidoc[leveloffset=+1] +include::azure-openai-setup.asciidoc[leveloffset=+2] +include::connect-to-bedrock.asciidoc[leveloffset=+2] +include::connect-to-openai.asciidoc[leveloffset=+2] + include::ai-use-cases.asciidoc[leveloffset=+1] include::ai-alert-triage.asciidoc[leveloffset=+2] include::use-attack-discovery-ai-assistant-incident-reporting.asciidoc[leveloffset=+2] include::ai-esql-queries.asciidoc[leveloffset=+2] -include::llm-connector-guides.asciidoc[leveloffset=+1] -include::azure-openai-setup.asciidoc[leveloffset=+2] -include::connect-to-openai.asciidoc[leveloffset=+2] -include::connect-to-bedrock.asciidoc[leveloffset=+2] - include::llm-performance-matrix.asciidoc[leveloffset=+1] diff --git a/docs/AI-for-security/ai-use-cases.asciidoc b/docs/AI-for-security/ai-use-cases.asciidoc index 41f860054b..5d73139ead 100644 --- a/docs/AI-for-security/ai-use-cases.asciidoc +++ b/docs/AI-for-security/ai-use-cases.asciidoc @@ -1,10 +1,10 @@ [[assistant-use-cases]] -= AI Assistant use cases += Use cases -The guides in this section describe use-cases for AI Assistant and Attack discovery. Refer to them for examples of each tool's individual capabilities, and of what they can do together. +The guides in this section describe use cases for AI Assistant and Attack discovery. Refer to them for examples of each tool's individual capabilities and of what they can do together. -* <> * <> +* <> * <> For general information, refer to <> or <>. \ No newline at end of file