From e22ec1d31e0ae3a3947a5ccaf60967ed8a76ce4f Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Fri, 5 Jul 2024 13:14:43 -0400 Subject: [PATCH] Updates note about number of alerts AD can analyze (#5511) (cherry picked from commit 1dfd1d6bf443b70e44d87d30bec75f9622cd1720) --- docs/AI-for-security/attack-discovery.asciidoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/AI-for-security/attack-discovery.asciidoc b/docs/AI-for-security/attack-discovery.asciidoc index 0be333f939..e1ac8aa1ce 100644 --- a/docs/AI-for-security/attack-discovery.asciidoc +++ b/docs/AI-for-security/attack-discovery.asciidoc @@ -52,7 +52,11 @@ image::images/select-model-empty-state.png[] + . Once you've selected a connector, click **Generate** to start the analysis. -It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. +It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. + +IMPORTANT: Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours. By default it only analyzes up to 20 alerts within this timeframe, but you can expand this up to 100 by going to **AI Assistant → Settings (image:images/icon-settings.png[Settings icon,17,17]) → Knowledge Base** and updating the **Alerts** setting. + +image::images/knowledge-base-settings.png["AI Assistant's settings menu open to the Knowledge Base tab",75%] IMPORTANT: Attack discovery uses the same data anonymization settings as <>. To configure which alert fields are sent to the LLM and which of those fields are obfuscated, use the Elastic AI Assistant settings. Consider the privacy policies of third-party LLMs before sending them sensitive data.