You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: solutions/security/ai/ai-assistant-knowledge-base.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -146,20 +146,17 @@ Refer to the following video for an example of this process (click to play video
146
146
Add an index as a knowledge source when you want information in that index to inform AI Assistant’s responses. Common security examples include asset inventories, network configuration information, on-call matrices, threat intelligence reports, and vulnerability scans. When you update the index with new information, AI Assistant will gain access to the new information.
147
147
148
148
::::{important}
149
-
Indices added to Knowledge Base must have at least one field mapped as [semantic text](elasticsearch://reference/elasticsearch/mapping-reference/semantic-text.md).
149
+
Indices added to Knowledge Base must have at least one field mapped as [semantic text](elasticsearch://reference/elasticsearch/mapping-reference/semantic-text.md).
150
+
151
+
{applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` You can use a text field instead of a semantic text field, though semantic text fields still offer better performance.
150
152
::::
151
153
152
154
1. To open **Security AI settings**, use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md) to find "AI Assistant for Security." Select the **Knowledge Base** tab.
153
155
2. Click **New → Index**.
154
156
3. Name the knowledge source.
155
157
4. Under **Sharing**, select whether this knowledge should be **Global** or **Private**.
156
158
5. Under **Index**, enter the name of the index you want to use as a knowledge source.
157
-
6. Under **Field**, enter the names of one or more semantic text fields within the index.
158
-
159
-
:::{note}
160
-
{applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` You can use a text field instead of a semantic text field, though semantic text fields still offer better performance.
161
-
:::
162
-
159
+
6. Under **Field**, enter the names of one or more semantic text ({applies_to}`stack: ga 9.1` {applies_to}`serverless: ga` or text) fields within the index.
163
160
7. Under **Data Description**, describe when this information should be used by AI Assistant.
164
161
8. Under **Query Instruction**, describe how AI Assistant should query this index to retrieve relevant documents.
165
162
9. Under **Output Fields**, list the fields which AI Assistant should look at when reviewing documents in this index. If none are listed, all fields are sent.
Copy file name to clipboardExpand all lines: solutions/security/ai/usecase-knowledge-base-walkthrough.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ However, you can also copy and paste the information to directly [add it as a ma
40
40
:alt: Knowledge base's Edit document entry menu showing a snippet of an on call rotation document
41
41
:::
42
42
43
-
Whichever method you use to add the information to Knowledge Base, consier making it **Required knowledge**. This will ensure that all of AI Assistant's responses are informed by the on-call rotation, even if your prompt doesn't specify that the information is relevant. This makes it more likely that AI Assistant will suggest appropriate escalation steps when you ask it about a threat.
43
+
Whichever method you use to add the information to Knowledge Base, consider making it **Required knowledge**. This will ensure that all of AI Assistant's responses are informed by the on-call rotation, even if your prompt doesn't specify that the information is relevant. This makes it more likely that AI Assistant will suggest appropriate escalation steps when you ask it about a threat.
44
44
45
45
### Add your threat hunting playbooks to Knowledge Base
46
46
@@ -62,7 +62,7 @@ Be creative, and experiment with adding different types of information to optimi
62
62
63
63
## Video demo: investigate an Attack Discovery using AI Assistant's Knowledge Base
64
64
65
-
The following video demo starts with a potential threat identified using Attack Discovery, and shows how the information you've added to Knowledge Base greatly increases AI Assistant's ability to help guide your team's incident response (click to play):
65
+
The following video demo starts with a potential threat identified using Attack Discovery, and shows how the information you've added to Knowledge Base greatly increases AI Assistant's ability to help guide your team's incident response (click to play video):
66
66
67
67
[](https://videos.elastic.co/watch/SGrcygEFBCEJRURGjR8sMh?)
0 commit comments