You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixes
[internal/210](elastic/docs-content-internal#210)
by applying various updates to the existing EASE documentation. Also
fixes
[internal/202](elastic/docs-content-internal#202)
by referencing the automatic actions you can take on alerts from
scheduled Attack Discovery runs.
---------
Co-authored-by: Nastasha Solomon <[email protected]>
Copy file name to clipboardExpand all lines: solutions/security/ai/ease/ease-intro.md
+27-7Lines changed: 27 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,9 @@ applies_to:
6
6
---
7
7
# Elastic AI SOC Engine with {{sec-serverless}}
8
8
9
-
Elastic AI Security Operations Center (SOC) Engine (EASE) is an {{sec-serverless}} project type that provides AI-powered tools and case management to augment third-party SIEM and EDR/XDR platforms. This page describes how to create an {{sec-serverless}} EASE project, how to ingest your data, and how to use its key features.
9
+
Elastic AI SOC Engine (EASE) is an {{sec-serverless}} project type that provides cutting-edge AI-powered tools to augment your existing SIEM and EDR/XDR platforms. Because serverless deployments are quick to deploy and easy to configure, and because all the integrations that you can use to ingest data to EASE support fast and easy [agentless](/solutions/security/get-started/agentless-integrations.md) deployment, you can start getting value from EASE in minutes.
10
+
11
+
This page describes how to create an EASE project, how to ingest your data, and how to use its key features.
10
12
11
13
## Create an EASE project
12
14
@@ -21,21 +23,29 @@ To create an EASE project:
21
23
2. Click **Create serverless project**, and wait for your project to be provisioned. When it's ready, open it.
22
24
23
25
24
-
## Ingest your SOC data
26
+
## Ingest your SIEM and EDR/XDR data
25
27
26
-
To ingest your SOC data:
28
+
To ingest third-party security data:
27
29
28
30
1. Go to the **Configurations** page using the navigation menu or the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
2. From the **Integrations** tab, select any [integration](integration-docs://reference/index.md) you want to ingest data from to view deployment instructions and more information.
37
+
2. From the **Integrations** tab, select a SIEM and EDR/XDR platform from which you want to ingest data to view setup instructions and more information. You can ingest data from:
38
+
39
+
* CrowdStrike
40
+
* Elastic Security
41
+
* Google SecOps
42
+
* Microsoft Sentinel
43
+
* SentinelOne
44
+
* Splunk
35
45
36
46
## Select a model
37
47
38
-
EASE uses LLM connectors to enable its AI features such as Attack Discovery and AI Assistant. The Elastic Managed LLM is enabled by default. You can also [create custom connectors](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). Keep in mind that different models [perform differently](/solutions/security/ai/large-language-model-performance-matrix.md) on different tasks.
48
+
EASE uses LLM connectors to enable its AI features such as Attack Discovery and AI Assistant. The Elastic Managed LLM is enabled by default. You can also [configure your own third-party LLM connector](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). Keep in mind that different models [perform differently](/solutions/security/ai/large-language-model-performance-matrix.md) on different tasks.
39
49
40
50
41
51
## Features
@@ -46,13 +56,23 @@ EASE provides a set of capabilities designed to help make the most of each secur
-**[AI Assistant](/solutions/security/ai/ai-assistant.md)**: An LLM-powered virtual assistant specialized for digital security; it helps with data analysis, alert investigation, incident response, and {{esql}} query generation. You can add custom background knowledge and data to its [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md) and use natural language to ask for its assistance with your SOC operations.
62
+
You can [schedule](/solutions/security/ai/attack-discovery.md#schedule-discoveries) Attack Discovery to run automatically, and notify you of any discoveries through a range of connectors such as Slack, Teams, PagerDuty, or email.
63
+
64
+
-**[AI Assistant](/solutions/security/ai/ai-assistant.md)**: An LLM-powered virtual assistant specialized for digital security; it helps with data analysis, alert investigation, incident response, and {{esql}} query generation. You can add custom background knowledge and data to its [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md) and use natural language to ask for its assistance with your SOC operations.
You can add custom information to AI Assistant's [Knowledge Base](/solutions/security/ai/ai-assistant-knowledge-base.md), either in the form of individual documents or entire indices containing numerous documents. This information informs the AI Assistant's responses and can include everything from threat intelligence, to information about your team's on-call rotation, to information about your infrastructure, and more.
52
72
53
73
-**[Cases](/solutions/security/investigate/cases.md)**: Helps you track and share related information about security issues. Track key investigation details and collect alerts in a central location.
0 commit comments