AI Assistant chat sharing

solutions/security/ai/ai-assistant.md

@@ -112,28 +112,266 @@ Be sure to specify which language you’d like AI Assistant to use when writing
 AI Assistant can remember particular information you tell it to remember. For example, you could tell it: "When anwering any question about srv-win-s1-rsa or an alert that references it, mention that this host is in the New York data center". This will cause it to remember the detail you highlighted.
 ::::
 
+## Share conversations
+
+```{applies_to}
+stack: ga 9.2
+serverless: ga
+```
+
+Conversations that you start with AI Assistant are private by default and not visible to other members of your team. You have two ways to share conversations - either with selected members or more broadly to everyone with access to the space.
+
+To share a conversation, do one of the following:
+
+- Click the **Private** / **Shared** / **Restricted** badge next to the conversation's title. Use the dropdown menu to define the chat's visibility. If you select **Restricted**, a modal appears where you can select which users have access.
+  ::::{image} /solutions/images/ai-assistant-shared-status-badge.png
+  :alt: AI Assistant chat with the sharing status dropdown open
+  :screenshot:
+  ::::
+- Go to **AI Assistant settings -> Conversations** to view all conversations you've started. Update their visibility as desired.
+
+
+Once a conversation is shared, you can copy its URL to easily link it to your team:
+
+- Open an AI Assistant chat, open the **Conversation settings** menu and select **Copy URL**.
+- Open the **Conversations** tab of the AI Assistant settings page, then select the one you want to share and click **Copy URL**.
+
+When someone shares a chat with you, you can review it but can't continue the conversation, since it is owned by another user. However, you can duplicate a shared conversation and continue where your colleague left off. To duplicate a shared conversation:
+
+- Open an AI Assistant chat, open the **Conversation settings** menu and select **Duplicate**.
+- Open the **Conversations** tab of the AI Assistant settings page, then select the one you want to duplicate and click **Duplicate**.
+
+There are several [audit events](kibana://reference/kibana-audit-events.md) related to conversation sharing. Click each title to show an example:
+
+:::{dropdown} 1. security_assistant_conversation_shared
+```
+{
+  "event": {
+    "action": "security_assistant_conversation_shared",
+    "category": [
+      "database"
+    ],
+    "type": [
+      "change"
+    ],
+    "outcome": "success"
+  },
+  "user": {
+    "id": "u_xSVO6jcSCvoEcle7e3XVVfBU4Swm1R8-x7pi5bxrSvU_0",
+    "name": "test_daija_glover",
+    "roles": [
+      "superuser"
+    ]
+  },
+  "kibana": {
+    "space_id": "default",
+    "session_id": "1AZ8kfSYHzVO5ZMZ97DrNi1wjN6BFKHTw75KH8WiF7w="
+  },
+  "trace": {
+    "id": "7e080b32-41b4-453b-80fe-b9c1e12a1c57"
+  },
+  "client": {
+    "ip": "127.0.0.1"
+  },
+  "http": {
+    "request": {
+      "headers": {
+        "x-forwarded-for": "127.0.0.1"
+      }
+    }
+  },
+  "service": {
+    "node": {
+      "roles": [
+        "background_tasks",
+        "ui"
+      ]
+    }
+  },
+  "ecs": {
+    "version": "9.0.0"
+  },
+  "@timestamp": "2025-08-26T13:16:10.422-06:00",
+  "message": "User has shared conversation [id=b873b917-2fd0-4452-98e8-8c359f6acbfa, title=\"Getting Started with Elastic Security\"] to all users in the space",
+  "log": {
+    "level": "INFO",
+    "logger": "plugins.security.audit.ecs"
+  },
+  "process": {
+    "pid": 61536,
+    "uptime": 65.705743792
+  },
+  "span": {
+    "id": "8364fa9bf07311d6"
+  }
+}
+```
+:::
+
+:::{dropdown} 2. security_assistant_conversation_private
+```
+{
+  "event": {
+    "action": "security_assistant_conversation_private",
+    "category": [
+      "database"
+    ],
+    "type": [
+      "change"
+    ],
+    "outcome": "success"
+  },
+  "user": {
+    "id": "u_xSVO6jcSCvoEcle7e3XVVfBU4Swm1R8-x7pi5bxrSvU_0",
+    "name": "test_daija_glover",
+    "roles": [
+      "superuser"
+    ]
+  },
+  "kibana": {
+    "space_id": "default",
+    "session_id": "1AZ8kfSYHzVO5ZMZ97DrNi1wjN6BFKHTw75KH8WiF7w="
+  },
+  "trace": {
+    "id": "ae998403-8453-44ae-a9b8-ac8002c3bf28"
+  },
+  "client": {
+    "ip": "127.0.0.1"
+  },
+  "http": {
+    "request": {
+      "headers": {
+        "x-forwarded-for": "127.0.0.1"
+      }
+    }
+  },
+  "service": {
+    "node": {
+      "roles": [
+        "background_tasks",
+        "ui"
+      ]
+    }
+  },
+  "ecs": {
+    "version": "9.0.0"
+  },
+  "@timestamp": "2025-08-26T13:15:46.300-06:00",
+  "message": "User has made private conversation [id=b873b917-2fd0-4452-98e8-8c359f6acbfa, title=\"Getting Started with Elastic Security\"]",
+  "log": {
+    "level": "INFO",
+    "logger": "plugins.security.audit.ecs"
+  },
+  "process": {
+    "pid": 61536,
+    "uptime": 41.582780958
+  },
+  "span": {
+    "id": "68a0d5f52faa17d4"
+  }
+}
+```
+:::
+
+:::{dropdown} 3. security_assistant_conversation_restricted
+```
+{
+  "event": {
+    "action": "security_assistant_conversation_restricted",
+    "category": [
+      "database"
+    ],
+    "type": [
+      "change"
+    ],
+    "outcome": "success"
+  },
+  "user": {
+    "id": "u_xSVO6jcSCvoEcle7e3XVVfBU4Swm1R8-x7pi5bxrSvU_0",
+    "name": "test_daija_glover",
+    "roles": [
+      "superuser"
+    ]
+  },
+  "kibana": {
+    "space_id": "default",
+    "session_id": "1AZ8kfSYHzVO5ZMZ97DrNi1wjN6BFKHTw75KH8WiF7w="
+  },
+  "trace": {
+    "id": "b59f9790-87ff-45f0-b28e-1d9ffa6cfb09"
+  },
+  "client": {
+    "ip": "127.0.0.1"
+  },
+  "http": {
+    "request": {
+      "headers": {
+        "x-forwarded-for": "127.0.0.1"
+      }
+    }
+  },
+  "service": {
+    "node": {
+      "roles": [
+        "background_tasks",
+        "ui"
+      ]
+    }
+  },
+  "ecs": {
+    "version": "9.0.0"
+  },
+  "@timestamp": "2025-08-26T14:40:59.897-06:00",
+  "message": "User has restricted conversation [id=b873b917-2fd0-4452-98e8-8c359f6acbfa, title=\"Getting Started with Elastic Security\"] to user ([id=u_LdnmWaOWbWS1ObwqRW2MLWMkWtxCSyiElishzEpew0g_0, name=test_dina_bahringer])",
+  "log": {
+    "level": "INFO",
+    "logger": "plugins.security.audit.ecs"
+  },
+  "process": {
+    "pid": 77921,
+    "uptime": 29.727069625
+  },
+  "span": {
+    "id": "80e57252aceea924"
+  }
+}
+```
+:::
+
 ## Configure AI Assistant [configure-ai-assistant]
 
-To adjust AI Assistant's settings from the chat window, click the **More** (three dots) button in the upper-right.
+To adjust general AI Assistant settings from the chat window, click the **Assistant settings menu** button in the upper-right. 
 
-::::{image} /solutions/images/security-attack-discovery-more-popover.png
-:alt: AI Assistant's more options popover
+::::{image} /solutions/images/security-ai-assistant-settings-menu.png
+:alt: AI Assistant's settings popover
 :screenshot:
 ::::
 
-The first three options (**AI Assistant settings**, **Knowledge Base**, and **Anonymization**) open the corresponding tabs of the **Security AI settings** page. The **Chat options** affect display-only user settings: whether to show or hide anonymized values, and whether to include citations. When citations are enabled, AI Assistant will refer you to information sources including data you've shared with it, information you've added to the [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md), and content from Elastic's Security Labs and [product documentation](/solutions/security/ai/ai-assistant-knowledge-base.md#elastic-docs).
+The first three options (**AI Assistant settings**, **Knowledge Base**, and **Anonymization**) open the corresponding tabs of the **Security AI settings** page. The **Alerts to analyze** button allows you to adjust how many alerts to include as context for your conversation.
 
 The **Security AI settings** page provides a range of configuration options for AI Assistant. To access it directly, use the global search field to search for "AI Assistant for Security".
 
 It has the following tabs:
 
-* **Conversations:** When you open AI Assistant from certain pages, such as **Alerts**, it defaults to the relevant conversation type. For each conversation type, choose the default System Prompt, the default connector, and the default model (if applicable). The **Streaming** setting controls whether AI Assistant’s responses appear word-by-word (streamed), or as a complete block of text. Streaming is currently only available for OpenAI models.
+* **Conversations:** The **Streaming** setting controls whether AI Assistant’s responses appear word-by-word (streamed), or as a complete block of text. After the streaming setting is a list of all saved conversations. From here you can change their visibility, system prompt, and connector.
 * **Connectors:** Manage all LLM connectors.
 * **System Prompts:** Edit existing System Prompts or create new ones. To create a new System Prompt, type a unique name in the **Name** field, then press **enter**. Under **Prompt**, enter or update the System Prompt’s text. Under **Contexts**, select where the System Prompt should appear.
 * **Quick Prompts:** Modify existing Quick Prompts or create new ones. To create a new Quick Prompt, type a unique name in the **Name** field, then press **enter**. Under **Prompt**, enter or update the Quick Prompt’s text.
 * **Anonymization:** Select fields to include as plaintext, to obfuscate, and to not send when you provide events to AI Assistant as context. [Learn more](/solutions/security/ai/ai-assistant.md#ai-assistant-anonymization).
 * **Knowledge base:** Provide additional context to AI Assistant. [Learn more](/solutions/security/ai/ai-assistant-knowledge-base.md).
 
+
+To adjust the settings for a specific chat, click the **Conversation settings** button in the upper-right of its chat window. 
+
+::::{image} /solutions/images/security-ai-assistant-chat-options-menu.png
+:alt: AI Assistant's chat options menu
+:screenshot:
+::::
+
+The **Copy URL** and **Duplicate** options allow you to share conversations (by sending their URL) and to continue conversations that were shared with you (by duplicating them). The **Delete** option appears for the conversation owner only and allows you to remove a saved conversation.
+
+Settings in the **Chat options** section affect display-only user settings: whether to show or hide anonymized values, and whether to include citations. When citations are enabled, AI Assistant will refer you to information sources including data you've shared with it, information you've added to the [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md), and content from Elastic's Security Labs and [product documentation](/solutions/security/ai/ai-assistant-knowledge-base.md#elastic-docs).
+
 ### Anonymization [ai-assistant-anonymization]
 
 ::::{admonition} Requirements