diff --git a/solutions/security/ai/attack-discovery.md b/solutions/security/ai/attack-discovery.md index e53ec2947f..bde524e0d9 100644 --- a/solutions/security/ai/attack-discovery.md +++ b/solutions/security/ai/attack-discovery.md @@ -90,7 +90,7 @@ You can select which alerts Attack Discovery will process by filtering based on :::{admonition} How to add non-ECS fields to Attack Discovery Attack Discovery is designed for use with alerts based on data that complies with ECS, and by default only analyses ECS-compliant fields. However, you can enable Attack Discovery to review additional fields by following these steps: -1. Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** button to open AI Assistant. +1. Select an alert with some of the non-ECS fields you want to analyze, and go to its details flyout. From here, use the **Ask AI Assistant** or **Add to chat** button to open an AI chat. 2. At the bottom of the chat window, the alert's information appears. Click **Edit** to open the anonymization window to this alert's fields. 3. Search for and select the non-ECS fields you want Attack Discovery to analyze. Set them to **Allowed**. 4. Check the `Update presets` box to add the allowed fields to the space's default anonymization settings. @@ -149,7 +149,7 @@ There are several ways you can incorporate discoveries into your {{elastic-sec}} * Hover over an entity’s name to either add the entity to Timeline (![Add to timeline icon](/solutions/images/security-icon-add-to-timeline.png "title =20x20")) or copy its field name and value to the clipboard (![Copy to clipboard icon](/solutions/images/security-icon-copy.png "title =20x20")). * Click **Take action**, then select **Add to new case** or **Add to existing case** to add a discovery to a [case](/solutions/security/investigate/cases.md). This makes it easy to share the information with your team and other stakeholders. * Click **Investigate in timeline** to explore the discovery in [Timeline](/solutions/security/investigate/timeline.md). -* Click **View in AI Assistant** to attach the discovery to a conversation with AI Assistant. You can then ask follow-up questions about the discovery or associated alerts. +* Click **View in AI Assistant** or **Add to chat** to attach the discovery to a conversation. You can then ask follow-up questions about the discovery or associated alerts. :::{image} /solutions/images/security-add-discovery-to-assistant.gif :alt: Attack Discovery view in AI Assistant diff --git a/solutions/security/ai/ease/ease-alerts.md b/solutions/security/ai/ease/ease-alerts.md index 8ed179cc46..888fc0e0cd 100644 --- a/solutions/security/ai/ease/ease-alerts.md +++ b/solutions/security/ai/ease/ease-alerts.md @@ -31,6 +31,6 @@ You can take several actions from the alert details flyout: The recommended actions are informed by any relevant custom knowledge you may have added to the AI Assistant's [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md). For example, if you have specified a particular teammate is responsible for a particular type of alert of part of your infrastructure, it would recommend contacting that person. ::: -- **Ask AI Assistant**: To start a conversation with [AI Assistant](/solutions/security/ai/ai-assistant.md), select one of the suggested prompts or click **Ask AI Assistant**. +- **Ask AI Assistant** or **Add to chat**: To start an AI chat, select one of the suggested prompts or click **Ask AI Assistant** or **Add to chat**. - **Add to case**: To add an alert to a new or existing case, scroll to the bottom and click **Take action**, then **Add to existing case** or **Add to new case**. - **Apply alert tags**: To add tags to an alert, scroll to the bottom of its flyout and click **Take action**, then **Apply alert tags**. (To create new tags, navigate to the **Advanced settings** page using the navigation menu or the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), and update the **Alert tagging options**.) \ No newline at end of file diff --git a/solutions/security/ai/identify-investigate-document-threats.md b/solutions/security/ai/identify-investigate-document-threats.md index aa0fba14fc..a478cf99d6 100644 --- a/solutions/security/ai/identify-investigate-document-threats.md +++ b/solutions/security/ai/identify-investigate-document-threats.md @@ -43,7 +43,7 @@ After Attack discovery outlines your threat landscape, use Elastic AI Assistant ## Use AI Assistant to analyze a threat [use-case-incident-reporting-use-ai-assistant-to-analyze-a-threat] -From a discovery on the Attack discovery page, click **View in AI Assistant** to start a chat that includes the discovery as context. +From a discovery on the Attack discovery page, click **View in AI Assistant** or **Add to chat** to start a chat that includes the discovery as context. :::{image} /solutions/images/security-attck-disc-remediate-threat.gif :alt: A dialogue with AI Assistant that has the attack discovery as context