Skip to content

[Security Solution] [AI Assistant] Introducing security labs content as an integration #13967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

[Security Solution] [AI Assistant] Introducing security labs content as an integration #13967

wants to merge 5 commits into from

Conversation

KDKHD
Copy link
Member

@KDKHD KDKHD commented May 22, 2025
edited
Loading

Proposed commit message

Introducing a new integration for the security labs content from https://www.elastic.co/security-labs. The content from security-labs is used to improve the capabilities of the security AI assistant by giving the assistant context on security threats.

Users do not need to install this integration through the integrations page in Kibana. Rather, the integration will be installed when a user sets up the Security AI assistant knowledge base under http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base.

Why

Currently, the security labs content is included in the Kibana repository. There are several problems with the current approach that this integration will solve:

  1. As the security labs content contains information about malware, it is triggering antivirus software, preventing users from upgrading Kibana (Kibana Knowledge Base Files being detected as Malware after update to 8.16 kibana#202114). Moving the content to an integration and removing the Security Labs content from the Kibana build, will ensure that anti virus software does not prevent users from upgrading Kibana.
  2. In addition to the raw content, we would like to include the embeddings for that content in the integration. This way we do not need to generate the embeddings on the user's cluster. In the future, embeddings for the security labs' content can be shipped through this integration. The embeddings are not included in the integration yet, this will be added in the future.

Requires elastic/package-spec#900

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@KDKHD KDKHD changed the title security labs integration [Security Solution] [AI Assistant] Security labs content as an integration May 22, 2025
@KDKHD KDKHD added the enhancement New feature or request label May 22, 2025
@KDKHD KDKHD changed the title [Security Solution] [AI Assistant] Security labs content as an integration [Security Solution] [AI Assistant] Introducing security labs content as an integration May 22, 2025
@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label May 22, 2025
@elasticmachine
Copy link

💔 Build Failed

Failed CI Steps

History

@botelastic
Copy link

botelastic bot commented Jun 21, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jun 21, 2025
@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jul 1, 2025
@botelastic botelastic bot removed the Stalled label Jul 1, 2025
@botelastic
Copy link

botelastic bot commented Jul 31, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jul 31, 2025
@botelastic
Copy link

botelastic bot commented Aug 30, 2025

Hi! This PR has been stale for a while and we're going to close it as part of our cleanup procedure. We appreciate your contribution and would like to apologize if we have not been able to review it, due to the current heavy load of the team. Feel free to re-open this PR if you think it should stay open and is worth rebasing. Thank you for your contribution!

@botelastic botelastic bot closed this Aug 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request New Integration Issue or pull request for creating a new integration package. Stalled

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@KDKHD @elasticmachine @andrewkroh