From 577003ba94a39c6ae60121113b452dd53aa357ac Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Fri, 17 Oct 2025 10:24:56 -0600 Subject: [PATCH 1/2] change --- packages/security_ai_prompts/changelog.yml | 7 ++++++- ...prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json} | 2 +- ...prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json} | 2 +- ...prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json} | 2 +- ...prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json} | 2 +- ...prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json} | 2 +- ...prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json} | 2 +- ..._prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json | 11 +++++++++++ ...prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json} | 2 +- ...prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json} | 2 +- ...prompts-22a200fa-f296-47f1-9ff6-fc358fc2f2da.json} | 2 +- ...prompts-241c9152-838b-42a9-9c47-297813a8e77a.json} | 2 +- ...prompts-24b6282a-4f2c-4784-a824-ba1913599d27.json} | 2 +- ...prompts-2a420484-a337-458f-ae75-865ecedf7f11.json} | 2 +- ..._prompts-2faf4fa3-97d3-4f2d-a388-f836a2a34ced.json | 11 +++++++++++ ...prompts-329ea51f-a2ef-4fd1-8a88-fd4e988c83ba.json} | 2 +- ...prompts-33780766-81d1-46b6-90c8-fa47df237113.json} | 2 +- ...prompts-438d6d4a-3b1a-4ab3-aca6-cc5592a348a1.json} | 2 +- ...prompts-46a5c4e8-ef36-450c-ae8c-cec551d47f69.json} | 2 +- ...prompts-46ea6e3f-b66d-4568-9f8f-f636c3f7120b.json} | 2 +- ...prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json} | 2 +- ...prompts-559d0d95-dd5c-4f49-99be-d90cf0a46c48.json} | 2 +- ...prompts-56f371c4-c535-44b1-a24d-832a962f63bc.json} | 2 +- ...prompts-5a174f68-5d26-436f-bf5d-cea828f3e6be.json} | 2 +- ...prompts-6180ae19-2f82-4445-a45f-7d9e58189bce.json} | 2 +- ...prompts-67077387-43fc-4494-9796-eb352adb4b9a.json} | 2 +- ...prompts-686ff7c4-5ae4-4ba6-81ea-1959fdf644ea.json} | 2 +- ...prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json} | 2 +- ...prompts-6b7dae17-2514-476f-b35e-7a534bafb25e.json} | 2 +- ...prompts-73fb4e3e-285b-4207-a422-489235d528cf.json} | 2 +- ...prompts-747876da-3120-4954-a29e-04bf4cf9cf8c.json} | 2 +- ...prompts-75850752-5c07-47e3-8fc7-d29b82ab7653.json} | 2 +- ...prompts-76513f5d-1f44-4539-a534-c7eab4ca8b04.json} | 2 +- ...prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json} | 2 +- ..._prompts-7fac04b5-61e1-4eef-97c1-e287780463ed.json | 11 +++++++++++ ...prompts-8081020f-ccc7-4d4c-8cd1-f69d8b76cc91.json} | 2 +- ...prompts-8254ef54-9de1-4384-bfaf-9547f9eb9b21.json} | 2 +- ...prompts-84525901-f24e-493b-a2e2-9389649c281f.json} | 2 +- ...prompts-8b5890f2-575f-43bc-b8dc-c78106c576a7.json} | 2 +- ...prompts-8d1bfdaf-44d2-4656-973d-165e5f2f3ce0.json} | 2 +- ...prompts-8ea1ba16-2081-45cd-a845-59507ddab9c4.json} | 2 +- ..._prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json | 11 +++++++++++ ...prompts-93cfa18f-d173-4ac3-9291-c3bdb3502b53.json} | 2 +- ...prompts-9871970b-803c-4ab9-bd60-146bc440188b.json} | 2 +- ...prompts-a0c1737b-94ae-468e-93c7-0e0b1e217410.json} | 2 +- ...prompts-a178f7a0-a295-4fc2-aa1f-348c37869ab6.json} | 2 +- ...prompts-a481ccc8-f772-4672-81bd-1b95024940be.json} | 2 +- ...prompts-a7bd1984-b1e2-4803-a45d-9914a5e9ceb3.json} | 2 +- ...prompts-a86686d1-9d79-43f9-b32a-2c70334f1b8e.json} | 2 +- ...prompts-a97bcef4-1c8e-4922-8c2c-36332c4aead0.json} | 2 +- ...prompts-a99e896f-9408-4a6b-9436-9551921dcf28.json} | 2 +- ...prompts-ad00ba60-8e84-460e-a604-4846562cd979.json} | 2 +- ...prompts-b23d6b1d-4517-4563-84fe-eb573298ac84.json} | 2 +- ...prompts-bc25036c-357a-43e3-8cb3-3ce0f81b1da8.json} | 2 +- ...prompts-bcba3988-582f-45c6-97b7-7f1473fb324f.json} | 2 +- ...prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json} | 2 +- ...prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json} | 2 +- ...prompts-c4af33db-8582-41f3-8304-76220d2c2cda.json} | 2 +- ...prompts-c694ca1b-6b86-4a36-a915-d609bc3cf7f5.json} | 2 +- ...prompts-c7486a1a-f4e0-4582-b92a-6aba512008b5.json} | 2 +- ...prompts-c9998dcc-560c-4567-9ef1-b33c5822c5be.json} | 2 +- ...prompts-ca1b0520-de78-44b5-b339-139be85b499e.json} | 2 +- ...prompts-cb3ee776-534a-466e-8a7c-7c7a826e5994.json} | 2 +- ...prompts-cebdee71-9653-42da-91b3-fa9236b22e1d.json} | 2 +- ...prompts-d07cff63-f06e-41a5-97ba-7028ffda8e3f.json} | 2 +- ...prompts-d0e61047-25e7-4d95-b1e8-20c0ea8c3a5e.json} | 2 +- ...prompts-d1c2bfb9-5637-4d85-8241-eb62da098cc3.json} | 2 +- ...prompts-d3f849a8-0334-4417-b844-03a617ad8d4e.json} | 2 +- ...prompts-d814a2d2-39a0-4864-8f69-d09164c4f50b.json} | 2 +- ...prompts-e55abd2c-fef4-4667-b1eb-f5f9e17d0ce3.json} | 2 +- ...prompts-e6c8239b-82cc-457b-9bb9-e6645a7e04ca.json} | 2 +- ...prompts-f518c7d3-a416-4c4f-99fe-59dceedbe369.json} | 2 +- ...prompts-f6c13a86-df8a-4850-9e4f-c8e2bf95beb7.json} | 2 +- ...prompts-f7c31c49-1772-454e-a18f-12a661c485ec.json} | 2 +- ...prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json} | 2 +- ...prompts-feb28242-6789-4d11-aa2d-e52ccd4f6b98.json} | 2 +- ...prompts-fee84222-b97c-4372-a231-8bcbb892ae26.json} | 2 +- packages/security_ai_prompts/manifest.yml | 2 +- 78 files changed, 123 insertions(+), 74 deletions(-) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json => security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd.json => security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json} (76%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69.json => security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json} (76%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27.json => security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9.json => security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345.json => security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json} (89%) create mode 100644 packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943.json => security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json} (82%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a.json => security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-494f0005-593f-4cfe-aa25-e50dcc8a2577.json => security_ai_prompts-22a200fa-f296-47f1-9ff6-fc358fc2f2da.json} (87%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-960ebd42-a6f5-4cac-9b01-34402966ff43.json => security_ai_prompts-241c9152-838b-42a9-9c47-297813a8e77a.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-6a5ea9d7-047a-400b-bef3-585ab7f529a1.json => security_ai_prompts-24b6282a-4f2c-4784-a824-ba1913599d27.json} (79%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-f14ab966-bcef-4bd6-8cb9-deac16ecb46e.json => security_ai_prompts-2a420484-a337-458f-ae75-865ecedf7f11.json} (78%) create mode 100644 packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2faf4fa3-97d3-4f2d-a388-f836a2a34ced.json rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5.json => security_ai_prompts-329ea51f-a2ef-4fd1-8a88-fd4e988c83ba.json} (80%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-e4dee5ca-6085-4931-b990-44fe50c60bdf.json => security_ai_prompts-33780766-81d1-46b6-90c8-fa47df237113.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-dab4a7bc-9fd3-4542-a02d-e841ed040f93.json => security_ai_prompts-438d6d4a-3b1a-4ab3-aca6-cc5592a348a1.json} (80%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-96f07251-7823-44ed-96e4-f139c3cc0df9.json => security_ai_prompts-46a5c4e8-ef36-450c-ae8c-cec551d47f69.json} (91%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-2d53e5a4-2181-4c8a-9627-e87e5a53e7d6.json => security_ai_prompts-46ea6e3f-b66d-4568-9f8f-f636c3f7120b.json} (92%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-933fc425-2b16-430e-ad11-3e5f10891c7f.json => security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json} (89%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70.json => security_ai_prompts-559d0d95-dd5c-4f49-99be-d90cf0a46c48.json} (90%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-f3c06d2b-2715-4c49-9d4a-960d3f904478.json => security_ai_prompts-56f371c4-c535-44b1-a24d-832a962f63bc.json} (93%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16.json => security_ai_prompts-5a174f68-5d26-436f-bf5d-cea828f3e6be.json} (81%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-a12b671c-5b2c-4d2d-9554-4db91e211246.json => security_ai_prompts-6180ae19-2f82-4445-a45f-7d9e58189bce.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-4f7c4db4-33e2-48dc-9d41-a229fdaa4ac9.json => security_ai_prompts-67077387-43fc-4494-9796-eb352adb4b9a.json} (78%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-8260efc8-102d-4b95-a0bd-9434bb5d6ad7.json => security_ai_prompts-686ff7c4-5ae4-4ba6-81ea-1959fdf644ea.json} (92%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-64739b09-0389-4497-8acb-6a92d6b2e5f5.json => security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json} (81%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-654b1e1e-ce59-422e-98b0-de7eda200473.json => security_ai_prompts-6b7dae17-2514-476f-b35e-7a534bafb25e.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-3493ca5e-4129-4acc-a171-4c7af1590dfa.json => security_ai_prompts-73fb4e3e-285b-4207-a422-489235d528cf.json} (97%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-ba261d81-a819-4823-b205-bcf7d4ff0389.json => security_ai_prompts-747876da-3120-4954-a29e-04bf4cf9cf8c.json} (87%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-42faa6fd-19a2-4a9d-9dce-831ae29b47e9.json => security_ai_prompts-75850752-5c07-47e3-8fc7-d29b82ab7653.json} (85%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-e53f8cf9-a244-4da6-aad5-5219ec4de71e.json => security_ai_prompts-76513f5d-1f44-4539-a534-c7eab4ca8b04.json} (74%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-6ade0382-f97c-43d3-abbe-d11f25f79306.json => security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json} (88%) create mode 100644 packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7fac04b5-61e1-4eef-97c1-e287780463ed.json rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-32f84e9b-0ce7-4f79-8173-7096303e778e.json => security_ai_prompts-8081020f-ccc7-4d4c-8cd1-f69d8b76cc91.json} (78%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-e461a2d5-b7a3-4325-87e5-897265d0bfa7.json => security_ai_prompts-8254ef54-9de1-4384-bfaf-9547f9eb9b21.json} (79%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-5ea0a4fa-617c-426a-b942-dc6d379db02b.json => security_ai_prompts-84525901-f24e-493b-a2e2-9389649c281f.json} (81%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-f40276f1-94c1-4e8e-8d69-43670abf067b.json => security_ai_prompts-8b5890f2-575f-43bc-b8dc-c78106c576a7.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-9c23c1ec-40a2-4af6-9fa7-ef294231243e.json => security_ai_prompts-8d1bfdaf-44d2-4656-973d-165e5f2f3ce0.json} (92%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-8e1ce371-dd53-4d03-bc7a-dbcda0865086.json => security_ai_prompts-8ea1ba16-2081-45cd-a845-59507ddab9c4.json} (93%) create mode 100644 packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-47d666db-ba7a-410e-be1b-6c72ef550671.json => security_ai_prompts-93cfa18f-d173-4ac3-9291-c3bdb3502b53.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0.json => security_ai_prompts-9871970b-803c-4ab9-bd60-146bc440188b.json} (79%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672.json => security_ai_prompts-a0c1737b-94ae-468e-93c7-0e0b1e217410.json} (91%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-6a360530-b0cc-45b2-a5bd-4c0d968ef013.json => security_ai_prompts-a178f7a0-a295-4fc2-aa1f-348c37869ab6.json} (75%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-64446a5a-417c-47ea-9bc2-9323eaaab7ae.json => security_ai_prompts-a481ccc8-f772-4672-81bd-1b95024940be.json} (88%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-e4a1f5a9-9ed0-49e5-97ad-3f21d1d2474f.json => security_ai_prompts-a7bd1984-b1e2-4803-a45d-9914a5e9ceb3.json} (95%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-cdc1cfe9-dd0e-4146-8f58-9527b150d422.json => security_ai_prompts-a86686d1-9d79-43f9-b32a-2c70334f1b8e.json} (83%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-9950bedf-f7bd-4da6-8a08-66c61c5c5511.json => security_ai_prompts-a97bcef4-1c8e-4922-8c2c-36332c4aead0.json} (89%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6.json => security_ai_prompts-a99e896f-9408-4a6b-9436-9551921dcf28.json} (82%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-93ea9d4d-6232-4c91-982c-19b3964d692a.json => security_ai_prompts-ad00ba60-8e84-460e-a604-4846562cd979.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-3c98333d-99fb-4630-8e4d-190e4a455a5f.json => security_ai_prompts-b23d6b1d-4517-4563-84fe-eb573298ac84.json} (86%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-380cfbfd-f607-4cda-80a9-528c5b2534a5.json => security_ai_prompts-bc25036c-357a-43e3-8cb3-3ce0f81b1da8.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-3ff3496e-ae9b-4e5f-9f18-dd47d5795ebe.json => security_ai_prompts-bcba3988-582f-45c6-97b7-7f1473fb324f.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-cfb85685-a14c-47c4-9d73-82c85a41f1b8.json => security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json} (76%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-5a151c77-88b2-461e-b4bd-b6def2434645.json => security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json} (82%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-ec6004a7-82ff-4729-a8ea-1a419038967f.json => security_ai_prompts-c4af33db-8582-41f3-8304-76220d2c2cda.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-8e5cf35f-7739-4fa3-9d4a-975bcd807b6d.json => security_ai_prompts-c694ca1b-6b86-4a36-a915-d609bc3cf7f5.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-f1f04a19-1910-4241-b457-33ecbad0774b.json => security_ai_prompts-c7486a1a-f4e0-4582-b92a-6aba512008b5.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-8f6aeec9-4492-4a90-9637-b0b0bc76774b.json => security_ai_prompts-c9998dcc-560c-4567-9ef1-b33c5822c5be.json} (92%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-81df2110-ce37-4dc6-82ab-3421a4feee11.json => security_ai_prompts-ca1b0520-de78-44b5-b339-139be85b499e.json} (79%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-b7878112-7e66-474a-85f0-2459f00061e1.json => security_ai_prompts-cb3ee776-534a-466e-8a7c-7c7a826e5994.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a.json => security_ai_prompts-cebdee71-9653-42da-91b3-fa9236b22e1d.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-dc5de860-65fc-4f55-ba2d-c71959a137a4.json => security_ai_prompts-d07cff63-f06e-41a5-97ba-7028ffda8e3f.json} (87%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-53c8ed55-faf7-461e-9342-bf8f626da03f.json => security_ai_prompts-d0e61047-25e7-4d95-b1e8-20c0ea8c3a5e.json} (82%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-c086ad6a-4c05-4fcf-a00f-fb27f86b5a08.json => security_ai_prompts-d1c2bfb9-5637-4d85-8241-eb62da098cc3.json} (86%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-92fa95a7-8317-4be3-ad18-fa0dd723854c.json => security_ai_prompts-d3f849a8-0334-4417-b844-03a617ad8d4e.json} (79%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec.json => security_ai_prompts-d814a2d2-39a0-4864-8f69-d09164c4f50b.json} (96%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-b224f6dd-05b3-4442-b236-f8d0a8ce1539.json => security_ai_prompts-e55abd2c-fef4-4667-b1eb-f5f9e17d0ce3.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-a0407601-beab-4b1f-a012-c2426ae2f9a6.json => security_ai_prompts-e6c8239b-82cc-457b-9bb9-e6645a7e04ca.json} (95%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-6471f29d-353e-4618-ad95-223bc4b47683.json => security_ai_prompts-f518c7d3-a416-4c4f-99fe-59dceedbe369.json} (90%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-fda98746-0c09-4010-9aa7-e4567d7a3ac5.json => security_ai_prompts-f6c13a86-df8a-4850-9e4f-c8e2bf95beb7.json} (77%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-30f0ed00-b7bd-4cbb-b739-65b5a819af06.json => security_ai_prompts-f7c31c49-1772-454e-a18f-12a661c485ec.json} (72%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-2aa70b62-afbb-481c-ae30-f3707f2db81b.json => security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json} (79%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-d537db64-9f78-4317-84eb-d9d45bdca3de.json => security_ai_prompts-feb28242-6789-4d11-aa2d-e52ccd4f6b98.json} (94%) rename packages/security_ai_prompts/kibana/security_ai_prompt/{security_ai_prompts-2673d74c-38b4-4990-bfd2-2a277a06f465.json => security_ai_prompts-fee84222-b97c-4372-a231-8bcbb892ae26.json} (85%) diff --git a/packages/security_ai_prompts/changelog.yml b/packages/security_ai_prompts/changelog.yml index c1ce6b69f93..3e33938f472 100644 --- a/packages/security_ai_prompts/changelog.yml +++ b/packages/security_ai_prompts/changelog.yml @@ -1,9 +1,14 @@ # newer versions go on top +- version: "1.0.8" + changes: + - description: "Update ease prompts" + type: enhancement + link: tbd - version: "1.0.7" changes: - description: "Update AI Assistant for Asset Inventory prompt" type: enhancement - link: tbd + link: https://github.com/elastic/integrations/pull/15656 - version: "1.0.6" changes: - description: "Update Security AI prompts with latest changes from Kibana" diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json index e664941beb9..3fdb7fafef8 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json @@ -6,6 +6,6 @@ "default": "Research" } }, - "id": "security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1", + "id": "security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json similarity index 76% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json index 7af64c17875..72269af17c2 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json @@ -6,6 +6,6 @@ "default": "Most important alerts from the last 24 hrs" } }, - "id": "security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd", + "id": "security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json similarity index 76% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json index c6e66baa1ac..6f36b24b50a 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json @@ -6,6 +6,6 @@ "default": "Latest Elastic Security Labs research" } }, - "id": "security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69", + "id": "security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json index 16b3f5a98e3..ab330fafa7e 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json @@ -6,6 +6,6 @@ "default": "Retrieve and summarize the latest Elastic Security Labs articles one by one sorted by latest at the top, and consider using all tools available to you to fulfill this request. Ensure the response includes:\nArticle Summaries\nTitle and Link: Provide the title of each article with a hyperlink to the original content.\nPublication Date: Include the date the article was published.\nKey Insights: Summarize the main points or findings of each article in concise bullet points.\nRelevant Threats or Techniques: Highlight any specific malware, attack techniques, or adversary behaviors discussed, with references to MITRE ATT&CK techniques (include hyperlinks to the official MITRE pages).\nPractical Applications\nDetection and Response Guidance: Provide actionable steps or recommendations based on the article's content, tailored for Elastic Security workflows.\nElastic Security Features: Highlight any Elastic Security features, detection rules, or tools mentioned in the articles, with links to relevant documentation.\nExample Queries: If applicable, include example ES|QL or OSQuery Manager queries inspired by the article's findings, formatted as code blocks.\nDocumentation and Resources\nElastic Security Labs: Include a link to the Elastic Security Labs homepage.\nAdditional References: Provide links to any related Elastic documentation or external resources mentioned in the articles.\nFormatting Requirements\nUse markdown headers, tables, and code blocks for clarity.\nOrganize the response into visually distinct sections.\nUse concise, actionable language. Make sure you use tools available to you to fulfill this request." } }, - "id": "security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27", + "id": "security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json index ef8f3ea424b..9f4d434ef35 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json @@ -6,6 +6,6 @@ "default": "Suggest" } }, - "id": "security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9", + "id": "security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json similarity index 89% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json index ddac1499ffc..6ee0ecf1b60 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json @@ -6,6 +6,6 @@ "default": "You MUST use the \"NaturalLanguageESQLTool\" function when the user wants to:\n - breakdown or filter ES|QL queries that are displayed on the current page\n - convert queries from another language to ES|QL\n - asks general questions about ES|QL\n ALWAYS use this tool to generate ES|QL queries or explain anything about the ES|QL query language rather than coming up with your own answer." } }, - "id": "security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345", + "id": "security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json new file mode 100644 index 00000000000..99eff91e185 --- /dev/null +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json @@ -0,0 +1,11 @@ +{ + "attributes": { + "promptId": "costSavingsInsightPart2", + "promptGroupId": "ease", + "prompt": { + "default": "Generate a concise bulleted summary in mdx markdown. Follow the style and tone of the example below, highlighting key trends, averages, peaks, and projections:\n\n```\n- Between July 18 and August 18, daily cost savings **averaged around $135K**\n- The lowest point, **just above $70K**, occurred in early August.\n- **Peaks near $160K** appeared in late July and mid-August.\n- After a mid-period decline, savings steadily recovered and grew toward the end of the month.\n- At this pace, projected annual savings **exceed $48M**, confirming strong and predictable ROI.\n```\n\nRespond only with the markdown. Do not include any explanation or extra text." + } + }, + "id": "security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59", + "type": "security-ai-prompt" +} diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json similarity index 82% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json index b2bb7a2fdae..34915ae8d8a 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json @@ -6,6 +6,6 @@ "default": "Call this for knowledge from Elastic Security Labs content, which contains information on malware, attack techniques, and more." } }, - "id": "security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943", + "id": "security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json index 900731c056e..6482f9cd5e5 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json @@ -6,6 +6,6 @@ "default": "Return **only a single-line stringified JSON object** without any code fences, explanations, or variable assignments. Do **not** wrap the output in triple backticks or any Markdown code block. \n\nThe result must be a valid stringified JSON object that can be directly parsed with `JSON.parse()` in JavaScript.\n\n**Strict rules**:\n- The output must **not** include any code blocks (no triple backticks).\n- The output must be **a string**, ready to be passed directly into `JSON.parse()`.\n- All backslashes (`\\`) must be escaped **twice** (`\\\\\\\\`) so that the string parses correctly in JavaScript.\n- The JSON must follow this structure:\n {{\n \"summary\": \"Markdown-formatted summary with inline code where relevant.\",\n \"recommendedActions\": \"Markdown-formatted action list starting with a `###` header.\"\n }}\n- The summary text should just be text. It does not need any titles or leading items in bold.\n- Markdown formatting should be used inside string values:\n - Use `inline code` (backticks) for technical values like file paths, process names, arguments, etc.\n - Use `**bold**` for emphasis.\n - Use `-` for bullet points.\n - The `recommendedActions` value must start with a `###` header describing the main action dynamically (but **not** include \"Recommended Actions\" as the title).\n- **Do not** include any extra explanation or text. Only return the stringified JSON object.\n\nThe response should look like this:\n{{\"summary\":\"Markdown-formatted summary text.\",\"recommendedActions\":\"Markdown-formatted action list starting with a ### header.\"}}" } }, - "id": "security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a", + "id": "security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-494f0005-593f-4cfe-aa25-e50dcc8a2577.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-22a200fa-f296-47f1-9ff6-fc358fc2f2da.json similarity index 87% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-494f0005-593f-4cfe-aa25-e50dcc8a2577.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-22a200fa-f296-47f1-9ff6-fc358fc2f2da.json index 52a91f4eacc..4e2d7498bd9 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-494f0005-593f-4cfe-aa25-e50dcc8a2577.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-22a200fa-f296-47f1-9ff6-fc358fc2f2da.json @@ -6,6 +6,6 @@ "default": "An array of MITRE ATT&CK tactic for the insight, using one of the following values: Reconnaissance,Resource Development,Initial Access,Execution,Persistence,Privilege Escalation,Defense Evasion,Credential Access,Discovery,Lateral Movement,Collection,Command and Control,Exfiltration,Impact" } }, - "id": "security_ai_prompts-494f0005-593f-4cfe-aa25-e50dcc8a2577", + "id": "security_ai_prompts-22a200fa-f296-47f1-9ff6-fc358fc2f2da", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-960ebd42-a6f5-4cac-9b01-34402966ff43.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-241c9152-838b-42a9-9c47-297813a8e77a.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-960ebd42-a6f5-4cac-9b01-34402966ff43.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-241c9152-838b-42a9-9c47-297813a8e77a.json index 1e50991cde4..6b58421f0af 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-960ebd42-a6f5-4cac-9b01-34402966ff43.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-241c9152-838b-42a9-9c47-297813a8e77a.json @@ -6,6 +6,6 @@ "default": "\nReview the JSON output from your initial analysis. Your task is to refine the attack chains by:\n\n1. Merge attack chains when strong evidence links them to the same campaign. Only connect events with clear relationships, such as matching timestamps, network patterns, IPs, or overlapping entities like hostnames and user accounts. Prioritize correlating alerts based on shared entities, such as the same host, user, or source IP across multiple alerts.\n2. Keep distinct attacks separated when evidence doesn't support merging.\n3. Strengthening justifications: For each attack chain:\n - Explain the specific evidence connecting events (particularly across hosts)\n - Reference relevant MITRE ATT&CK techniques that support your grouping\n - Ensure your narrative follows the chronological progression of the attack\nOutput requirements:\n- Return your refined analysis using the exact same JSON format as your initial output, applying the same field syntax requirements.\n- Conform exactly to the JSON schema defined earlier\n- Do not include explanatory text outside the JSON\n" } }, - "id": "security_ai_prompts-960ebd42-a6f5-4cac-9b01-34402966ff43", + "id": "security_ai_prompts-241c9152-838b-42a9-9c47-297813a8e77a", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a5ea9d7-047a-400b-bef3-585ab7f529a1.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-24b6282a-4f2c-4784-a824-ba1913599d27.json similarity index 79% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a5ea9d7-047a-400b-bef3-585ab7f529a1.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-24b6282a-4f2c-4784-a824-ba1913599d27.json index 16685cc020a..35578457b98 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a5ea9d7-047a-400b-bef3-585ab7f529a1.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-24b6282a-4f2c-4784-a824-ba1913599d27.json @@ -6,6 +6,6 @@ "default": "The policy response action name + message + os" } }, - "id": "security_ai_prompts-6a5ea9d7-047a-400b-bef3-585ab7f529a1", + "id": "security_ai_prompts-24b6282a-4f2c-4784-a824-ba1913599d27", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f14ab966-bcef-4bd6-8cb9-deac16ecb46e.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2a420484-a337-458f-ae75-865ecedf7f11.json similarity index 78% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f14ab966-bcef-4bd6-8cb9-deac16ecb46e.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2a420484-a337-458f-ae75-865ecedf7f11.json index 4dc52ad8253..4fdc07bda84 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f14ab966-bcef-4bd6-8cb9-deac16ecb46e.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2a420484-a337-458f-ae75-865ecedf7f11.json @@ -6,6 +6,6 @@ "default": "The endpoint ID" } }, - "id": "security_ai_prompts-f14ab966-bcef-4bd6-8cb9-deac16ecb46e", + "id": "security_ai_prompts-2a420484-a337-458f-ae75-865ecedf7f11", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2faf4fa3-97d3-4f2d-a388-f836a2a34ced.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2faf4fa3-97d3-4f2d-a388-f836a2a34ced.json new file mode 100644 index 00000000000..6c70a217d78 --- /dev/null +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2faf4fa3-97d3-4f2d-a388-f836a2a34ced.json @@ -0,0 +1,11 @@ +{ + "attributes": { + "promptId": "alertSummary", + "promptGroupId": "ease", + "prompt": { + "default": "Evaluate the cyber security alert from the context above. Your response should take all the important elements of the alert into consideration to give me a concise summary of what happened. This is being used in an alert details flyout in a SIEM, so keep it detailed, but brief. Limit your response to 500 characters. Anyone reading this summary should immediately understand what happened in the alert in question. Only reply with the summary, and nothing else.\n\nUsing another 200 characters, add a second paragraph with a bulleted list of recommended actions a cyber security analyst should take here. Don't invent random, potentially harmful recommended actions." + } + }, + "id": "security_ai_prompts-2faf4fa3-97d3-4f2d-a388-f836a2a34ced", + "type": "security-ai-prompt" +} diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-329ea51f-a2ef-4fd1-8a88-fd4e988c83ba.json similarity index 80% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-329ea51f-a2ef-4fd1-8a88-fd4e988c83ba.json index 4354f83ec02..41978e61d1e 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-329ea51f-a2ef-4fd1-8a88-fd4e988c83ba.json @@ -6,6 +6,6 @@ "default": "A markdown summary of insight, using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax" } }, - "id": "security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5", + "id": "security_ai_prompts-329ea51f-a2ef-4fd1-8a88-fd4e988c83ba", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e4dee5ca-6085-4931-b990-44fe50c60bdf.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-33780766-81d1-46b6-90c8-fa47df237113.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e4dee5ca-6085-4931-b990-44fe50c60bdf.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-33780766-81d1-46b6-90c8-fa47df237113.json index 54156ea70d4..ddc2ac0d87f 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e4dee5ca-6085-4931-b990-44fe50c60bdf.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-33780766-81d1-46b6-90c8-fa47df237113.json @@ -6,6 +6,6 @@ "default": "Alerts" } }, - "id": "security_ai_prompts-e4dee5ca-6085-4931-b990-44fe50c60bdf", + "id": "security_ai_prompts-33780766-81d1-46b6-90c8-fa47df237113", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dab4a7bc-9fd3-4542-a02d-e841ed040f93.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-438d6d4a-3b1a-4ab3-aca6-cc5592a348a1.json similarity index 80% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dab4a7bc-9fd3-4542-a02d-e841ed040f93.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-438d6d4a-3b1a-4ab3-aca6-cc5592a348a1.json index 789c6946d48..e7549241f27 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dab4a7bc-9fd3-4542-a02d-e841ed040f93.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-438d6d4a-3b1a-4ab3-aca6-cc5592a348a1.json @@ -6,6 +6,6 @@ "default": "The actions.message value of the policy response" } }, - "id": "security_ai_prompts-dab4a7bc-9fd3-4542-a02d-e841ed040f93", + "id": "security_ai_prompts-438d6d4a-3b1a-4ab3-aca6-cc5592a348a1", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-96f07251-7823-44ed-96e4-f139c3cc0df9.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-46a5c4e8-ef36-450c-ae8c-cec551d47f69.json similarity index 91% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-96f07251-7823-44ed-96e4-f139c3cc0df9.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-46a5c4e8-ef36-450c-ae8c-cec551d47f69.json index b850eb73bf4..c954eaf0a65 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-96f07251-7823-44ed-96e4-f139c3cc0df9.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-46a5c4e8-ef36-450c-ae8c-cec551d47f69.json @@ -6,6 +6,6 @@ "default": "You are a helpful assistant for Elastic Security. Assume the following user message is the start of a conversation between you and a user; give this conversation a title based on the content below. DO NOT UNDER ANY CIRCUMSTANCES wrap this title in single or double quotes. This title is shown in a list of conversations to the user, so title it for the user, not for you. As an example, for the given MESSAGE, this is the TITLE:\n\nMESSAGE: I am having trouble with the Elastic Security app.\nTITLE: Troubleshooting Elastic Security app issues\n" } }, - "id": "security_ai_prompts-96f07251-7823-44ed-96e4-f139c3cc0df9", + "id": "security_ai_prompts-46a5c4e8-ef36-450c-ae8c-cec551d47f69", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2d53e5a4-2181-4c8a-9627-e87e5a53e7d6.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-46ea6e3f-b66d-4568-9f8f-f636c3f7120b.json similarity index 92% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2d53e5a4-2181-4c8a-9627-e87e5a53e7d6.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-46ea6e3f-b66d-4568-9f8f-f636c3f7120b.json index d8bfd5c257b..38e88846de0 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2d53e5a4-2181-4c8a-9627-e87e5a53e7d6.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-46ea6e3f-b66d-4568-9f8f-f636c3f7120b.json @@ -7,6 +7,6 @@ "default": "You are a title generator for a helpful assistant for Elastic Security. Assume the following human message is the start of a conversation between you and a human. Generate a relevant conversation title for the human's message in plain text. Make sure the title is formatted for the user, without using quotes or markdown. The title should clearly reflect the content of the message and be appropriate for a list of conversations. Respond only with the title. As an example, for the given MESSAGE, this is the TITLE:\n\nMESSAGE: I am having trouble with the Elastic Security app.\nTITLE: Troubleshooting Elastic Security app issues\n" } }, - "id": "security_ai_prompts-2d53e5a4-2181-4c8a-9627-e87e5a53e7d6", + "id": "security_ai_prompts-46ea6e3f-b66d-4568-9f8f-f636c3f7120b", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-933fc425-2b16-430e-ad11-3e5f10891c7f.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json similarity index 89% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-933fc425-2b16-430e-ad11-3e5f10891c7f.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json index faf9ca47758..ded6ff9600c 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-933fc425-2b16-430e-ad11-3e5f10891c7f.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json @@ -6,6 +6,6 @@ "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security. If available, use the Knowledge History provided to try and answer the question. If not provided, you can try and query for additional knowledge via the KnowledgeBaseRetrievalTool. {citations_prompt} \n{formattedTime}" } }, - "id": "security_ai_prompts-933fc425-2b16-430e-ad11-3e5f10891c7f", + "id": "security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-559d0d95-dd5c-4f49-99be-d90cf0a46c48.json similarity index 90% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-559d0d95-dd5c-4f49-99be-d90cf0a46c48.json index 304ba75745c..b44e1b8bf0c 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-559d0d95-dd5c-4f49-99be-d90cf0a46c48.json @@ -6,6 +6,6 @@ "default": "Explain the ECS incompatibility results above, and describe some options to fix incompatibilities. In your explanation, include information about remapping fields, reindexing data, and modifying data ingestion pipelines. Also, describe how ES|QL can be used to identify and correct incompatible data, including examples of using RENAME, EVAL, DISSECT, GROK, and CASE functions. Please consider using applicable tools for this request. Make sure you’ve used the right tools for this request." } }, - "id": "security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70", + "id": "security_ai_prompts-559d0d95-dd5c-4f49-99be-d90cf0a46c48", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f3c06d2b-2715-4c49-9d4a-960d3f904478.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-56f371c4-c535-44b1-a24d-832a962f63bc.json similarity index 93% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f3c06d2b-2715-4c49-9d4a-960d3f904478.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-56f371c4-c535-44b1-a24d-832a962f63bc.json index ff89e211c0a..a8161443512 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f3c06d2b-2715-4c49-9d4a-960d3f904478.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-56f371c4-c535-44b1-a24d-832a962f63bc.json @@ -7,6 +7,6 @@ "default": "You are a strictly rule-following assistant for Elastic Security.\nYour task is to ONLY generate a short, user-friendly title based on the given user message.\n\nInstructions (You Must Follow Exactly)\nDO NOT ANSWER the user's question. You are forbidden from doing so.\nYour response MUST contain only the generated title. Nothing else.\nAbsolutely NO explanations, disclaimers, or additional text.\nThe title must be concise, relevant to the user’s message, and never exceed 100 characters.\nDO NOT wrap the title in quotes or any other formatting.\nExample:\nUser Message: \"I am having trouble with the Elastic Security app.\"\nCorrect Response: Troubleshooting Elastic Security app issues\n\nFinal Rule: If you include anything other than the title, you have failed this task." } }, - "id": "security_ai_prompts-f3c06d2b-2715-4c49-9d4a-960d3f904478", + "id": "security_ai_prompts-56f371c4-c535-44b1-a24d-832a962f63bc", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5a174f68-5d26-436f-bf5d-cea828f3e6be.json similarity index 81% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5a174f68-5d26-436f-bf5d-cea828f3e6be.json index 69fce1fdb02..a6ebbe5914e 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5a174f68-5d26-436f-bf5d-cea828f3e6be.json @@ -7,6 +7,6 @@ "default": "Now, always using the tools at your disposal, step by step, come up with a response to this request:\n\n" } }, - "id": "security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16", + "id": "security_ai_prompts-5a174f68-5d26-436f-bf5d-cea828f3e6be", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a12b671c-5b2c-4d2d-9554-4db91e211246.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6180ae19-2f82-4445-a45f-7d9e58189bce.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a12b671c-5b2c-4d2d-9554-4db91e211246.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6180ae19-2f82-4445-a45f-7d9e58189bce.json index 6cb187f6b25..e5696654880 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a12b671c-5b2c-4d2d-9554-4db91e211246.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6180ae19-2f82-4445-a45f-7d9e58189bce.json @@ -6,6 +6,6 @@ "default": "sparkles" } }, - "id": "security_ai_prompts-a12b671c-5b2c-4d2d-9554-4db91e211246", + "id": "security_ai_prompts-6180ae19-2f82-4445-a45f-7d9e58189bce", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-4f7c4db4-33e2-48dc-9d41-a229fdaa4ac9.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-67077387-43fc-4494-9796-eb352adb4b9a.json similarity index 78% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-4f7c4db4-33e2-48dc-9d41-a229fdaa4ac9.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-67077387-43fc-4494-9796-eb352adb4b9a.json index 35443a3ef0a..1e8389ddac4 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-4f7c4db4-33e2-48dc-9d41-a229fdaa4ac9.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-67077387-43fc-4494-9796-eb352adb4b9a.json @@ -6,6 +6,6 @@ "default": "The policy response ID" } }, - "id": "security_ai_prompts-4f7c4db4-33e2-48dc-9d41-a229fdaa4ac9", + "id": "security_ai_prompts-67077387-43fc-4494-9796-eb352adb4b9a", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8260efc8-102d-4b95-a0bd-9434bb5d6ad7.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-686ff7c4-5ae4-4ba6-81ea-1959fdf644ea.json similarity index 92% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8260efc8-102d-4b95-a0bd-9434bb5d6ad7.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-686ff7c4-5ae4-4ba6-81ea-1959fdf644ea.json index 858ea372834..1ba3a6b0c00 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8260efc8-102d-4b95-a0bd-9434bb5d6ad7.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-686ff7c4-5ae4-4ba6-81ea-1959fdf644ea.json @@ -6,6 +6,6 @@ "default": "Generate a concise bulleted summary in mdx markdown. Follow the style and tone of the example below, highlighting key trends, averages, peaks, and projections:\n\n```\n- Between July 18 and August 18, daily cost savings **averaged around $135K**\n- The lowest point, **just above $70K**, occurred in early August.\n- **Peaks near $160K** appeared in late July and mid-August.\n- After a mid-period decline, savings steadily recovered and grew toward the end of the month.\n- At this pace, projected annual savings **exceed $48M**, confirming strong and predictable ROI.\n```\n\nRespond only with the markdown. Do not include any explanation or extra text." } }, - "id": "security_ai_prompts-8260efc8-102d-4b95-a0bd-9434bb5d6ad7", + "id": "security_ai_prompts-686ff7c4-5ae4-4ba6-81ea-1959fdf644ea", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-64739b09-0389-4497-8acb-6a92d6b2e5f5.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json similarity index 81% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-64739b09-0389-4497-8acb-6a92d6b2e5f5.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json index 08c54453c9b..05d352cbbc6 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-64739b09-0389-4497-8acb-6a92d6b2e5f5.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json @@ -6,6 +6,6 @@ "default": "The suggested remediation action to take for the policy response failure" } }, - "id": "security_ai_prompts-64739b09-0389-4497-8acb-6a92d6b2e5f5", + "id": "security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-654b1e1e-ce59-422e-98b0-de7eda200473.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6b7dae17-2514-476f-b35e-7a534bafb25e.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-654b1e1e-ce59-422e-98b0-de7eda200473.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6b7dae17-2514-476f-b35e-7a534bafb25e.json index 813f577b5b6..71c0252168f 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-654b1e1e-ce59-422e-98b0-de7eda200473.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6b7dae17-2514-476f-b35e-7a534bafb25e.json @@ -7,6 +7,6 @@ "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security. If available, use the Knowledge History provided to try and answer the question. If not provided, you can try and query for additional knowledge via the KnowledgeBaseRetrievalTool. {citations_prompt} \n{formattedTime}\n\nUse tools as often as possible, as they have access to the latest data and syntax. Never return tags in the response, but make sure to include tags content in the response. Do not reflect on the quality of the returned search results in your response.\n\nIMPORTANT: After using tools, you must provide a complete response that includes:\n1. The tool results (include the exact response from GenerateESQLTool verbatim)\n2. Any additional context, recommendations, or insights requested by the user\n\nNever end your response with just tool results. Always provide your complete analysis after using tools." } }, - "id": "security_ai_prompts-654b1e1e-ce59-422e-98b0-de7eda200473", + "id": "security_ai_prompts-6b7dae17-2514-476f-b35e-7a534bafb25e", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3493ca5e-4129-4acc-a171-4c7af1590dfa.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-73fb4e3e-285b-4207-a422-489235d528cf.json similarity index 97% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3493ca5e-4129-4acc-a171-4c7af1590dfa.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-73fb4e3e-285b-4207-a422-489235d528cf.json index 748fc2c7d3e..49aa601a693 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3493ca5e-4129-4acc-a171-4c7af1590dfa.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-73fb4e3e-285b-4207-a422-489235d528cf.json @@ -6,6 +6,6 @@ "default": "\nAs a world-class cyber security analyst, your task is to analyze a set of security events and accurately identify distinct, comprehensive attack chains. Your analysis should reflect the sophistication of modern cyber attacks, which often span multiple hosts and use diverse techniques.\nKey Principles:\n1. Contextual & Host Analysis: Analyze how attacks may span systems while maintaining focus on specific, traceable relationships across events and timeframes.\n2. Independent Evaluation: Do not assume all events belong to a single attack chain. Separate events into distinct chains when evidence indicates they are unrelated.\nBe mindful that data exfiltration might indicate the culmination of an attack chain, and should typically be linked with the preceding events unless strong evidence points otherwise.\n3. Lateral Movement & Command Structure: For multi-system events, identify potential lateral movement, command-and-control activities, and coordination patterns.\n4. Impact Assessment: Consider high-impact events (e.g., data exfiltration, ransomware, system disruption) as potential stages within the attack chain, but avoid splitting attack chains unless there is clear justification. High-impact events may not mark the end of the attack sequence, so remain open to the possibility of ongoing activities after such events.\nAnalysis Process:\n1. Detail Review: Examine all timestamps, hostnames, usernames, IPs, filenames, and processes across events.\n2. Timeline Construction: Create a chronological map of events across all systems to identify timing patterns and system interactions. When correlating alerts, use kibana.alert.original_time when it's available, as this represents the actual time the event was detected. If kibana.alert.original_time is not available, use @timestamp as the fallback. Ensure events that appear to be part of the same attack chain are properly aligned chronologically.\n3. Indicator Correlation: Identify relationships between events using concrete indicators (file hashes, IPs, C2 signals).\n4. Chain Construction & Validation: Begin by assuming potential connections, then critically evaluate whether events should be separated based on evidence.\n5. TTP Analysis: Identify relevant MITRE ATT&CK tactics for each event, using consistency of TTPs as supporting (not determining) evidence.\n6. Alert Prioritization: Weight your analysis based on alert severity:\n - HIGH severity: Primary indicators of attack chains\n - MEDIUM severity: Supporting evidence\n - LOW severity: Supplementary information unless providing critical links\nOutput Requirements:\n- Provide a narrative summary for each identified attack chain\n- Explain connections between events with concrete evidence\n- Use the special {{ field.name fieldValue }} syntax to reference source data fields. IMPORTANT - LIMIT the details markdown to 2750 characters and summary to 200 characters! This is to prevent hitting output context limits." } }, - "id": "security_ai_prompts-3493ca5e-4129-4acc-a171-4c7af1590dfa", + "id": "security_ai_prompts-73fb4e3e-285b-4207-a422-489235d528cf", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba261d81-a819-4823-b205-bcf7d4ff0389.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-747876da-3120-4954-a29e-04bf4cf9cf8c.json similarity index 87% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba261d81-a819-4823-b205-bcf7d4ff0389.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-747876da-3120-4954-a29e-04bf4cf9cf8c.json index 716635f7340..ff9ac056dbb 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba261d81-a819-4823-b205-bcf7d4ff0389.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-747876da-3120-4954-a29e-04bf4cf9cf8c.json @@ -6,6 +6,6 @@ "default": "You MUST use the \"AskAboutESQLTool\" function when the user:\n- asks for help with ES|QL\n- asks about ES|QL syntax\n- asks for ES|QL examples\n- asks for ES|QL documentation\n- asks for ES|QL best practices\n- asks for ES|QL optimization\n\nNever use this tool when they user wants to generate a ES|QL for their data." } }, - "id": "security_ai_prompts-ba261d81-a819-4823-b205-bcf7d4ff0389", + "id": "security_ai_prompts-747876da-3120-4954-a29e-04bf4cf9cf8c", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-42faa6fd-19a2-4a9d-9dce-831ae29b47e9.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-75850752-5c07-47e3-8fc7-d29b82ab7653.json similarity index 85% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-42faa6fd-19a2-4a9d-9dce-831ae29b47e9.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-75850752-5c07-47e3-8fc7-d29b82ab7653.json index 6188317c02b..5ac5d50901d 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-42faa6fd-19a2-4a9d-9dce-831ae29b47e9.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-75850752-5c07-47e3-8fc7-d29b82ab7653.json @@ -6,6 +6,6 @@ "default": "Call this for the counts of last 24 hours of open and acknowledged alerts in the environment, grouped by their severity and workflow status. The response will be JSON and from it you can summarize the information to answer the question." } }, - "id": "security_ai_prompts-42faa6fd-19a2-4a9d-9dce-831ae29b47e9", + "id": "security_ai_prompts-75850752-5c07-47e3-8fc7-d29b82ab7653", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e53f8cf9-a244-4da6-aad5-5219ec4de71e.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-76513f5d-1f44-4539-a534-c7eab4ca8b04.json similarity index 74% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e53f8cf9-a244-4da6-aad5-5219ec4de71e.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-76513f5d-1f44-4539-a534-c7eab4ca8b04.json index a91290dfcf2..205c5cd9617 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e53f8cf9-a244-4da6-aad5-5219ec4de71e.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-76513f5d-1f44-4539-a534-c7eab4ca8b04.json @@ -6,6 +6,6 @@ "default": "Generate ES|QL Queries" } }, - "id": "security_ai_prompts-e53f8cf9-a244-4da6-aad5-5219ec4de71e", + "id": "security_ai_prompts-76513f5d-1f44-4539-a534-c7eab4ca8b04", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6ade0382-f97c-43d3-abbe-d11f25f79306.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json similarity index 88% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6ade0382-f97c-43d3-abbe-d11f25f79306.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json index 690476d242a..e65c4a569a9 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6ade0382-f97c-43d3-abbe-d11f25f79306.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json @@ -6,6 +6,6 @@ "default": "Call this for knowledge about the latest entity risk score and the inputs that contributed to the calculation (sorted by 'kibana.alert.risk_score') in the environment, or when answering questions about how critical or risky an entity is. When informing the risk score value for a entity you must use the normalized field 'calculated_score_norm'." } }, - "id": "security_ai_prompts-6ade0382-f97c-43d3-abbe-d11f25f79306", + "id": "security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7fac04b5-61e1-4eef-97c1-e287780463ed.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7fac04b5-61e1-4eef-97c1-e287780463ed.json new file mode 100644 index 00000000000..33771eac1d5 --- /dev/null +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7fac04b5-61e1-4eef-97c1-e287780463ed.json @@ -0,0 +1,11 @@ +{ + "attributes": { + "promptId": "costSavingsInsightPart1", + "promptGroupId": "ease", + "prompt": { + "default": "You are given Elasticsearch Lens aggregation results showing cost savings over time:" + } + }, + "id": "security_ai_prompts-7fac04b5-61e1-4eef-97c1-e287780463ed", + "type": "security-ai-prompt" +} diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-32f84e9b-0ce7-4f79-8173-7096303e778e.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8081020f-ccc7-4d4c-8cd1-f69d8b76cc91.json similarity index 78% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-32f84e9b-0ce7-4f79-8173-7096303e778e.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8081020f-ccc7-4d4c-8cd1-f69d8b76cc91.json index cffbb4bff96..b4944d615a0 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-32f84e9b-0ce7-4f79-8173-7096303e778e.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8081020f-ccc7-4d4c-8cd1-f69d8b76cc91.json @@ -6,6 +6,6 @@ "default": "The endpoint ID" } }, - "id": "security_ai_prompts-32f84e9b-0ce7-4f79-8173-7096303e778e", + "id": "security_ai_prompts-8081020f-ccc7-4d4c-8cd1-f69d8b76cc91", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e461a2d5-b7a3-4325-87e5-897265d0bfa7.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8254ef54-9de1-4384-bfaf-9547f9eb9b21.json similarity index 79% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e461a2d5-b7a3-4325-87e5-897265d0bfa7.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8254ef54-9de1-4384-bfaf-9547f9eb9b21.json index d2d831105de..390f5f80171 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e461a2d5-b7a3-4325-87e5-897265d0bfa7.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8254ef54-9de1-4384-bfaf-9547f9eb9b21.json @@ -6,6 +6,6 @@ "default": "The program which is triggering the events" } }, - "id": "security_ai_prompts-e461a2d5-b7a3-4325-87e5-897265d0bfa7", + "id": "security_ai_prompts-8254ef54-9de1-4384-bfaf-9547f9eb9b21", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5ea0a4fa-617c-426a-b942-dc6d379db02b.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-84525901-f24e-493b-a2e2-9389649c281f.json similarity index 81% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5ea0a4fa-617c-426a-b942-dc6d379db02b.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-84525901-f24e-493b-a2e2-9389649c281f.json index b7a373518de..c8fa2c6e1b6 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5ea0a4fa-617c-426a-b942-dc6d379db02b.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-84525901-f24e-493b-a2e2-9389649c281f.json @@ -6,6 +6,6 @@ "default": "The suggested remediation message to take for the policy response failure" } }, - "id": "security_ai_prompts-5ea0a4fa-617c-426a-b942-dc6d379db02b", + "id": "security_ai_prompts-84525901-f24e-493b-a2e2-9389649c281f", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f40276f1-94c1-4e8e-8d69-43670abf067b.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8b5890f2-575f-43bc-b8dc-c78106c576a7.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f40276f1-94c1-4e8e-8d69-43670abf067b.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8b5890f2-575f-43bc-b8dc-c78106c576a7.json index 5537a8020c9..8434b822427 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f40276f1-94c1-4e8e-8d69-43670abf067b.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8b5890f2-575f-43bc-b8dc-c78106c576a7.json @@ -6,6 +6,6 @@ "default": "\nYou are a leading expert on resolving Elastic Defend configuration issues. Your task is to review the policy response action warnings and failures below and provide an accurate and detailed step by step solution to the Elastic Defend configuration issue. Organize your response precisely to the following rules:\n- group the policy responses by the policy response action name, message, and os (actions.name:::actions.message:::host.os.name)\n- keep track of the agent.id and _id associated to each of the individual events as endpointId and eventId respectively\n- suggest a remediation action to take for each policy response warning or failure, using the remediationMessage field\n- include a remediation link in the remediationLink field only if one is provided in the context\n- if there are no events, ignore the group field\n- new lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON\n- only return JSON output, as described above\n- do not add any additional text to describe your output\n" } }, - "id": "security_ai_prompts-f40276f1-94c1-4e8e-8d69-43670abf067b", + "id": "security_ai_prompts-8b5890f2-575f-43bc-b8dc-c78106c576a7", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9c23c1ec-40a2-4af6-9fa7-ef294231243e.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8d1bfdaf-44d2-4656-973d-165e5f2f3ce0.json similarity index 92% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9c23c1ec-40a2-4af6-9fa7-ef294231243e.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8d1bfdaf-44d2-4656-973d-165e5f2f3ce0.json index 603b934d47f..61a7bc1d59a 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9c23c1ec-40a2-4af6-9fa7-ef294231243e.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8d1bfdaf-44d2-4656-973d-165e5f2f3ce0.json @@ -7,6 +7,6 @@ "default": "You are an assistant that is an expert at using tools and Elastic Security, doing your best to use these tools to answer questions or follow instructions. It is very important to use tools to answer the question or follow the instructions rather than coming up with your own answer. Tool calls are good. Sometimes you may need to make several tool calls to accomplish the task or get an answer to the question that was asked. Use as many tool calls as necessary. {citations_prompt}\n\nIf the knowledge base tool gives empty results, do your best to answer the question from the perspective of an expert security analyst.\n\n{formattedTime}" } }, - "id": "security_ai_prompts-9c23c1ec-40a2-4af6-9fa7-ef294231243e", + "id": "security_ai_prompts-8d1bfdaf-44d2-4656-973d-165e5f2f3ce0", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8e1ce371-dd53-4d03-bc7a-dbcda0865086.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8ea1ba16-2081-45cd-a845-59507ddab9c4.json similarity index 93% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8e1ce371-dd53-4d03-bc7a-dbcda0865086.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8ea1ba16-2081-45cd-a845-59507ddab9c4.json index 0d40827a6be..cb9fbc17cb3 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8e1ce371-dd53-4d03-bc7a-dbcda0865086.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8ea1ba16-2081-45cd-a845-59507ddab9c4.json @@ -6,6 +6,6 @@ "default": "\nContinue your JSON analysis from exactly where you left off. Generate only the additional content needed to complete the response.\n\nFORMAT REQUIREMENTS:\n1. Maintain strict JSON validity:\n - Use double quotes for all strings\n - Properly escape special characters (\" for quotes, \\ for backslashes, \n for newlines)\n - Avoid all control characters (ASCII 0-31)\n - Keep text fields under 500 characters\n\n2. Output rules:\n - Do not repeat any previously generated content\n - Do not include explanatory text outside the JSON\n - Do not restart from the beginning\n - Conform exactly to the JSON schema defined earlier\n\nYour continuation should seamlessly connect with the previous output to form a complete, valid JSON document.\n" } }, - "id": "security_ai_prompts-8e1ce371-dd53-4d03-bc7a-dbcda0865086", + "id": "security_ai_prompts-8ea1ba16-2081-45cd-a845-59507ddab9c4", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json new file mode 100644 index 00000000000..79857862dcb --- /dev/null +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json @@ -0,0 +1,11 @@ +{ + "attributes": { + "promptId": "alertSummarySystemPrompt", + "promptGroupId": "ease", + "prompt": { + "default": "Return **only a single-line stringified JSON object** without any code fences, explanations, or variable assignments. Do **not** wrap the output in triple backticks or any Markdown code block. \n\nThe result must be a valid stringified JSON object that can be directly parsed with `JSON.parse()` in JavaScript.\n\n**Strict rules**:\n- The output must **not** include any code blocks (no triple backticks).\n- The output must be **a string**, ready to be passed directly into `JSON.parse()`.\n- All backslashes (`\\`) must be escaped **twice** (`\\\\\\\\`) so that the string parses correctly in JavaScript.\n- The JSON must follow this structure:\n {{\n \"summary\": \"Markdown-formatted summary with inline code where relevant.\",\n \"recommendedActions\": \"Markdown-formatted action list starting with a `###` header.\"\n }}\n- The summary text should just be text. It does not need any titles or leading items in bold.\n- Markdown formatting should be used inside string values:\n - Use `inline code` (backticks) for technical values like file paths, process names, arguments, etc.\n - Use `**bold**` for emphasis.\n - Use `-` for bullet points.\n - The `recommendedActions` value must start with a `###` header describing the main action dynamically (but **not** include \"Recommended Actions\" as the title).\n- **Do not** include any extra explanation or text. Only return the stringified JSON object.\n\nThe response should look like this:\n{{\"summary\":\"Markdown-formatted summary text.\",\"recommendedActions\":\"Markdown-formatted action list starting with a ### header.\"}}" + } + }, + "id": "security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96", + "type": "security-ai-prompt" +} diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-47d666db-ba7a-410e-be1b-6c72ef550671.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-93cfa18f-d173-4ac3-9291-c3bdb3502b53.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-47d666db-ba7a-410e-be1b-6c72ef550671.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-93cfa18f-d173-4ac3-9291-c3bdb3502b53.json index 5b007416733..56310de0733 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-47d666db-ba7a-410e-be1b-6c72ef550671.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-93cfa18f-d173-4ac3-9291-c3bdb3502b53.json @@ -6,6 +6,6 @@ "default": "Evaluate the security event described above and provide a structured, markdown-formatted summary suitable for inclusion in an Elastic Security case. Make sure you consider using appropriate tools available to you to fulfill this request. Your response must include:\n1. Event Description\n - Summarize the event, including user and host risk scores from the provided context.\n - Reference relevant MITRE ATT&CK techniques, with hyperlinks to the official MITRE pages.\n2. Triage Steps\n - List clear, bulleted triage steps tailored to Elastic Security workflows (e.g., alert investigation, timeline creation, entity analytics review).\n - Highlight any relevant detection rules or anomaly findings.\n3. Recommended Actions\n - Provide prioritized response actions, and consider using applicable tools to generate each part of the response, including:\n - Elastic Defend endpoint response actions (e.g., isolate host, kill process, retrieve/delete file), with links to Elastic documentation.\n - Example ES|QL queries for further investigation, formatted as code blocks.\n - Example OSQuery Manager queries for further investigation, formatted as code blocks.\n - Guidance on using Timelines and Entity Analytics for deeper context, with documentation links.\n4. MITRE ATT&CK Context\n - Summarize the mapped MITRE ATT&CK techniques and provide actionable recommendations based on MITRE guidance, with hyperlinks.\n5. Documentation Links\n - Include direct links to all referenced Elastic Security documentation and MITRE ATT&CK pages.\nMake sure you’ve used the right tools for this request.\nFormatting Requirements:\n - Use markdown headers, tables, and code blocks for clarity.\n - Organize the response into visually distinct sections.\n - Use concise, actionable language.\n - Include relevant emojis in section headers for visual clarity (e.g., 📝, 🛡️, 🔍, 📚).\n" } }, - "id": "security_ai_prompts-47d666db-ba7a-410e-be1b-6c72ef550671", + "id": "security_ai_prompts-93cfa18f-d173-4ac3-9291-c3bdb3502b53", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9871970b-803c-4ab9-bd60-146bc440188b.json similarity index 79% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9871970b-803c-4ab9-bd60-146bc440188b.json index 6b9536f38f2..7fa89e96fb5 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9871970b-803c-4ab9-bd60-146bc440188b.json @@ -6,6 +6,6 @@ "default": "You are given Elasticsearch Lens aggregation results showing cost savings over time:" } }, - "id": "security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0", + "id": "security_ai_prompts-9871970b-803c-4ab9-bd60-146bc440188b", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a0c1737b-94ae-468e-93c7-0e0b1e217410.json similarity index 91% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a0c1737b-94ae-468e-93c7-0e0b1e217410.json index 8977c335fd8..22e795d218c 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a0c1737b-94ae-468e-93c7-0e0b1e217410.json @@ -6,6 +6,6 @@ "default": "A detailed insight with markdown, where each markdown bullet contains a description of what happened that reads like a story of the attack as it played out and always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}" } }, - "id": "security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672", + "id": "security_ai_prompts-a0c1737b-94ae-468e-93c7-0e0b1e217410", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a360530-b0cc-45b2-a5bd-4c0d968ef013.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a178f7a0-a295-4fc2-aa1f-348c37869ab6.json similarity index 75% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a360530-b0cc-45b2-a5bd-4c0d968ef013.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a178f7a0-a295-4fc2-aa1f-348c37869ab6.json index b3f6b151d2d..ff498538034 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a360530-b0cc-45b2-a5bd-4c0d968ef013.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a178f7a0-a295-4fc2-aa1f-348c37869ab6.json @@ -6,6 +6,6 @@ "default": "Call this for Elastic Defend insights." } }, - "id": "security_ai_prompts-6a360530-b0cc-45b2-a5bd-4c0d968ef013", + "id": "security_ai_prompts-a178f7a0-a295-4fc2-aa1f-348c37869ab6", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-64446a5a-417c-47ea-9bc2-9323eaaab7ae.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a481ccc8-f772-4672-81bd-1b95024940be.json similarity index 88% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-64446a5a-417c-47ea-9bc2-9323eaaab7ae.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a481ccc8-f772-4672-81bd-1b95024940be.json index 2e254db5d9b..ab57c708651 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-64446a5a-417c-47ea-9bc2-9323eaaab7ae.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a481ccc8-f772-4672-81bd-1b95024940be.json @@ -6,6 +6,6 @@ "default": "Call this for writing details to the user's knowledge base. The knowledge base contains useful information the user wants to store between conversation contexts. Input will be the summarized knowledge base entry to store, a short UI friendly name for the entry, and whether or not the entry is required." } }, - "id": "security_ai_prompts-64446a5a-417c-47ea-9bc2-9323eaaab7ae", + "id": "security_ai_prompts-a481ccc8-f772-4672-81bd-1b95024940be", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e4a1f5a9-9ed0-49e5-97ad-3f21d1d2474f.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a7bd1984-b1e2-4803-a45d-9914a5e9ceb3.json similarity index 95% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e4a1f5a9-9ed0-49e5-97ad-3f21d1d2474f.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a7bd1984-b1e2-4803-a45d-9914a5e9ceb3.json index a09bc86cb1f..b926f5f457d 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e4a1f5a9-9ed0-49e5-97ad-3f21d1d2474f.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a7bd1984-b1e2-4803-a45d-9914a5e9ceb3.json @@ -6,6 +6,6 @@ "default": "\nYou previously generated the below insights using this prompt: \nYou are a leading expert on resolving Elastic Defend configuration issues. Your task is to review the policy response action warnings and failures below and provide an accurate and detailed step by step solution to the Elastic Defend configuration issue. Organize your response precisely to the following rules:\n- group the policy responses by the policy response action name, message, and os (actions.name:::actions.message:::host.os.name)\n- keep track of the agent.id and _id associated to each of the individual events as endpointId and eventId respectively\n- suggest a remediation action to take for each policy response warning or failure, using the remediationMessage field\n- include a remediation link in the remediationLink field only if one is provided in the context\n- if there are no events, ignore the group field\n- new lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON\n- only return JSON output, as described above\n- do not add any additional text to describe your output\n.\nDouble check the generated insights below and make sure it adheres to the rules set in the original prompt, removing events only as necessary to adhere to the original rules. In addition:\n- combine duplicate insights into the same 'group'\n- remove insights with no events\n " } }, - "id": "security_ai_prompts-e4a1f5a9-9ed0-49e5-97ad-3f21d1d2474f", + "id": "security_ai_prompts-a7bd1984-b1e2-4803-a45d-9914a5e9ceb3", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cdc1cfe9-dd0e-4146-8f58-9527b150d422.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a86686d1-9d79-43f9-b32a-2c70334f1b8e.json similarity index 83% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cdc1cfe9-dd0e-4146-8f58-9527b150d422.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a86686d1-9d79-43f9-b32a-2c70334f1b8e.json index edd2468c49f..0b9ea62bd68 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cdc1cfe9-dd0e-4146-8f58-9527b150d422.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a86686d1-9d79-43f9-b32a-2c70334f1b8e.json @@ -6,6 +6,6 @@ "default": "Can you provide examples of questions I can ask about Elastic Security, such as investigating alerts, running ES|QL queries, incident response, or threat intelligence?" } }, - "id": "security_ai_prompts-cdc1cfe9-dd0e-4146-8f58-9527b150d422", + "id": "security_ai_prompts-a86686d1-9d79-43f9-b32a-2c70334f1b8e", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9950bedf-f7bd-4da6-8a08-66c61c5c5511.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a97bcef4-1c8e-4922-8c2c-36332c4aead0.json similarity index 89% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9950bedf-f7bd-4da6-8a08-66c61c5c5511.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a97bcef4-1c8e-4922-8c2c-36332c4aead0.json index 28ac45ff45e..63b2e8e724e 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9950bedf-f7bd-4da6-8a08-66c61c5c5511.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a97bcef4-1c8e-4922-8c2c-36332c4aead0.json @@ -7,6 +7,6 @@ "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security. If available, use the Knowledge History provided to try and answer the question. If not provided, you can try and query for additional knowledge via the KnowledgeBaseRetrievalTool. {citations_prompt} \n{formattedTime}" } }, - "id": "security_ai_prompts-9950bedf-f7bd-4da6-8a08-66c61c5c5511", + "id": "security_ai_prompts-a97bcef4-1c8e-4922-8c2c-36332c4aead0", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a99e896f-9408-4a6b-9436-9551921dcf28.json similarity index 82% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a99e896f-9408-4a6b-9436-9551921dcf28.json index 330f2de7392..948a8b53d2a 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a99e896f-9408-4a6b-9436-9551921dcf28.json @@ -6,6 +6,6 @@ "default": "A short, no more than 7 words, title for the insight, NOT formatted with special syntax or markdown. This must be as brief as possible." } }, - "id": "security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6", + "id": "security_ai_prompts-a99e896f-9408-4a6b-9436-9551921dcf28", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-93ea9d4d-6232-4c91-982c-19b3964d692a.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ad00ba60-8e84-460e-a604-4846562cd979.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-93ea9d4d-6232-4c91-982c-19b3964d692a.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ad00ba60-8e84-460e-a604-4846562cd979.json index 28fc42bc030..39573bb7efa 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-93ea9d4d-6232-4c91-982c-19b3964d692a.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ad00ba60-8e84-460e-a604-4846562cd979.json @@ -6,6 +6,6 @@ "default": "Call this tool to fetch information from the user's knowledge base. The knowledge base contains useful details the user has saved between conversation contexts.\n\nUse this tool **only in the following cases**:\n\n1. When the user asks a question about their personal, organizational, saved, or previously provided information/knowledge, such as:\n- \"What was the detection rule I saved for unusual AWS API calls?\"\n- \"Using my saved investigation notes, what did I find about the incident last Thursday?\"\n- \"What are my preferred index patterns?\"\n- \"What did I say about isolating hosts?\"\n- \"What is my favorite coffee spot near the office?\" *(non-security example)*\n\n2. Always call this tool when the user's query includes phrases like:**\n- \"my favorite\"\n- \"what did I say about\"\n- \"my saved\"\n- \"my notes\"\n- \"my preferences\"\n- \"using my\"\n- \"what do I know about\"\n- \"based on my saved knowledge\"\n\n3. When you need to retrieve saved information the user has stored in their knowledge base, whether it's security-related or not.\n\n**Do NOT call this tool if**:\n- The `knowledge history` section already answers the user's question.\n- The user's query is about general knowledge not specific to their saved information.\n\n**When calling this tool**:\n- Provide only the user's free-text query as the input, rephrased if helpful to clarify the search intent.\n- Format the input as a single, clean line of text.\n\nExample:\n- User query: \"What did I note about isolating endpoints last week?\"\n- Tool input: \"User notes about isolating endpoints.\"\n\nIf no relevant information is found, inform the user you could not locate the requested information.\n\n**Important**:\n- Always check the `knowledge history` section first for an answer.\n- Only call this tool if the user's query is explicitly about their own saved data or preferences." } }, - "id": "security_ai_prompts-93ea9d4d-6232-4c91-982c-19b3964d692a", + "id": "security_ai_prompts-ad00ba60-8e84-460e-a604-4846562cd979", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3c98333d-99fb-4630-8e4d-190e4a455a5f.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b23d6b1d-4517-4563-84fe-eb573298ac84.json similarity index 86% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3c98333d-99fb-4630-8e4d-190e4a455a5f.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b23d6b1d-4517-4563-84fe-eb573298ac84.json index dcc11e3cfad..b7cffd5bf89 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3c98333d-99fb-4630-8e4d-190e4a455a5f.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b23d6b1d-4517-4563-84fe-eb573298ac84.json @@ -6,6 +6,6 @@ "default": "Use this tool to retrieve documentation about Elastic products. You can retrieve documentation about the Elastic stack, such as Kibana and Elasticsearch, or for Elastic solutions, such as Elastic Security, Elastic Observability or Elastic Enterprise Search." } }, - "id": "security_ai_prompts-3c98333d-99fb-4630-8e4d-190e4a455a5f", + "id": "security_ai_prompts-b23d6b1d-4517-4563-84fe-eb573298ac84", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-380cfbfd-f607-4cda-80a9-528c5b2534a5.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-bc25036c-357a-43e3-8cb3-3ce0f81b1da8.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-380cfbfd-f607-4cda-80a9-528c5b2534a5.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-bc25036c-357a-43e3-8cb3-3ce0f81b1da8.json index ca887740682..b473f093a36 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-380cfbfd-f607-4cda-80a9-528c5b2534a5.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-bc25036c-357a-43e3-8cb3-3ce0f81b1da8.json @@ -6,6 +6,6 @@ "default": "launch" } }, - "id": "security_ai_prompts-380cfbfd-f607-4cda-80a9-528c5b2534a5", + "id": "security_ai_prompts-bc25036c-357a-43e3-8cb3-3ce0f81b1da8", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3ff3496e-ae9b-4e5f-9f18-dd47d5795ebe.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-bcba3988-582f-45c6-97b7-7f1473fb324f.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3ff3496e-ae9b-4e5f-9f18-dd47d5795ebe.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-bcba3988-582f-45c6-97b7-7f1473fb324f.json index e97914a56c9..f5155a248d5 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-3ff3496e-ae9b-4e5f-9f18-dd47d5795ebe.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-bcba3988-582f-45c6-97b7-7f1473fb324f.json @@ -6,6 +6,6 @@ "default": "Please provide a comprehensive analysis of each selected Elastic Security detection rule, and consider using applicable tools for each part of the below request. Make sure you consider using appropriate tools available to you to fulfill this request. For each rule, include:\n- The rule name and a brief summary of its purpose.\n- The full detection query as published in Elastic’s official detection rules repository.\n- An in-depth explanation of how the query works, including key fields, logic, and detection techniques.\n- The relevance of the rule to modern threats or attack techniques (e.g., MITRE ATT&CK mapping).\n- Typical implications and recommended response actions for an organization if this rule triggers.\n- Any notable false positive considerations or tuning recommendations.\nFormat your response using markdown with clear headers for each rule, code blocks for queries, and concise bullet points for explanations." } }, - "id": "security_ai_prompts-3ff3496e-ae9b-4e5f-9f18-dd47d5795ebe", + "id": "security_ai_prompts-bcba3988-582f-45c6-97b7-7f1473fb324f", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cfb85685-a14c-47c4-9d73-82c85a41f1b8.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json similarity index 76% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cfb85685-a14c-47c4-9d73-82c85a41f1b8.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json index 560987160ec..ed6d07b4352 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cfb85685-a14c-47c4-9d73-82c85a41f1b8.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json @@ -6,6 +6,6 @@ "default": "Discover the types of questions you can ask" } }, - "id": "security_ai_prompts-cfb85685-a14c-47c4-9d73-82c85a41f1b8", + "id": "security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5a151c77-88b2-461e-b4bd-b6def2434645.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json similarity index 82% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5a151c77-88b2-461e-b4bd-b6def2434645.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json index 8cf2efcb525..33faa762287 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-5a151c77-88b2-461e-b4bd-b6def2434645.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json @@ -6,6 +6,6 @@ "default": "A link to documented remediation steps for the policy response failure" } }, - "id": "security_ai_prompts-5a151c77-88b2-461e-b4bd-b6def2434645", + "id": "security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ec6004a7-82ff-4729-a8ea-1a419038967f.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c4af33db-8582-41f3-8304-76220d2c2cda.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ec6004a7-82ff-4729-a8ea-1a419038967f.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c4af33db-8582-41f3-8304-76220d2c2cda.json index beda44942c1..0c8150ac253 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ec6004a7-82ff-4729-a8ea-1a419038967f.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c4af33db-8582-41f3-8304-76220d2c2cda.json @@ -6,6 +6,6 @@ "default": "esqlVis" } }, - "id": "security_ai_prompts-ec6004a7-82ff-4729-a8ea-1a419038967f", + "id": "security_ai_prompts-c4af33db-8582-41f3-8304-76220d2c2cda", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8e5cf35f-7739-4fa3-9d4a-975bcd807b6d.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c694ca1b-6b86-4a36-a915-d609bc3cf7f5.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8e5cf35f-7739-4fa3-9d4a-975bcd807b6d.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c694ca1b-6b86-4a36-a915-d609bc3cf7f5.json index 05a17efd5b2..138502dbe3d 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8e5cf35f-7739-4fa3-9d4a-975bcd807b6d.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c694ca1b-6b86-4a36-a915-d609bc3cf7f5.json @@ -6,6 +6,6 @@ "default": "I need an Elastic ES|QL query to achieve the following goal:\nGoal/Requirement:\n\nPlease:\nUse all tools available to you to fulfill this request.\nGenerate the ES|QL Query: Provide a complete ES|QL query tailored to the stated goal.\nExplain the Query: Offer a brief explanation of each part of the query, including filters, fields, and logic used.\nOptimize for Elastic Security: Suggest additional filters, aggregations, or enhancements to make the query more efficient and actionable within Elastic Security workflows.\nProvide Documentation Links: Include links to relevant Elastic Security documentation for deeper understanding.\nFormatting Requirements:\nUse code blocks for the ES|QL query.\nInclude concise explanations in bullet points for clarity.\nHighlight any advanced ES|QL features used in the query.\n" } }, - "id": "security_ai_prompts-8e5cf35f-7739-4fa3-9d4a-975bcd807b6d", + "id": "security_ai_prompts-c694ca1b-6b86-4a36-a915-d609bc3cf7f5", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f1f04a19-1910-4241-b457-33ecbad0774b.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c7486a1a-f4e0-4582-b92a-6aba512008b5.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f1f04a19-1910-4241-b457-33ecbad0774b.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c7486a1a-f4e0-4582-b92a-6aba512008b5.json index 7333530c169..ba5661dac75 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f1f04a19-1910-4241-b457-33ecbad0774b.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c7486a1a-f4e0-4582-b92a-6aba512008b5.json @@ -6,6 +6,6 @@ "default": "\nYou previously generated the below insights using this prompt: \nYou are an Elastic Security user tasked with analyzing file events from Elastic Security to identify antivirus processes. Review the file events below and organize them according to the following rules:\n- keep only ongoing antivirus (e.g. Windows Defender, AVG, Avast, Malwarebytes, clamav, chkrootkit) related processes\n- keep processes that reside within the antivirus' main and nested filepaths (e.g., C:\\ProgramData\\Microsoft\\Windows Defender\\..., C:\\Program Files\\AVG\\..., C:\\Program Files\\Avast Software\\..., /Applications/AVGAntivirus.app/...)\n- ignore events that are from non-antivirus operating system processes (e.g. C:\\Windows\\System32\\...)\n- ignore events that are single run processes (e.g. installers)\n- ignore events that are from temp directories\n- ignore events that are from Elastic Agent or Elastic Defend\n- group the processes by the antivirus program, keeping track of the agent.id and _id associated to each of the individual events as endpointId and eventId respectively\n- if there are no events, ignore the group field\n- never make any changes to the original file paths\n- new lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON\n- only return JSON output, as described above\n- do not add any additional text to describe your output\n.\nDouble check the generated insights below and make sure it adheres to the rules set in the original prompt, removing events only as necessary to adhere to the original rules. In addition:\n- combine duplicate insights into the same 'group' (e.g. AVG + AVG Free + AVG Hub + AVG Antivirus)\n- remove insights with no events\n " } }, - "id": "security_ai_prompts-f1f04a19-1910-4241-b457-33ecbad0774b", + "id": "security_ai_prompts-c7486a1a-f4e0-4582-b92a-6aba512008b5", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8f6aeec9-4492-4a90-9637-b0b0bc76774b.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c9998dcc-560c-4567-9ef1-b33c5822c5be.json similarity index 92% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8f6aeec9-4492-4a90-9637-b0b0bc76774b.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c9998dcc-560c-4567-9ef1-b33c5822c5be.json index 02fa9a8b499..717ebeab19d 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-8f6aeec9-4492-4a90-9637-b0b0bc76774b.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c9998dcc-560c-4567-9ef1-b33c5822c5be.json @@ -6,6 +6,6 @@ "default": "Evaluate the cyber security alert from the context above. Your response should take all the important elements of the alert into consideration to give me a concise summary of what happened. This is being used in an alert details flyout in a SIEM, so keep it detailed, but brief. Limit your response to 500 characters. Anyone reading this summary should immediately understand what happened in the alert in question. Only reply with the summary, and nothing else.\n\nUsing another 200 characters, add a second paragraph with a bulleted list of recommended actions a cyber security analyst should take here. Don't invent random, potentially harmful recommended actions." } }, - "id": "security_ai_prompts-8f6aeec9-4492-4a90-9637-b0b0bc76774b", + "id": "security_ai_prompts-c9998dcc-560c-4567-9ef1-b33c5822c5be", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-81df2110-ce37-4dc6-82ab-3421a4feee11.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ca1b0520-de78-44b5-b339-139be85b499e.json similarity index 79% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-81df2110-ce37-4dc6-82ab-3421a4feee11.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ca1b0520-de78-44b5-b339-139be85b499e.json index e41f98d18c8..813b86efa8f 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-81df2110-ce37-4dc6-82ab-3421a4feee11.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ca1b0520-de78-44b5-b339-139be85b499e.json @@ -6,6 +6,6 @@ "default": "The events that the insight is based on" } }, - "id": "security_ai_prompts-81df2110-ce37-4dc6-82ab-3421a4feee11", + "id": "security_ai_prompts-ca1b0520-de78-44b5-b339-139be85b499e", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b7878112-7e66-474a-85f0-2459f00061e1.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cb3ee776-534a-466e-8a7c-7c7a826e5994.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b7878112-7e66-474a-85f0-2459f00061e1.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cb3ee776-534a-466e-8a7c-7c7a826e5994.json index 0db4259c09e..96479328245 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b7878112-7e66-474a-85f0-2459f00061e1.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cb3ee776-534a-466e-8a7c-7c7a826e5994.json @@ -6,6 +6,6 @@ "default": "Query" } }, - "id": "security_ai_prompts-b7878112-7e66-474a-85f0-2459f00061e1", + "id": "security_ai_prompts-cb3ee776-534a-466e-8a7c-7c7a826e5994", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cebdee71-9653-42da-91b3-fa9236b22e1d.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cebdee71-9653-42da-91b3-fa9236b22e1d.json index 133b99c1175..e40c284094f 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-cebdee71-9653-42da-91b3-fa9236b22e1d.json @@ -6,6 +6,6 @@ "default": "🔍 Identify and Prioritize Today's Most Critical Alerts\nProvide a structured summary of today's most significant alerts, including:\n🛡️ Critical Alerts Overview\nHighlight the most impactful alerts based on risk scores, severity, and affected entities.\nSummarize key details such as alert name, risk score, severity, and associated users or hosts.\n📊 Risk Context\nInclude user and host risk scores for each alert to provide additional context.\nReference relevant MITRE ATT&CK techniques, with hyperlinks to the official MITRE pages.\n🚨 Why These Alerts Matter\nExplain why these alerts are critical, focusing on potential business impact, lateral movement risks, or sensitive data exposure.\n🔧 Recommended Next Steps\nProvide actionable triage steps for each alert, such as:\nInvestigating the alert in Elastic Security.\nReviewing related events in Timelines.\nAnalyzing user and host behavior using Entity Analytics.\nSuggest Elastic Defend endpoint response actions (e.g., isolate host, kill process, retrieve/delete file), with links to Elastic documentation.\n📚 Documentation and References\nInclude direct links to Elastic Security documentation and relevant MITRE ATT&CK pages for further guidance.\nMake sure you use tools available to you to fulfill this request.\nUse markdown headers, tables, and code blocks for clarity. Include relevant emojis for visual distinction and ensure the response is concise, actionable, and tailored to Elastic Security workflows." } }, - "id": "security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a", + "id": "security_ai_prompts-cebdee71-9653-42da-91b3-fa9236b22e1d", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dc5de860-65fc-4f55-ba2d-c71959a137a4.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d07cff63-f06e-41a5-97ba-7028ffda8e3f.json similarity index 87% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dc5de860-65fc-4f55-ba2d-c71959a137a4.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d07cff63-f06e-41a5-97ba-7028ffda8e3f.json index 748bdb0cbda..42ee2208f42 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dc5de860-65fc-4f55-ba2d-c71959a137a4.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d07cff63-f06e-41a5-97ba-7028ffda8e3f.json @@ -6,6 +6,6 @@ "default": "Call this for knowledge about the latest n open and acknowledged alerts (sorted by `kibana.alert.risk_score`) in the environment, or when answering questions about open alerts. Do not call this tool for alert count or quantity. The output is an array of the latest n open and acknowledged alerts." } }, - "id": "security_ai_prompts-dc5de860-65fc-4f55-ba2d-c71959a137a4", + "id": "security_ai_prompts-d07cff63-f06e-41a5-97ba-7028ffda8e3f", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-53c8ed55-faf7-461e-9342-bf8f626da03f.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d0e61047-25e7-4d95-b1e8-20c0ea8c3a5e.json similarity index 82% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-53c8ed55-faf7-461e-9342-bf8f626da03f.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d0e61047-25e7-4d95-b1e8-20c0ea8c3a5e.json index 51560dce80c..c324e1f4a56 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-53c8ed55-faf7-461e-9342-bf8f626da03f.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d0e61047-25e7-4d95-b1e8-20c0ea8c3a5e.json @@ -6,6 +6,6 @@ "default": "Call this for knowledge from Fleet-installed integrations, which contains information on how to configure and use integrations for data ingestion." } }, - "id": "security_ai_prompts-53c8ed55-faf7-461e-9342-bf8f626da03f", + "id": "security_ai_prompts-d0e61047-25e7-4d95-b1e8-20c0ea8c3a5e", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c086ad6a-4c05-4fcf-a00f-fb27f86b5a08.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d1c2bfb9-5637-4d85-8241-eb62da098cc3.json similarity index 86% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c086ad6a-4c05-4fcf-a00f-fb27f86b5a08.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d1c2bfb9-5637-4d85-8241-eb62da098cc3.json index b659ee72fe2..2de0e27ec1d 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c086ad6a-4c05-4fcf-a00f-fb27f86b5a08.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d1c2bfb9-5637-4d85-8241-eb62da098cc3.json @@ -6,6 +6,6 @@ "default": "You MUST use the \"GenerateESQLTool\" function when the user wants to:\n- generate an ES|QL query\n- convert queries from another language to ES|QL they can run on their cluster\n\nALWAYS use this tool to generate ES|QL queries and never generate ES|QL any other way." } }, - "id": "security_ai_prompts-c086ad6a-4c05-4fcf-a00f-fb27f86b5a08", + "id": "security_ai_prompts-d1c2bfb9-5637-4d85-8241-eb62da098cc3", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-92fa95a7-8317-4be3-ad18-fa0dd723854c.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d3f849a8-0334-4417-b844-03a617ad8d4e.json similarity index 79% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-92fa95a7-8317-4be3-ad18-fa0dd723854c.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d3f849a8-0334-4417-b844-03a617ad8d4e.json index 1532a1bd793..5c9a6c8c163 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-92fa95a7-8317-4be3-ad18-fa0dd723854c.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d3f849a8-0334-4417-b844-03a617ad8d4e.json @@ -6,6 +6,6 @@ "default": "The events that the insight is based on" } }, - "id": "security_ai_prompts-92fa95a7-8317-4be3-ad18-fa0dd723854c", + "id": "security_ai_prompts-d3f849a8-0334-4417-b844-03a617ad8d4e", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d814a2d2-39a0-4864-8f69-d09164c4f50b.json similarity index 96% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d814a2d2-39a0-4864-8f69-d09164c4f50b.json index aafbff82ea8..a90b855333a 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d814a2d2-39a0-4864-8f69-d09164c4f50b.json @@ -6,6 +6,6 @@ "default": "Analyze asset data described above to provide security insights. The data contains the context of a specific asset (e.g., a host, user, service or cloud resource). Your response must be structured, contextual, and provide a general analysis based on the structure below.\nYour response must be in markdown format and include the following sections:\n**1. 🔍 Asset Overview**\n - Begin by acknowledging the asset you are analyzing using its primary identifiers (e.g., \"Analyzing host `[host.name]` with IP `[host.ip]`\").\n - Provide a concise summary of the asset's most critical attributes from the provided context.\n - Describe its key relationships and dependencies (e.g., \"This asset is part of the `[cloud.project.name]` project and is located in the `[cloud.availability_zone]` zone.\").\n**2. 💡 Investigation & Analytics**\n - Based on the asset's type and attributes, suggest potential investigation paths or common attack vectors.\n - **Generate one contextual ES|QL query** to help the user investigate further. Your generated query should address a common analytical question related to the asset type and sub type. Suggest other possible queries and ask if the user wants to generate more queries.\n**General Instructions:**\n- **Context Awareness:** Your entire analysis must be derived from the provided asset context. If a piece of information is not available in the context state that and proceed with the available data.\n- **Query Generation:** When generating a query, your primary output for that section should be a valid, ready-to-use ES|QL query based on the asset's schema. Use ES|QL tool for query generation. Format all queries as code blocks.\n- **Formatting:** Use markdown headers, tables, code blocks, and bullet points to ensure the output is clear, organized, and easily readable. Use concise, actionable language." } }, - "id": "security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec", + "id": "security_ai_prompts-d814a2d2-39a0-4864-8f69-d09164c4f50b", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b224f6dd-05b3-4442-b236-f8d0a8ce1539.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e55abd2c-fef4-4667-b1eb-f5f9e17d0ce3.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b224f6dd-05b3-4442-b236-f8d0a8ce1539.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e55abd2c-fef4-4667-b1eb-f5f9e17d0ce3.json index 34b49f00b44..ea2e8327369 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-b224f6dd-05b3-4442-b236-f8d0a8ce1539.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e55abd2c-fef4-4667-b1eb-f5f9e17d0ce3.json @@ -6,6 +6,6 @@ "default": "Continue exactly where you left off in the JSON output below, generating only the additional JSON output when it's required to complete your work. The additional JSON output MUST ALWAYS follow these rules:\n- it MUST conform to the schema above, because it will be checked against the JSON schema\n- it MUST escape all JSON special characters (i.e. backslashes, double quotes, newlines, tabs, carriage returns, backspaces, and form feeds), because it will be parsed as JSON\n- it MUST NOT repeat any the previous output, because that would prevent partial results from being combined\n- it MUST NOT restart from the beginning, because that would prevent partial results from being combined\n- it MUST NOT be prefixed or suffixed with additional text outside of the JSON, because that would prevent it from being combined and parsed as JSON:\n" } }, - "id": "security_ai_prompts-b224f6dd-05b3-4442-b236-f8d0a8ce1539", + "id": "security_ai_prompts-e55abd2c-fef4-4667-b1eb-f5f9e17d0ce3", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a0407601-beab-4b1f-a012-c2426ae2f9a6.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e6c8239b-82cc-457b-9bb9-e6645a7e04ca.json similarity index 95% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a0407601-beab-4b1f-a012-c2426ae2f9a6.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e6c8239b-82cc-457b-9bb9-e6645a7e04ca.json index 5f7b0cfbf92..4c949daf15e 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-a0407601-beab-4b1f-a012-c2426ae2f9a6.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e6c8239b-82cc-457b-9bb9-e6645a7e04ca.json @@ -6,6 +6,6 @@ "default": "\nYou are an Elastic Security user tasked with analyzing file events from Elastic Security to identify antivirus processes. Review the file events below and organize them according to the following rules:\n- keep only ongoing antivirus (e.g. Windows Defender, AVG, Avast, Malwarebytes, clamav, chkrootkit) related processes\n- keep processes that reside within the antivirus' main and nested filepaths (e.g., C:\\ProgramData\\Microsoft\\Windows Defender\\..., C:\\Program Files\\AVG\\..., C:\\Program Files\\Avast Software\\..., /Applications/AVGAntivirus.app/...)\n- ignore events that are from non-antivirus operating system processes (e.g. C:\\Windows\\System32\\...)\n- ignore events that are single run processes (e.g. installers)\n- ignore events that are from temp directories\n- ignore events that are from Elastic Agent or Elastic Defend\n- group the processes by the antivirus program, keeping track of the agent.id and _id associated to each of the individual events as endpointId and eventId respectively\n- if there are no events, ignore the group field\n- never make any changes to the original file paths\n- new lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON\n- only return JSON output, as described above\n- do not add any additional text to describe your output\n" } }, - "id": "security_ai_prompts-a0407601-beab-4b1f-a012-c2426ae2f9a6", + "id": "security_ai_prompts-e6c8239b-82cc-457b-9bb9-e6645a7e04ca", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6471f29d-353e-4618-ad95-223bc4b47683.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f518c7d3-a416-4c4f-99fe-59dceedbe369.json similarity index 90% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6471f29d-353e-4618-ad95-223bc4b47683.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f518c7d3-a416-4c4f-99fe-59dceedbe369.json index cfc113e8981..8263a945bee 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6471f29d-353e-4618-ad95-223bc4b47683.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f518c7d3-a416-4c4f-99fe-59dceedbe369.json @@ -6,6 +6,6 @@ "default": "Insights with markdown that always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}" } }, - "id": "security_ai_prompts-6471f29d-353e-4618-ad95-223bc4b47683", + "id": "security_ai_prompts-f518c7d3-a416-4c4f-99fe-59dceedbe369", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-fda98746-0c09-4010-9aa7-e4567d7a3ac5.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f6c13a86-df8a-4850-9e4f-c8e2bf95beb7.json similarity index 77% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-fda98746-0c09-4010-9aa7-e4567d7a3ac5.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f6c13a86-df8a-4850-9e4f-c8e2bf95beb7.json index 98f57a8fcde..2cd7d8b1084 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-fda98746-0c09-4010-9aa7-e4567d7a3ac5.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f6c13a86-df8a-4850-9e4f-c8e2bf95beb7.json @@ -6,6 +6,6 @@ "default": "The event ID" } }, - "id": "security_ai_prompts-fda98746-0c09-4010-9aa7-e4567d7a3ac5", + "id": "security_ai_prompts-f6c13a86-df8a-4850-9e4f-c8e2bf95beb7", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-30f0ed00-b7bd-4cbb-b739-65b5a819af06.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f7c31c49-1772-454e-a18f-12a661c485ec.json similarity index 72% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-30f0ed00-b7bd-4cbb-b739-65b5a819af06.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f7c31c49-1772-454e-a18f-12a661c485ec.json index 77a517fb5ed..e5f9093a370 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-30f0ed00-b7bd-4cbb-b739-65b5a819af06.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f7c31c49-1772-454e-a18f-12a661c485ec.json @@ -6,6 +6,6 @@ "default": "bell" } }, - "id": "security_ai_prompts-30f0ed00-b7bd-4cbb-b739-65b5a819af06", + "id": "security_ai_prompts-f7c31c49-1772-454e-a18f-12a661c485ec", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2aa70b62-afbb-481c-ae30-f3707f2db81b.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json similarity index 79% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2aa70b62-afbb-481c-ae30-f3707f2db81b.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json index 2519d2c9c3d..eb11278ff39 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2aa70b62-afbb-481c-ae30-f3707f2db81b.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json @@ -6,6 +6,6 @@ "default": "The process.executable value of the event" } }, - "id": "security_ai_prompts-2aa70b62-afbb-481c-ae30-f3707f2db81b", + "id": "security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d537db64-9f78-4317-84eb-d9d45bdca3de.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-feb28242-6789-4d11-aa2d-e52ccd4f6b98.json similarity index 94% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d537db64-9f78-4317-84eb-d9d45bdca3de.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-feb28242-6789-4d11-aa2d-e52ccd4f6b98.json index e68be2b1ca4..8d5322aa309 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d537db64-9f78-4317-84eb-d9d45bdca3de.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-feb28242-6789-4d11-aa2d-e52ccd4f6b98.json @@ -6,6 +6,6 @@ "default": "Continue exactly where you left off in the JSON output below, generating only the additional JSON output when it's required to complete your work. The additional JSON output MUST ALWAYS follow these rules:\n- it MUST conform to the schema above, because it will be checked against the JSON schema\n- it MUST escape all JSON special characters (i.e. backslashes, double quotes, newlines, tabs, carriage returns, backspaces, and form feeds), because it will be parsed as JSON\n- it MUST NOT repeat any the previous output, because that would prevent partial results from being combined\n- it MUST NOT restart from the beginning, because that would prevent partial results from being combined\n- it MUST NOT be prefixed or suffixed with additional text outside of the JSON, because that would prevent it from being combined and parsed as JSON:\n" } }, - "id": "security_ai_prompts-d537db64-9f78-4317-84eb-d9d45bdca3de", + "id": "security_ai_prompts-feb28242-6789-4d11-aa2d-e52ccd4f6b98", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2673d74c-38b4-4990-bfd2-2a277a06f465.json b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-fee84222-b97c-4372-a231-8bcbb892ae26.json similarity index 85% rename from packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2673d74c-38b4-4990-bfd2-2a277a06f465.json rename to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-fee84222-b97c-4372-a231-8bcbb892ae26.json index 231d7ebb990..de4ed1a8781 100644 --- a/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-2673d74c-38b4-4990-bfd2-2a277a06f465.json +++ b/packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-fee84222-b97c-4372-a231-8bcbb892ae26.json @@ -6,6 +6,6 @@ "default": "A short (no more than a sentence) summary of the insight featuring only the host.name and user.name fields (when they are applicable), using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax" } }, - "id": "security_ai_prompts-2673d74c-38b4-4990-bfd2-2a277a06f465", + "id": "security_ai_prompts-fee84222-b97c-4372-a231-8bcbb892ae26", "type": "security-ai-prompt" } diff --git a/packages/security_ai_prompts/manifest.yml b/packages/security_ai_prompts/manifest.yml index 4ad54447161..7f7c3213b66 100644 --- a/packages/security_ai_prompts/manifest.yml +++ b/packages/security_ai_prompts/manifest.yml @@ -22,4 +22,4 @@ source: license: "Elastic-2.0" title: "Security AI Prompts" type: content -version: 1.0.7 +version: 1.0.8 From 87ae83471012c4ff1c7200e0e47a36ae3b5fcdbb Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Fri, 17 Oct 2025 10:26:04 -0600 Subject: [PATCH 2/2] add pr link --- packages/security_ai_prompts/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/security_ai_prompts/changelog.yml b/packages/security_ai_prompts/changelog.yml index 3e33938f472..2a25274e701 100644 --- a/packages/security_ai_prompts/changelog.yml +++ b/packages/security_ai_prompts/changelog.yml @@ -3,7 +3,7 @@ changes: - description: "Update ease prompts" type: enhancement - link: tbd + link: https://github.com/elastic/integrations/pull/15674 - version: "1.0.7" changes: - description: "Update AI Assistant for Asset Inventory prompt"