You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/serverless/AI-for-security/ai-assistant.asciidoc
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -114,7 +114,7 @@ It has the following tabs:
114
114
* **System Prompts:** Edit existing System Prompts or create new ones. To create a new System Prompt, type a unique name in the *Name* field, then press *enter*. Under *Prompt*, enter or update the System Prompt's text. Under *Contexts*, select where the System Prompt should appear.
115
115
* **Quick Prompts:** Modify existing Quick Prompts or create new ones. To create a new Quick Prompt, type a unique name in the *Name* field, then press *enter*. Under *Prompt*, enter or update the Quick Prompt's text.
116
116
* **Anonymization:** Select fields to include as plaintext, to obfuscate, and to not send when you provide events to AI Assistant as context. <<ai-assistant-anonymization, Learn more>>.
117
-
* **Knowledge base:** Provide additional context to AI Assistant. <<ai-assistant-knowledge-base, Learn more>>.
117
+
* **Knowledge Base:** Provide additional context to AI Assistant. <<ai-assistant-knowledge-base, Learn more>>.
118
118
119
119
[discrete]
120
120
[[ai-assistant-anonymization]]
@@ -142,7 +142,7 @@ When you include a particular event as context, such as an alert from the Alerts
142
142
=== Knowlege base
143
143
144
144
beta::[]
145
-
The **Knowledge base** tab of the **Security AI settings** page allows you to enable AI Assistant to remember specified information, and use it as context to improve response quality. To learn more, refer to <<ai-assistant-knowledge-base>>.
145
+
The **Knowledge Base** tab of the **Security AI settings** page allows you to enable AI Assistant to remember specified information, and use it as context to improve response quality. To learn more, refer to <<ai-assistant-knowledge-base>>.
Copy file name to clipboardExpand all lines: docs/serverless/AI-for-security/knowledge-base.asciidoc
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,9 +18,9 @@ NOTE: When you upgrade from {elastic-sec} version 8.15 to a newer version, infor
18
18
[[knowledge-base-rbac]]
19
19
== Role-based access control (RBAC) for Knowledge Base
20
20
21
-
The `Elastic AI Assistant: All` role privilege allows you to use AI Assistant and access its settings. It has two sub-privileges, `Field Selection and Anonymization`, which allows you to customize which alert fields are sent to AI Assistant and Attack Discovery, and `Knowledge Base`, which allows you to edit and create new Knowledge Base entries.
21
+
The `Elastic AI Assistant: All` role privilege allows you to use AI Assistant and access its settings. It has two sub-privileges, `Field Selection and Anonymization`, which allows you to customize which alert fields are sent to AI Assistant and Attack Discovery, and Knowledge Base, which allows you to edit and create new Knowledge Base entries.
@@ -37,7 +37,7 @@ Open a conversation with AI Assistant, select a large language model, then click
37
37
38
38
image::images/knowledge-base-assistant-setup-button.png[An AI Assistant conversation showing the Setup Knowledge Base button]
39
39
40
-
Knowledge base setup may take several minutes. It will continue in the background if you close the conversation. After setup is complete, you can access Knowledge Base settings from AI Assistant's conversation settings menu (access the conversation settings menu by clicking the three dots button next to the model selection dropdown).
40
+
Knowledge Base setup may take several minutes. It will continue in the background if you close the conversation. After setup is complete, you can access Knowledge Base settings from AI Assistant's conversation settings menu (access the conversation settings menu by clicking the three dots button next to the model selection dropdown).
41
41
42
42
image::images/knowledge-base-assistant-menu-dropdown.png[AI Assistant's dropdown menu with the Knowledge Base option highlighted]
When Knowledge Base is enabled, AI Assistant receives `open` or `acknowledged` alerts from your environment from the last 24 hours. It uses these as context for each of your prompts. This enables it to answer questions about multiple alerts in your environment rather than just about individual alerts you choose to send it. It receives alerts ordered by risk score, then by the most recently generated. Building block alerts are excluded.
56
56
57
57
To enable Knowledge Base for alerts:
58
58
59
-
. Ensure that knowledge base is <<enable-knowledge-base, enabled>>.
60
-
. Use the slider on the Security AI settings' Knowledge Base tab to select the number of alerts to send to AI Assistant. Click **Save**.
59
+
. Ensure that Knowledge Base is <<enable-knowledge-base, enabled>>.
60
+
. Use the slider on the Security AI settings' **Knowledge Base** tab to select the number of alerts to send to AI Assistant. Click **Save**.
61
61
62
62
NOTE: Including a large number of alerts may cause your request to exceed the maximum token length of your third-party generative AI provider. If this happens, try selecting a lower number of alerts to send.
63
63
64
64
[discrete]
65
65
[[knowledge-base-add-knowledge]]
66
66
== Add knowledge
67
67
68
-
To view all knowledge base entries, go to the Security AI settings and select the **Knowledge Base** tab. You can add individual documents or entire indices containing multiple documents. Each entry in the Knowledge Base (a document or index) has a **Sharing** setting of `private` or `global`. Private entries apply to the current user only and do not affect other users in the {kib} space, whereas global entries affect all users. Each entry can also have a `Required knowledge` setting, which means it will be included as context for every message sent to AI Assistant.
68
+
To view all Knowledge Base entries, go to the Security AI settings and select the **Knowledge Base** tab. You can add individual documents or entire indices containing multiple documents. Each entry in the Knowledge Base (a document or index) has a **Sharing** setting of `private` or `global`. Private entries apply to the current user only and do not affect other users in the {kib} space, whereas global entries affect all users. Each entry can also have a `Required knowledge` setting, which means it will be included as context for every message sent to AI Assistant.
69
69
70
70
NOTE: When you enable Knowledge Base, it comes pre-populated with articles from https://www.elastic.co/security-labs[Elastic Security Labs], current through September 30, 2024, which allows AI Assistant to leverage Elastic's security research during your conversations. This enables it to answer questions such as, “Are there any new tactics used against Windows hosts that I should be aware of when investigating my alerts?”
71
71
@@ -81,7 +81,7 @@ Add an individual document to Knowledge Base when you want AI Assistant to remem
81
81
. Write the knowledge AI Assistant should remember in the **Markdown text** field.
82
82
. In the **Markdown text** field, enter the information you want AI Assistant to remember.
83
83
. If it should be **Required knowledge**, select the option. Otherwise, leave it blank.
84
-
Alternatively, you can simply send a message to AI Assistant that instructs it to "Remember" the information. For example, "Remember that I changed my password today, October 24, 2024", or "Remember we always use the Threat Hunting Timeline template when investigating potential threats". Entries created in this way are private to you. By default they are not required knowledge, but you can make them required by instructing AI Assistant to "Always remember", for example "Always remember to address me as madam", or "Always remember that our primary data center is located in Austin, Texas".
84
+
Alternatively, you can simply send a message to AI Assistant that instructs it to "Remember" the information. For example, "Remember that I changed my password today, October 24, 2024", or "Remember we always use the Threat Hunting Timeline template when investigating potential threats". Entries created in this way are private to you. By default, they are not required knowledge, but you can make them required by instructing AI Assistant to "Always remember", for example "Always remember to address me as madam", or "Always remember that our primary data center is located in Austin, Texas".
85
85
86
86
Refer to the following video for an example of adding a document to Knowledge Base from the settings menu.
0 commit comments