Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Document Custom Knowledge Base Improvements in 8.16 Release #5887

Open
dhru42 opened this issue Oct 4, 2024 · 0 comments
Open

[Request] Document Custom Knowledge Base Improvements in 8.16 Release #5887

dhru42 opened this issue Oct 4, 2024 · 0 comments
Assignees
@jamesspi @benironside @Charelzard

Comments

@dhru42
Copy link
Collaborator

dhru42 commented Oct 4, 2024
edited
Loading

Description

What: We're releasing the ability to users to import custom knowledge base items in 8.16 release.
Why: With this ability, users can now import things like their internal security playbooks, network topology, organizational chart, reference docs, indices, and more. With this newly added custom knowledge, the AI Assistant can provide more tailored responses which would help security users in their day-to-day workflows.

Scenario: The organization has imported its security playbooks containing responsible team members based on security incidents. (ex: to report phishing contact alicejones, for incident response escalation contact bill.smith)
When a user asks the AI Assistant how to remediate an alert, instead of providing a response containing steps from the LLM provider, the AI Assistant can also say "Based on your organization's policy, you can contact bill.smith@email.com to escalate this issue".

There are multiple ways users can import custom knowledge:

  • "Remember" prompt in the AI Assistant
  • Add a new document in the Security AI Settings (for this option, we will need to outline how to structure the text so it can be effectively used as knowledge in the assistant)
  • Add a new index in the Security AI Settings which allows user to reference indexes for additional context for use in CSPM findings, threat intelligence data, data quality, endpoint, and more. (For this option, we need to outline how to add an index created manually, and how to add an index created by the search connector, and the nuances that come with each option)

Additionally, we need to ensure that our documentation contains details about RBAC as they relate to custom knowledge.
Lastly, we should clearly emphasize the incorporation of Elastic Security Labs content, which users can leverage from the AI Assistant.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.16

Serverless release

TBD

Feature differences

N/A

API docs impact

@jamesspi needs to detail how this is impactful for AI Assistant API

Prerequisites, privileges, feature flags

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamesspi jamesspi

@benironside benironside

@Charelzard Charelzard

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jamesspi @benironside @dhru42 @Charelzard