[New Integration] Vertex AI

[cpascale43]

Description

Vertex AI is Google’s platform offering AI and machine learning computing as a service. The integration enables monitoring and analysis of AI/ML operations.

Architecture

The integration collects Vertex AI audit events and model endpoint logs from Google Cloud Logging. We can ship these logs to Elastic using our existing Google Cloud integration framework.

• Vertex AI audit logging information
• Model endpoint audit logs

Dashboard Ideas

• Time series of Vertex AI API calls by event type
• Bar chart of model endpoint usage over time
• Heatmap of prediction requests by model and time
• Line graph showing dataset operations over time
• Stacked area chart of successful vs. failed operations

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.

All changes

• [ ] Change follows the contributing guidelines
• [ ] Supported versions of the monitoring target are documented
• [ ] Supported operating systems are documented (if applicable)
• [ ] Integration or System tests exist
• [ ] Documentation exists, useful guidelines to follow
• [ ] Fields follow ECS and naming conventions
• [ ] At least a manual test with ES / Kibana / Agent has been performed.
• [ ] Required Kibana version set to:

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

Pinging @elastic/security-scalability (Team:Security-Scalability)

[haetamoudi]

@cpascale43 VertexAI generates audit logs, which are already handled by the GCP integration.

The integration already fetches all the data from the request and response fields, meaning there are no changes specific to VertexAI required. I have done some testing, and all the logs generated by VertexAI are ingested through the existing integration with no changes needed.

As far as I understand, it is not possible to create visualizations based on fields that are dynamically mapped (flattened).

FYI, while testing, I noticed some audit logs fields were missing, so I opened a PR to enhance the integration: https://github.com/elastic/integrations/pull/10886

VertexAI logs ingested using the existing integration:

[cpascale43]

@haetamoudi thanks for looking into this! Good news that we are already collecting these logs.

Do the ECS mappings look correct?

If everything looks good then we'd just want to create documentation nested under Google Cloud + a separate log source tile, kind of like we did with AWS Bedrock.

[haetamoudi]

@cpascale43 The ECS mappings look correct to me, and this PR will add some missing fields that aren't specific to Vertex.

Regarding the documentation, VertexAI generates audit logs just like many other Google services, without any unique characteristics (besides the content of request and response which are dynamically handled). It seems odd to single out Vertex in the documentation when other Google Cloud services that also produce audit logs are handled by the same integration.

What do you think about including a link to the Google documentation that lists all services producing audit logs, rather than mentioning Vertex specifically? This would make it clear that logs from all those services are supported by our current integration. Here's the link: https://cloud.google.com/logging/docs/audit/services.

[haetamoudi]

@cpascale43 Let me know what you think about the suggestion—adding a link to the Google Cloud list of services that support audit logs instead of add documentation specific to Vertex.