What: We're releasing the ability to users to import custom knowledge base items in 8.16 release.
Why: With this ability, users can now import things like their internal security playbooks, network topology, organizational chart, reference docs, indices, and more. With this newly added custom knowledge, the AI Assistant can provide more tailored responses which would help security users in their day-to-day workflows.
Scenario: The organization has imported its security playbooks containing responsible team members based on security incidents. (ex: to report phishing contact alicejones, for incident response escalation contact bill.smith)
When a user asks the AI Assistant how to remediate an alert, instead of providing a response containing steps from the LLM provider, the AI Assistant can also say "Based on your organization's policy, you can contact bill.smith@email.com to escalate this issue".
There are multiple ways users can import custom knowledge:
"Remember" prompt in the AI Assistant
Add a new document in the Security AI Settings (for this option, we will need to outline how to structure the text so it can be effectively used as knowledge in the assistant)
Add a new index in the Security AI Settings which allows user to reference indexes for additional context for use in CSPM findings, threat intelligence data, data quality, endpoint, and more. (For this option, we need to outline how to add an index created manually, and how to add an index created by the search connector, and the nuances that come with each option)
Additionally, we need to ensure that our documentation contains details about RBAC as they relate to custom knowledge.
Lastly, we should clearly emphasize the incorporation of Elastic Security Labs content, which users can leverage from the AI Assistant.
benironside
commented
2 days ago
Description
What: We're releasing the ability to users to import custom knowledge base items in 8.16 release. Why: With this ability, users can now import things like their internal security playbooks, network topology, organizational chart, reference docs, indices, and more. With this newly added custom knowledge, the AI Assistant can provide more tailored responses which would help security users in their day-to-day workflows.
Scenario: The organization has imported its security playbooks containing responsible team members based on security incidents. (ex: to report phishing contact alicejones, for incident response escalation contact bill.smith) When a user asks the AI Assistant how to remediate an alert, instead of providing a response containing steps from the LLM provider, the AI Assistant can also say "Based on your organization's policy, you can contact bill.smith@email.com to escalate this issue".
There are multiple ways users can import custom knowledge:
Additionally, we need to ensure that our documentation contains details about RBAC as they relate to custom knowledge. Lastly, we should clearly emphasize the incorporation of Elastic Security Labs content, which users can leverage from the AI Assistant.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.16
Serverless release
TBD
Feature differences
N/A
API docs impact
@jamesspi needs to detail how this is impactful for AI Assistant API
Prerequisites, privileges, feature flags
No response