-
Notifications
You must be signed in to change notification settings - Fork 180
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bc7b9a3
commit 69a981b
Showing
14 changed files
with
119 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file modified
BIN
+250 KB
(290%)
docs/AI-for-security/images/assistant-anonymization-menu.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+117 KB
docs/AI-for-security/images/knowledge-base-assistant-menu-dropdown.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+90 KB
docs/AI-for-security/images/knowledge-base-assistant-settings-kb-tab.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+64.3 KB
docs/AI-for-security/images/knowledge-base-assistant-setup-button.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
[[ai-assistant-knowledge-base]] | ||
= AI Assistant Knowledge Base | ||
|
||
AI Assistant's knowledge base feature enables it to recall specific documents and other specified information, and to use it as context when responding to your queries. This page describes how to enable and add information to knowledge base. | ||
|
||
NOTE: When you upgrade from {elastic-sec} version 8.15 to a newer version, information previously stored by AI Assistant will be lost. | ||
|
||
.Requirements | ||
[sidebar] | ||
-- | ||
|
||
* To use knowledge base, you need the `Elastic AI Assistant: All` privilege. To edit global knowledge base entries (information that will affect the AI Assistant experience for other users in the {kib} space), you need the `Allow Changes to Global Entries` privilege. | ||
* To use knowledge base, you must <<ml-requirements, enable machine learning>> with a minimum ML node size of 4GB. | ||
|
||
-- | ||
|
||
[discrete] | ||
[[enable-knowledge-base]] | ||
== Enable knowledge base | ||
|
||
There are two ways to enable knowledge base. | ||
|
||
NOTE: You must individually enable knowledge base for each {kib} space where you want to use it. | ||
|
||
[discrete] | ||
=== Option 1 — enable knowledge base from an AI Assistant conversation | ||
|
||
Open a conversation with AI Assistant, select a large language model, then click **Setup Knowledge Base**. If the button doesn't appear, knowledge base is already enabled. | ||
|
||
image::images/knowledge-base-assistant-setup-button[An AI Assistant conversation showing the Setup Knowledge Base button] | ||
|
||
Knowledge base setup may take several minutes. It will continue in the background if you close the conversation. After setup is complete, you can access knowledge base settings from the conversation settings menu. | ||
|
||
image::images/knowledge-base-assistant-menu-dropdown.png[AI Assistant's dropdown menu with the knowledge base option highlighted] | ||
|
||
[discrete] | ||
=== Option 2 — enable knowledge base from the Security AI settings menu | ||
|
||
. Go to **Stack Management → AI Assistants → Elastic AI Assistant for Security → Knowledge Base**. | ||
. Click **Setup Knowledge Base**. If the button doesn't appear, knowledge base is already enabled. | ||
|
||
image::images/knowledge-base-assistant-settings-kb-tab.png[AI Assistant's settings menu open to the knowledge base tab] | ||
|
||
[discrete] | ||
[[rag-for-alerts]] | ||
== Knowledge base for alerts | ||
When knowledge base is enabled, AI Assistant receives alerts from your environment as context for each of your prompts. It will receive alerts from the last 24 hours that have a status of `open` or `acknowledged`, ordered first by risk score, then by recency. Building block alerts are excluded. This enables it to answer questions about multiple alerts in your environment, rather than just the individual alerts you choose to include as context. | ||
|
||
To enable knowledge base for alerts: | ||
|
||
. Make sure that knowledge base is <<enable-knowledge-base, enabled>>. | ||
. Use the slider on the Security AI settings menu's Knowledge Base tab to select the number of alerts to send to AI Assistant. Click **Save**. | ||
|
||
NOTE: Including a large number of alerts may cause your request to exceed the maximum token length of your third-party generative AI provider. If this happens, try selecting a lower number of alerts to send. | ||
|
||
[discrete] | ||
[[knowledge-base-add-knowledge]] | ||
== Add knowledge | ||
|
||
To view all knowledge base entries, go to the Security AI settings menu's Knowledge Base tab. You can add either individual documents, or entire indices containing multiple documents. Each entry in the knowledge base (a document or index) has a **Sharing** setting of either `private` or `global`. Private entries do not affect other users in the {kib} space, whereas global entries affect all users. Each entry can also be `Required knowledge`, which means it will be included as context to every message to AI Assistant. | ||
|
||
NOTE: When you enable knowledge base, it comes pre-populated with articles from https://www.elastic.co/security-labs[Elastic Security Labs], current through September 30, 2024. This allows AI Assistant to leverage Elastic's security research during your conversations. This enables it to answer questions such as, “Are there any new tactics used against Windows hosts that I should be aware of when investigating my alerts?” | ||
|
||
[discrete] | ||
[[knowledge-base-add-knowledge-document]] | ||
=== Add an individual document | ||
|
||
Add an individual document to knowledge base when you want AI Assistant to remember a specific piece of information. | ||
|
||
. Go to **Stack Management → AI Assistants → Elastic AI Assistant for Security → Knowledge Base**. | ||
. Click **New → Document**. | ||
. Name the knowledge documet. | ||
. Under **Sharing**, select whether this knowledge should be **Global** or **Private**. | ||
. Write the knowledge in the **Markdown text** field. | ||
. Decide whether to make it **Required knowledge**. | ||
|
||
Alternatively, you can simply send a message to AI Assistant that instructs it to "Remember" the information. For example, "Remember that I changed my password today, October 24, 2024", "Remember that our primary data center is located in Austin, Texas", or "Remember we always use the 'Threat Hunting' Timeline template when investigating potential threats". Entries created in this way are private to you. By default they are not required knowledge, but you can make them required by instructing AI Assistant to "Always remember", for example "Always remember to address me as madam". | ||
|
||
[discrete] | ||
[[knowledge-base-add-knowledge-index]] | ||
=== Add an index | ||
|
||
Add an index as a knowledge source when you want information added to that index to automatically inform AI Assistant's responses. Common security examples include asset inventories, network configuration information, on-call matrices, threat intelligence reports, and vulnerability scans. | ||
|
||
IMPORTANT: Indexes added to knowledge base must have at least one field mapped as {ref}/semantic-text.html[semantic text]. | ||
|
||
. Go to **Stack Management → AI Assistants → Elastic AI Assistant for Security → Knowledge Base**. | ||
. Click **New → Index**. | ||
. Name the knowledge source. | ||
. Under **Sharing**, select whether this knowledge should be **Global** or **Private**. | ||
. Under **Index** enter the name of the index you want to use as a knowledge source. | ||
. Under **Field**, enter the names of one or more semantic text fields within the index. | ||
. Under **Data Description**, describe when this information should be used by AI Assistant. | ||
. Under **Query Instruction**, describe how AI Assistant should query this index to retrieve relevant information. | ||
. Under **Output Fields**, list the fields which should be sent to AI Assistant. If none are listed, all fields will be sent. | ||
|
||
image::images/knowledge-base-add-index-config.png[Knowledge base's Edit index entry menu] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters