From 26564e40cae62c55284ee89911187604d3aef9ff Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 3 Jan 2024 07:52:55 -0800 Subject: [PATCH] first pass at incorporating Joe's feedback --- docs/assistant/security-assistant.asciidoc | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/docs/assistant/security-assistant.asciidoc b/docs/assistant/security-assistant.asciidoc index ae3893a6d6..6bd03cece4 100644 --- a/docs/assistant/security-assistant.asciidoc +++ b/docs/assistant/security-assistant.asciidoc @@ -167,31 +167,30 @@ When you include a particular event as context, you can use a similar interface The *Show anonymized* toggle controls whether you see the obfuscated or plaintext versions of the fields you sent to AI Assistant. It doesn't control what gets obfuscated — that's determined by the anonymization settings. It also doesn't affect how event fields appear _before_ being sent to AI Assistant. Instead, it controls how fields that were already sent and obfuscated appear to you. [[ai-assistant-knowledge-base]] -* **Knowledge base:** Use retrieval-augmented generation to provide additional context to AI Assistant. +* **Knowledge base:** Use retrieval-augmented generation (RAG) to provide additional context to AI Assistant. + beta::[] -Enable AI Assistant to answer questions about the Elastic Search Query Language ({esql}): +When Knowledge base is enabled, AI Assistant can answer questions about the Elastic Search Query Language ({esql}). For example, it can help you write an {esql} query for a particular use case, or answer general questions about {esql} syntax and usage. + +To enable AI Assistant to answer questions about {esql}: . Enable the Elastic Learned Sparse EncodeR (ELSER). This model provides additional context to the third-party LLM. To learn more, refer to {ml-docs}/ml-nlp-elser.html#download-deploy-elser[Configure ELSER]. . Initialize the knowledge base by clicking *Initialize*. . Turn on the *Knowledge Base* option. -. Click *Save*. The knowledge base is now active. -+ -When this setting is enabled, AI Assistant can answer questions about {esql}. For example, it can help you write an {esql} query for a particular use case, or answer general questions about {esql} syntax and usage. -A quick prompt for {esql} queries becomes available, which provides a good starting point for your {esql} conversations and questions. When this setting is disabled, AI Assistant can not answer questions about {esql}. +. Click *Save*. The knowledge base is now active. A quick prompt for {esql} queries becomes available, which provides a good starting point for your {esql} conversations and questions. + +When the **Alerts** setting is enabled, AI Assistant will receive multiple alerts as context for each of your prompts. It will receive alerts from the last 24 hours that have a status of `open` or `acknowledged`, ordered first by risk score, then by recency. Building block alerts are excluded. -Enable AI Assistant to answer questions about alerts in your environment: +To enable AI Assistant to answer questions about alerts in your environment: . Turn on the **Alerts** setting. . Use the slider to select how many alerts to send to AI Assistant. + -When this setting is enabled, AI Assistant will receive multiple alerts as context for each of your prompts. It will receive alerts from the last 24 hours that have a status of `open` or `acknowledged`, ordered first by risk score, then by recency, and excluding building block alerts. - [role="screenshot"] -image::images/knowledge-base-settings.png[AI Assistant's settings menu, open to the Knowledge Base tab] -[discrete] +image::images/knowledge-base-settings.png["AI Assistant's settings menu open to the Knowledge Base tab",75%] +[discrete] [[ai-assistant-queries]] ### Get the most from your queries