Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds RAG for alerts info to the AI Assistant page #4520

Merged
merged 15 commits into from
Jan 3, 2024
Merged

Adds RAG for alerts info to the AI Assistant page #4520

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
a5ef8da
Adds info about RAG for alerts
benironside Dec 21, 2023
84ecac5
adds section tag
benironside Dec 21, 2023
b5d5341
Adds an image
benironside Dec 21, 2023
f20181d
tweaks formatting
benironside Dec 21, 2023
9cc636f
Merge branch 'main' into 4456-RAG-for-alerts
benironside Dec 28, 2023
26564e4
first pass at incorporating Joe's feedback
benironside Jan 3, 2024
23340de
second pass at Joe's feedback
benironside Jan 3, 2024
f338f4e
Merge branch 'main' into 4456-RAG-for-alerts
benironside Jan 3, 2024
b390589
minor formatting fix
benironside Jan 3, 2024
15538a4
Merge branch '4456-RAG-for-alerts' of https://github.com/elastic/secu…
benironside Jan 3, 2024
b573bf4
changes headers
benironside Jan 3, 2024
d841164
Update docs/assistant/security-assistant.asciidoc
benironside Jan 3, 2024
889c8f6
Update docs/assistant/security-assistant.asciidoc
benironside Jan 3, 2024
8399377
Update docs/assistant/security-assistant.asciidoc
benironside Jan 3, 2024
16a9e64
Merge branch 'main' into 4456-RAG-for-alerts
benironside Jan 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/assistant/images/knowledge-base-settings.png
View file
Open in desktop
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @benironside for your help with the Alerts setting!
Your feedback is included in elastic/kibana#173809

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
22 changes: 17 additions & 5 deletions docs/assistant/security-assistant.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,20 +166,32 @@ When you include a particular event as context, you can use a similar interface
+
The *Show anonymized* toggle controls whether you see the obfuscated or plaintext versions of the fields you sent to AI Assistant. It doesn't control what gets obfuscated — that's determined by the anonymization settings. It also doesn't affect how event fields appear _before_ being sent to AI Assistant. Instead, it controls how fields that were already sent and obfuscated appear to you.

* **Knowledge base:** Use retrieval-augmented generation to provide specialized knowledge of the Elastic Search Query Language ({esql}) to AI Assistant. For example, with the knowledge base active, you can ask AI Assistant to help you write an {esql} query for a particular use case, or ask it to answer general questions about {esql} syntax and usage. Without the knowledge base enabled, AI Assistant will not be able to answer questions about {esql}.
[[ai-assistant-knowledge-base]]
* **Knowledge base:** Use retrieval-augmented generation to provide additional context to AI Assistant.
benironside marked this conversation as resolved.
Show resolved Hide resolved
+
beta::[]
+
To enable the knowledge base:
+

Enable AI Assistant to answer questions about the Elastic Search Query Language ({esql}):

. Enable the Elastic Learned Sparse EncodeR (ELSER). This model provides additional context to the third-party LLM. To learn more, refer to {ml-docs}/ml-nlp-elser.html#download-deploy-elser[Configure ELSER].
. Initialize the knowledge base by clicking *Initialize*.
. Turn on the *Knowledge Base* option.
. Click *Save*. The knowledge base is now active.
+
When the knowledge base is active, a quick prompt for {esql} queries becomes available. It provides a good starting point for your {esql} conversations and questions.
When this setting is enabled, AI Assistant can answer questions about {esql}. For example, it can help you write an {esql} query for a particular use case, or answer general questions about {esql} syntax and usage.
benironside marked this conversation as resolved.
Show resolved Hide resolved
A quick prompt for {esql} queries becomes available, which provides a good starting point for your {esql} conversations and questions. When this setting is disabled, AI Assistant can not answer questions about {esql}.

Enable AI Assistant to answer questions about alerts in your environment:

. Turn on the **Alerts** setting.
. Use the slider to select how many alerts to send to AI Assistant.
benironside marked this conversation as resolved.
Show resolved Hide resolved
+
When this setting is enabled, AI Assistant will receive multiple alerts as context for each of your prompts. It will receive alerts from the last 24 hours that have a status of `open` or `acknowledged`, ordered first by risk score, then by recency, and excluding building block alerts.
benironside marked this conversation as resolved.
Show resolved Hide resolved
benironside marked this conversation as resolved.
Show resolved Hide resolved

[role="screenshot"]
image::images/knowledge-base-settings.png[AI Assistant's settings menu, open to the Knowledge Base tab]
[discrete]

[[ai-assistant-queries]]
benironside marked this conversation as resolved.
Show resolved Hide resolved
### Get the most from your queries

Expand Down