i18n updates from James

x-pack/packages/kbn-elastic-assistant/impl/content/prompts/system/translations.ts

@@ -11,7 +11,7 @@ export const YOU_ARE_A_HELPFUL_EXPERT_ASSISTANT = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.system.youAreAHelpfulExpertAssistant',
   {
     defaultMessage:
-      'You are a helpful, expert assistant who answers questions about Elastic Security.',
+      'You are a helpful, expert assistant who only answers questions about Elastic Security.',
   }
 );
 
@@ -25,14 +25,15 @@ export const USE_THE_FOLLOWING_CONTEXT_TO_ANSWER = i18n.translate(
 export const IF_YOU_DONT_KNOW_THE_ANSWER = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.system.ifYouDontKnowTheAnswer',
   {
-    defaultMessage: "If you don't know the answer, don't try to make one up.",
+    defaultMessage: 'Do not answer questions unrelated to Elastic Security.',
   }
 );
 
 export const SUPERHERO_PERSONALITY = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.system.superheroPersonality',
   {
-    defaultMessage: 'You have the personality of a mutant superhero who says "bub" a lot.',
+    defaultMessage:
+      'Provide the most detailed and relevant answer possible, as if you were relaying this information back to a cyber security expert',
   }
 );
 
@@ -53,7 +54,7 @@ ${USE_THE_FOLLOWING_CONTEXT_TO_ANSWER}`;
 export const SUPERHERO_SYSTEM_PROMPT_NAME = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.system.superheroSystemPromptName',
   {
-    defaultMessage: 'superhero system prompt',
+    defaultMessage: 'Enhanced system prompt',
   }
 );
 

x-pack/packages/kbn-elastic-assistant/impl/content/prompts/user/translations.ts

@@ -10,23 +10,24 @@ import { i18n } from '@kbn/i18n';
 export const EXPLAIN_THE_MEANING_FROM_CONTEXT_ABOVE = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.user.explainTheMeaningFromContextAbove',
   {
-    defaultMessage: 'Explain the meaning from the context above',
+    defaultMessage: 'You are an expert cyber security analyst using Elastic Security.',
   }
 );
 
 export const THEN_SUMMARIZE_SUGGESTED_KQL_AND_EQL_QUERIES = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.user.thenSummarizeSuggestedKqlAndEqlQueries',
   {
-    defaultMessage: 'then summarize a list of suggested Elasticsearch KQL and EQL queries',
+    defaultMessage:
+      'I would like you to evaluate the event from the context above with and format your output neatly in markdown syntax for my Elastic Security case.',
   }
 );
 
 export const FINALLY_SUGGEST_INVESTIGATION_GUIDE_AND_FORMAT_AS_MARKDOWN = i18n.translate(
   'xpack.elasticAssistant.assistant.content.prompts.user.finallySuggestInvestigationGuideAndFormatAsMarkdown',
   {
-    defaultMessage: 'Finally, suggest an investigation guide, and format it as markdown',
+    defaultMessage: `Add your description, recommended actions and bulleted triage steps. Use the MITRE ATT&CK data provided to add more context and recommendations from MITRE, and hyperlink to the relevant pages on MITRE\'s website. Be sure to include the user and host risk score data from the context. Your response should include steps that point to Elastic Security specific features, including endpoint response actions, the Elastic Agent OSQuery manager integration (with example osquery queries), timelines and entity analytics and link to all the relevant Elastic Security documentation.`,
   }
 );
 
-export const EXPLAIN_THEN_SUMMARIZE_SUGGEST_INVESTIGATION_GUIDE_NON_I18N = `${EXPLAIN_THE_MEANING_FROM_CONTEXT_ABOVE}, ${THEN_SUMMARIZE_SUGGESTED_KQL_AND_EQL_QUERIES}.
-${FINALLY_SUGGEST_INVESTIGATION_GUIDE_AND_FORMAT_AS_MARKDOWN}.`;
+export const EXPLAIN_THEN_SUMMARIZE_SUGGEST_INVESTIGATION_GUIDE_NON_I18N = `${EXPLAIN_THE_MEANING_FROM_CONTEXT_ABOVE} ${THEN_SUMMARIZE_SUGGESTED_KQL_AND_EQL_QUERIES}
+${FINALLY_SUGGEST_INVESTIGATION_GUIDE_AND_FORMAT_AS_MARKDOWN}`;

x-pack/plugins/security_solution/public/assistant/content/quick_prompts/index.tsx

@@ -47,9 +47,15 @@ export const BASE_SECURITY_QUICK_PROMPTS: QuickPrompt[] = [
     isDefault: true,
   },
   {
-    title: i18n.OMNI_QUERY_5000_TITLE,
-    prompt: i18n.OMNI_QUERY_5000_PROMPT,
+    title: i18n.SPL_QUERY_CONVERSION_TITLE,
+    prompt: i18n.SPL_QUERY_CONVERSION_PROMPT,
     color: '#BADA55',
     isDefault: true,
   },
+  {
+    title: i18n.AUTOMATION_TITLE,
+    prompt: i18n.AUTOMATION_PROMPT,
+    color: '#FFA500',
+    isDefault: true,
+  },
 ];

x-pack/plugins/security_solution/public/assistant/content/quick_prompts/translations.ts

@@ -10,72 +10,89 @@ import { i18n } from '@kbn/i18n';
 export const ALERT_SUMMARIZATION_TITLE = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.alertSummarizationTitle',
   {
-    defaultMessage: 'Alert Summarization',
+    defaultMessage: 'Alert summarization',
   }
 );
 
 export const ALERT_SUMMARIZATION_PROMPT = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.alertSummarizationPrompt',
   {
-    defaultMessage: 'You are a genius genius, summarize the above alert with grace!',
+    defaultMessage:
+      'As an expert in security operations and incident response, provide a breakdown of the attached alert and summarize what it might mean for my organization.',
   }
 );
 
 export const RULE_CREATION_TITLE = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.ruleCreationTitle',
   {
-    defaultMessage: 'Similar Rules',
+    defaultMessage: 'Query generation',
   }
 );
 
 export const RULE_CREATION_PROMPT = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.ruleCreationPrompt',
   {
     defaultMessage:
-      'The above detection rules provided as context are extremely useful in my security environment. Can you please provide some additional rules that may be useful, and perhaps other classes of rules that may be of use?',
+      'As an expert user of Elastic Security, please generate an accurate and valid EQL query to detect the use case below. Your response should be formatted to be able to use immediately in an Elastic Security timeline or detection rule. If Elastic Security already has a prebuilt rule for the use case, or a similar one, please provide a link to it and describe it.',
   }
 );
 
 export const WORKFLOW_ANALYSIS_TITLE = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.workflowAnalysisTitle',
   {
-    defaultMessage: 'Workflow Analysis',
+    defaultMessage: 'Workflow suggestions',
   }
 );
 
 export const WORKFLOW_ANALYSIS_PROMPT = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.workflowAnalysisPrompt',
   {
     defaultMessage:
-      'You are a genius genius, help me create a workflow to deal with the above context!',
+      'As an expert user of Elastic Security, please suggest a workflow, with step by step instructions on how to:',
   }
 );
 
 export const THREAT_INVESTIGATION_GUIDES_TITLE = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.threatInvestigationGuidesTitle',
   {
-    defaultMessage: 'Threat Investigation Guides',
+    defaultMessage: 'Custom data ingestion helper',
   }
 );
 
 export const THREAT_INVESTIGATION_GUIDES_PROMPT = i18n.translate(
   'xpack.securitySolution.assistant.quickPrompts.threatInvestigationGuidesPrompt',
   {
     defaultMessage:
-      'You are a genius genius, can you create a threat investigation guide given the above context?',
+      'As an expert user of Elastic Security, Elastic Agent, and Ingest pipelines, please list accurate and formatted, step by step instructions on how to ingest the following data using Elastic Agent and Fleet in Kibana and convert it to the Elastic Common Schema:',
+  }
+);
+
+export const SPL_QUERY_CONVERSION_TITLE = i18n.translate(
+  'xpack.securitySolution.assistant.quickPrompts.splQueryConversionTitle',
+  {
+    defaultMessage: 'Query conversion',
   }
 );
 
-export const OMNI_QUERY_5000_TITLE = i18n.translate(
-  'xpack.securitySolution.assistant.quickPrompts.omniQuery5000Title',
+export const SPL_QUERY_CONVERSION_PROMPT = i18n.translate(
+  'xpack.securitySolution.assistant.quickPrompts.splQueryConversionPrompt',
   {
-    defaultMessage: 'OmniQuery5000',
+    defaultMessage:
+      'I have the following query from a previous SIEM platform. As an expert user of Elastic Security, please suggest an Elastic EQL equivalent. I should be able to copy it immediately into an Elastic security timeline.',
   }
 );
 
-export const OMNI_QUERY_5000_PROMPT = i18n.translate(
-  'xpack.securitySolution.assistant.quickPrompts.omniQuery5000Prompt',
+export const AUTOMATION_TITLE = i18n.translate(
+  'xpack.securitySolution.assistant.quickPrompts.AutomationTitle',
   {
-    defaultMessage: 'You are a genius genius, nothing more to say there!',
+    defaultMessage: 'Agent integration advice',
+  }
+);
+
+export const AUTOMATION_PROMPT = i18n.translate(
+  'xpack.securitySolution.assistant.quickPrompts.AutomationPrompt',
+  {
+    defaultMessage:
+      'Which Fleet enabled Elastic Agent integration should I use to collect logs and events from:',
   }
 );

x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts

@@ -1152,7 +1152,8 @@ export const RULE_MANAGEMENT_CONTEXT_DESCRIPTION = i18n.translate(
 export const EXPLAIN_THEN_SUMMARIZE_RULE_DETAILS = i18n.translate(
   'xpack.securitySolution.detectionEngine.ruleManagement.explainThenSummarizeRuleDetails',
   {
-    defaultMessage: 'This is the prompt around the stuff',
+    defaultMessage:
+      "Please explain the selected rules above. For each rule, highlight why they are relevant, the query as published on Elastic's detection rules repository and an in-depth explanation of it, and what they typically mean for an organization if detected.",
   }
 );