elastic
diff --git a/‎packages/security_ai_prompts/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/security_ai_prompts/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec.json‎
Lines changed: 11 additions & 0 deletions b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec.json‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎…f73c411-a5db-4ac3-aa19-2851ad878922.json‎ ‎…5e06172-4ba3-4bbd-b99f-c4eca3b808d0.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ff73c411-a5db-4ac3-aa19-2851ad878922.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0.json
Lines changed: 1 addition & 1 deletion b/‎…f73c411-a5db-4ac3-aa19-2851ad878922.json‎ ‎…5e06172-4ba3-4bbd-b99f-c4eca3b808d0.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ff73c411-a5db-4ac3-aa19-2851ad878922.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…978ebba-7b1b-4b0a-98e5-8bbfb2773ccc.json‎ ‎…8d9a496-b876-43f0-9dcf-d8834d8c44a1.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6978ebba-7b1b-4b0a-98e5-8bbfb2773ccc.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json
Lines changed: 1 addition & 1 deletion b/‎…978ebba-7b1b-4b0a-98e5-8bbfb2773ccc.json‎ ‎…8d9a496-b876-43f0-9dcf-d8834d8c44a1.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6978ebba-7b1b-4b0a-98e5-8bbfb2773ccc.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…008d107-a4b1-47f9-98a6-976db8bdcbd6.json‎ ‎…bed3ecd-034a-4579-be4a-ba3f9e9009d6.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9008d107-a4b1-47f9-98a6-976db8bdcbd6.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6.json
Lines changed: 1 addition & 1 deletion b/‎…008d107-a4b1-47f9-98a6-976db8bdcbd6.json‎ ‎…bed3ecd-034a-4579-be4a-ba3f9e9009d6.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9008d107-a4b1-47f9-98a6-976db8bdcbd6.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…249ca0c-4dfc-4521-8741-4cbfb5d16b60.json‎ ‎…35b997c-8a95-4161-a346-cb6b5f0f0672.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9249ca0c-4dfc-4521-8741-4cbfb5d16b60.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672.json
Lines changed: 1 addition & 1 deletion b/‎…249ca0c-4dfc-4521-8741-4cbfb5d16b60.json‎ ‎…35b997c-8a95-4161-a346-cb6b5f0f0672.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9249ca0c-4dfc-4521-8741-4cbfb5d16b60.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…22dfc20-188c-4fc3-bd99-a11f431b8cdb.json‎ ‎…79ba772-7c8f-4b20-9d64-72d3211260b5.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-622dfc20-188c-4fc3-bd99-a11f431b8cdb.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5.json
Lines changed: 1 addition & 1 deletion b/‎…22dfc20-188c-4fc3-bd99-a11f431b8cdb.json‎ ‎…79ba772-7c8f-4b20-9d64-72d3211260b5.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-622dfc20-188c-4fc3-bd99-a11f431b8cdb.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…c6eba01-0846-4ed9-a61e-969f2062a79e.json‎ ‎…9154dca-d03f-4087-a22c-cce1d2ae1c70.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dc6eba01-0846-4ed9-a61e-969f2062a79e.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70.json
Lines changed: 1 addition & 1 deletion b/‎…c6eba01-0846-4ed9-a61e-969f2062a79e.json‎ ‎…9154dca-d03f-4087-a22c-cce1d2ae1c70.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-dc6eba01-0846-4ed9-a61e-969f2062a79e.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…a1f9ea2-5201-44c1-9b24-0a940939ed96.json‎ ‎…9e5b3af-7023-46eb-89af-521f43cb9a6a.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9a1f9ea2-5201-44c1-9b24-0a940939ed96.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a.json
Lines changed: 1 addition & 1 deletion b/‎…a1f9ea2-5201-44c1-9b24-0a940939ed96.json‎ ‎…9e5b3af-7023-46eb-89af-521f43cb9a6a.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-9a1f9ea2-5201-44c1-9b24-0a940939ed96.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…5e1f0f1-faa3-45cd-9be6-e2516f9e5e5d.json‎ ‎…a646fa8-8ea7-4026-998e-0488f9a52d16.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c5e1f0f1-faa3-45cd-9be6-e2516f9e5e5d.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16.json
Lines changed: 1 addition & 1 deletion b/‎…5e1f0f1-faa3-45cd-9be6-e2516f9e5e5d.json‎ ‎…a646fa8-8ea7-4026-998e-0488f9a52d16.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c5e1f0f1-faa3-45cd-9be6-e2516f9e5e5d.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16.json
Lines changed: 1 addition & 1 deletion
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.0.7"
+ changes:
+ - description: "Update AI Assistant for Asset Inventory prompt"
+ type: enhancement
+ link: tbd
 - version: "1.0.6"
  changes:
  - description: "Update Security AI prompts with latest changes from Kibana"
 
@@ -0,0 +1,11 @@
+{
+ "attributes": {
+ "promptId": "assetAnalysis",
+ "promptGroupId": "aiAssistant",
+ "prompt": {
+ "default": "Analyze asset data described above to provide security insights. The data contains the context of a specific asset (e.g., a host, user, service or cloud resource). Your response must be structured, contextual, and provide a general analysis based on the structure below.\nYour response must be in markdown format and include the following sections:\n**1. 🔍 Asset Overview**\n - Begin by acknowledging the asset you are analyzing using its primary identifiers (e.g., \"Analyzing host `[host.name]` with IP `[host.ip]`\").\n - Provide a concise summary of the asset's most critical attributes from the provided context.\n - Describe its key relationships and dependencies (e.g., \"This asset is part of the `[cloud.project.name]` project and is located in the `[cloud.availability_zone]` zone.\").\n**2. 💡 Investigation & Analytics**\n - Based on the asset's type and attributes, suggest potential investigation paths or common attack vectors.\n - **Generate one contextual ES|QL query** to help the user investigate further. Your generated query should address a common analytical question related to the asset type and sub type. Suggest other possible queries and ask if the user wants to generate more queries.\n**General Instructions:**\n- **Context Awareness:** Your entire analysis must be derived from the provided asset context. If a piece of information is not available in the context state that and proceed with the available data.\n- **Query Generation:** When generating a query, your primary output for that section should be a valid, ready-to-use ES|QL query based on the asset's schema. Use ES|QL tool for query generation. Format all queries as code blocks.\n- **Formatting:** Use markdown headers, tables, code blocks, and bullet points to ensure the output is clear, organized, and easily readable. Use concise, actionable language."
+ }
+ },
+ "id": "security_ai_prompts-05089083-256b-4930-8a44-81cbd49eeeec",
+ "type": "security-ai-prompt"
+}
@@ -6,6 +6,6 @@
  "default": "You are given Elasticsearch Lens aggregation results showing cost savings over time:"
  }
  },
- "id": "security_ai_prompts-ff73c411-a5db-4ac3-aa19-2851ad878922",
+ "id": "security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Research"
  }
  },
- "id": "security_ai_prompts-6978ebba-7b1b-4b0a-98e5-8bbfb2773ccc",
+ "id": "security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "A short, no more than 7 words, title for the insight, NOT formatted with special syntax or markdown. This must be as brief as possible."
  }
  },
- "id": "security_ai_prompts-9008d107-a4b1-47f9-98a6-976db8bdcbd6",
+ "id": "security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "A detailed insight with markdown, where each markdown bullet contains a description of what happened that reads like a story of the attack as it played out and always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}"
  }
  },
- "id": "security_ai_prompts-9249ca0c-4dfc-4521-8741-4cbfb5d16b60",
+ "id": "security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "A markdown summary of insight, using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax"
  }
  },
- "id": "security_ai_prompts-622dfc20-188c-4fc3-bd99-a11f431b8cdb",
+ "id": "security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Explain the ECS incompatibility results above, and describe some options to fix incompatibilities. In your explanation, include information about remapping fields, reindexing data, and modifying data ingestion pipelines. Also, describe how ES|QL can be used to identify and correct incompatible data, including examples of using RENAME, EVAL, DISSECT, GROK, and CASE functions. Please consider using applicable tools for this request. Make sure you’ve used the right tools for this request."
  }
  },
- "id": "security_ai_prompts-dc6eba01-0846-4ed9-a61e-969f2062a79e",
+ "id": "security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "🔍 Identify and Prioritize Today's Most Critical Alerts\nProvide a structured summary of today's most significant alerts, including:\n🛡️ Critical Alerts Overview\nHighlight the most impactful alerts based on risk scores, severity, and affected entities.\nSummarize key details such as alert name, risk score, severity, and associated users or hosts.\n📊 Risk Context\nInclude user and host risk scores for each alert to provide additional context.\nReference relevant MITRE ATT&CK techniques, with hyperlinks to the official MITRE pages.\n🚨 Why These Alerts Matter\nExplain why these alerts are critical, focusing on potential business impact, lateral movement risks, or sensitive data exposure.\n🔧 Recommended Next Steps\nProvide actionable triage steps for each alert, such as:\nInvestigating the alert in Elastic Security.\nReviewing related events in Timelines.\nAnalyzing user and host behavior using Entity Analytics.\nSuggest Elastic Defend endpoint response actions (e.g., isolate host, kill process, retrieve/delete file), with links to Elastic documentation.\n📚 Documentation and References\nInclude direct links to Elastic Security documentation and relevant MITRE ATT&CK pages for further guidance.\nMake sure you use tools available to you to fulfill this request.\nUse markdown headers, tables, and code blocks for clarity. Include relevant emojis for visual distinction and ensure the response is concise, actionable, and tailored to Elastic Security workflows."
  }
  },
- "id": "security_ai_prompts-9a1f9ea2-5201-44c1-9b24-0a940939ed96",
+ "id": "security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a",
  "type": "security-ai-prompt"
 }
@@ -7,6 +7,6 @@
  "default": "Now, always using the tools at your disposal, step by step, come up with a response to this request:\n\n"
  }
  },
- "id": "security_ai_prompts-c5e1f0f1-faa3-45cd-9be6-e2516f9e5e5d",
+ "id": "security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16",
  "type": "security-ai-prompt"
 }
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "You are given Elasticsearch Lens aggregation results showing cost savings over time:"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-ff73c411-a5db-4ac3-aa19-2851ad878922",`
	`9`	`+ "id": "security_ai_prompts-05e06172-4ba3-4bbd-b99f-c4eca3b808d0",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Research"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-6978ebba-7b1b-4b0a-98e5-8bbfb2773ccc",`
	`9`	`+ "id": "security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "A short, no more than 7 words, title for the insight, NOT formatted with special syntax or markdown. This must be as brief as possible."`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-9008d107-a4b1-47f9-98a6-976db8bdcbd6",`
	`9`	`+ "id": "security_ai_prompts-0bed3ecd-034a-4579-be4a-ba3f9e9009d6",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	"default": "A detailed insight with markdown, where each markdown bullet contains a description of what happened that reads like a story of the attack as it played out and always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}"
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-9249ca0c-4dfc-4521-8741-4cbfb5d16b60",`
	`9`	`+ "id": "security_ai_prompts-135b997c-8a95-4161-a346-cb6b5f0f0672",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "A markdown summary of insight, using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-622dfc20-188c-4fc3-bd99-a11f431b8cdb",`
	`9`	`+ "id": "security_ai_prompts-179ba772-7c8f-4b20-9d64-72d3211260b5",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	"default": "Explain the ECS incompatibility results above, and describe some options to fix incompatibilities. In your explanation, include information about remapping fields, reindexing data, and modifying data ingestion pipelines. Also, describe how ES\|QL can be used to identify and correct incompatible data, including examples of using RENAME, EVAL, DISSECT, GROK, and CASE functions. Please consider using applicable tools for this request. Make sure you’ve used the right tools for this request."
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-dc6eba01-0846-4ed9-a61e-969f2062a79e",`
	`9`	`+ "id": "security_ai_prompts-19154dca-d03f-4087-a22c-cce1d2ae1c70",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	"default": "🔍 Identify and Prioritize Today's Most Critical Alerts\nProvide a structured summary of today's most significant alerts, including:\n🛡️ Critical Alerts Overview\nHighlight the most impactful alerts based on risk scores, severity, and affected entities.\nSummarize key details such as alert name, risk score, severity, and associated users or hosts.\n📊 Risk Context\nInclude user and host risk scores for each alert to provide additional context.\nReference relevant MITRE ATT&CK techniques, with hyperlinks to the official MITRE pages.\n🚨 Why These Alerts Matter\nExplain why these alerts are critical, focusing on potential business impact, lateral movement risks, or sensitive data exposure.\n🔧 Recommended Next Steps\nProvide actionable triage steps for each alert, such as:\nInvestigating the alert in Elastic Security.\nReviewing related events in Timelines.\nAnalyzing user and host behavior using Entity Analytics.\nSuggest Elastic Defend endpoint response actions (e.g., isolate host, kill process, retrieve/delete file), with links to Elastic documentation.\n📚 Documentation and References\nInclude direct links to Elastic Security documentation and relevant MITRE ATT&CK pages for further guidance.\nMake sure you use tools available to you to fulfill this request.\nUse markdown headers, tables, and code blocks for clarity. Include relevant emojis for visual distinction and ensure the response is concise, actionable, and tailored to Elastic Security workflows."
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-9a1f9ea2-5201-44c1-9b24-0a940939ed96",`
	`9`	`+ "id": "security_ai_prompts-19e5b3af-7023-46eb-89af-521f43cb9a6a",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,6 @@`
`7`	`7`	`"default": "Now, always using the tools at your disposal, step by step, come up with a response to this request:\n\n"`
`8`	`8`	`}`
`9`	`9`	`},`
`10`		`- "id": "security_ai_prompts-c5e1f0f1-faa3-45cd-9be6-e2516f9e5e5d",`
	`10`	`+ "id": "security_ai_prompts-1a646fa8-8ea7-4026-998e-0488f9a52d16",`
`11`	`11`	`"type": "security-ai-prompt"`
`12`	`12`	`}`