elastic
diff --git a/‎packages/security_ai_prompts/changelog.yml‎
Lines changed: 6 additions & 1 deletion b/‎packages/security_ai_prompts/changelog.yml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎…8d9a496-b876-43f0-9dcf-d8834d8c44a1.json‎ ‎…4f42079-7f27-4892-8c63-4c500e5821c4.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json
Lines changed: 1 addition & 1 deletion b/‎…8d9a496-b876-43f0-9dcf-d8834d8c44a1.json‎ ‎…4f42079-7f27-4892-8c63-4c500e5821c4.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…35a2fab-9f56-43e0-aa59-38b5ec8228fd.json‎ ‎…766d63f-7915-42ba-9526-e683f89c19ca.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json
Lines changed: 1 addition & 1 deletion b/‎…35a2fab-9f56-43e0-aa59-38b5ec8228fd.json‎ ‎…766d63f-7915-42ba-9526-e683f89c19ca.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…994271e-2a6e-48d1-9f14-6eab0f06de69.json‎ ‎…7839125-36c6-4480-bfaa-d9a22f13c6de.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json
Lines changed: 1 addition & 1 deletion b/‎…994271e-2a6e-48d1-9f14-6eab0f06de69.json‎ ‎…7839125-36c6-4480-bfaa-d9a22f13c6de.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…0482836-9efd-46b3-8c67-14490f75cc27.json‎ ‎…28d6f69-e856-436e-9645-aac5969c7d6c.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json
Lines changed: 1 addition & 1 deletion b/‎…0482836-9efd-46b3-8c67-14490f75cc27.json‎ ‎…28d6f69-e856-436e-9645-aac5969c7d6c.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…9d0c27c-f8d2-4903-8019-c8d5471935b9.json‎ ‎…58c8455-422b-4a8f-b762-3d6994c24e6b.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json
Lines changed: 1 addition & 1 deletion b/‎…9d0c27c-f8d2-4903-8019-c8d5471935b9.json‎ ‎…58c8455-422b-4a8f-b762-3d6994c24e6b.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…a771a05-95f9-4487-9525-98a69ac46345.json‎ ‎…5e797ad-53f6-45c4-b729-e484fbe49279.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json
Lines changed: 1 addition & 1 deletion b/‎…a771a05-95f9-4487-9525-98a69ac46345.json‎ ‎…5e797ad-53f6-45c4-b729-e484fbe49279.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json‎
Lines changed: 11 additions & 0 deletions b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59.json‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎…6c1550e-b606-4527-8aa3-9baaf8d9c943.json‎ ‎…d879724-76fa-4178-af4c-14dbdca777b0.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json
Lines changed: 1 addition & 1 deletion b/‎…6c1550e-b606-4527-8aa3-9baaf8d9c943.json‎ ‎…d879724-76fa-4178-af4c-14dbdca777b0.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎…f589318-f88e-45d6-b733-13bc91a91b2a.json‎ ‎…e40ae29-0e7e-44b4-a279-62e8ab019f57.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json
Lines changed: 1 addition & 1 deletion b/‎…f589318-f88e-45d6-b733-13bc91a91b2a.json‎ ‎…e40ae29-0e7e-44b4-a279-62e8ab019f57.json‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a.json renamed to packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57.json
Lines changed: 1 addition & 1 deletion
@@ -1,9 +1,14 @@
 # newer versions go on top
+- version: "1.0.8"
+ changes:
+ - description: "Update ease prompts"
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/15674
 - version: "1.0.7"
  changes:
  - description: "Update AI Assistant for Asset Inventory prompt"
  type: enhancement
- link: tbd
+ link: https://github.com/elastic/integrations/pull/15656
 - version: "1.0.6"
  changes:
  - description: "Update Security AI prompts with latest changes from Kibana"
 
@@ -6,6 +6,6 @@
  "default": "Research"
  }
  },
- "id": "security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1",
+ "id": "security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Most important alerts from the last 24 hrs"
  }
  },
- "id": "security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd",
+ "id": "security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Latest Elastic Security Labs research"
  }
  },
- "id": "security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69",
+ "id": "security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Retrieve and summarize the latest Elastic Security Labs articles one by one sorted by latest at the top, and consider using all tools available to you to fulfill this request. Ensure the response includes:\nArticle Summaries\nTitle and Link: Provide the title of each article with a hyperlink to the original content.\nPublication Date: Include the date the article was published.\nKey Insights: Summarize the main points or findings of each article in concise bullet points.\nRelevant Threats or Techniques: Highlight any specific malware, attack techniques, or adversary behaviors discussed, with references to MITRE ATT&CK techniques (include hyperlinks to the official MITRE pages).\nPractical Applications\nDetection and Response Guidance: Provide actionable steps or recommendations based on the article's content, tailored for Elastic Security workflows.\nElastic Security Features: Highlight any Elastic Security features, detection rules, or tools mentioned in the articles, with links to relevant documentation.\nExample Queries: If applicable, include example ES|QL or OSQuery Manager queries inspired by the article's findings, formatted as code blocks.\nDocumentation and Resources\nElastic Security Labs: Include a link to the Elastic Security Labs homepage.\nAdditional References: Provide links to any related Elastic documentation or external resources mentioned in the articles.\nFormatting Requirements\nUse markdown headers, tables, and code blocks for clarity.\nOrganize the response into visually distinct sections.\nUse concise, actionable language. Make sure you use tools available to you to fulfill this request."
  }
  },
- "id": "security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27",
+ "id": "security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Suggest"
  }
  },
- "id": "security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9",
+ "id": "security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "You MUST use the \"NaturalLanguageESQLTool\" function when the user wants to:\n - breakdown or filter ES|QL queries that are displayed on the current page\n - convert queries from another language to ES|QL\n - asks general questions about ES|QL\n ALWAYS use this tool to generate ES|QL queries or explain anything about the ES|QL query language rather than coming up with your own answer."
  }
  },
- "id": "security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345",
+ "id": "security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279",
  "type": "security-ai-prompt"
 }
@@ -0,0 +1,11 @@
+{
+ "attributes": {
+ "promptId": "costSavingsInsightPart2",
+ "promptGroupId": "ease",
+ "prompt": {
+ "default": "Generate a concise bulleted summary in mdx markdown. Follow the style and tone of the example below, highlighting key trends, averages, peaks, and projections:\n\n```\n- Between July 18 and August 18, daily cost savings **averaged around $135K**\n- The lowest point, **just above $70K**, occurred in early August.\n- **Peaks near $160K** appeared in late July and mid-August.\n- After a mid-period decline, savings steadily recovered and grew toward the end of the month.\n- At this pace, projected annual savings **exceed $48M**, confirming strong and predictable ROI.\n```\n\nRespond only with the markdown. Do not include any explanation or extra text."
+ }
+ },
+ "id": "security_ai_prompts-1873239b-1424-40e8-97d0-6154a2b63d59",
+ "type": "security-ai-prompt"
+}
@@ -6,6 +6,6 @@
  "default": "Call this for knowledge from Elastic Security Labs content, which contains information on malware, attack techniques, and more."
  }
  },
- "id": "security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943",
+ "id": "security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0",
  "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
  "default": "Return **only a single-line stringified JSON object** without any code fences, explanations, or variable assignments. Do **not** wrap the output in triple backticks or any Markdown code block. \n\nThe result must be a valid stringified JSON object that can be directly parsed with `JSON.parse()` in JavaScript.\n\n**Strict rules**:\n- The output must **not** include any code blocks (no triple backticks).\n- The output must be **a string**, ready to be passed directly into `JSON.parse()`.\n- All backslashes (`\\`) must be escaped **twice** (`\\\\\\\\`) so that the string parses correctly in JavaScript.\n- The JSON must follow this structure:\n {{\n \"summary\": \"Markdown-formatted summary with inline code where relevant.\",\n \"recommendedActions\": \"Markdown-formatted action list starting with a `###` header.\"\n }}\n- The summary text should just be text. It does not need any titles or leading items in bold.\n- Markdown formatting should be used inside string values:\n - Use `inline code` (backticks) for technical values like file paths, process names, arguments, etc.\n - Use `**bold**` for emphasis.\n - Use `-` for bullet points.\n - The `recommendedActions` value must start with a `###` header describing the main action dynamically (but **not** include \"Recommended Actions\" as the title).\n- **Do not** include any extra explanation or text. Only return the stringified JSON object.\n\nThe response should look like this:\n{{\"summary\":\"Markdown-formatted summary text.\",\"recommendedActions\":\"Markdown-formatted action list starting with a ### header.\"}}"
  }
  },
- "id": "security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a",
+ "id": "security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57",
  "type": "security-ai-prompt"
 }
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Research"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-08d9a496-b876-43f0-9dcf-d8834d8c44a1",`
	`9`	`+ "id": "security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Most important alerts from the last 24 hrs"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-d35a2fab-9f56-43e0-aa59-38b5ec8228fd",`
	`9`	`+ "id": "security_ai_prompts-0766d63f-7915-42ba-9526-e683f89c19ca",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Latest Elastic Security Labs research"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-e994271e-2a6e-48d1-9f14-6eab0f06de69",`
	`9`	`+ "id": "security_ai_prompts-07839125-36c6-4480-bfaa-d9a22f13c6de",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	"default": "Retrieve and summarize the latest Elastic Security Labs articles one by one sorted by latest at the top, and consider using all tools available to you to fulfill this request. Ensure the response includes:\nArticle Summaries\nTitle and Link: Provide the title of each article with a hyperlink to the original content.\nPublication Date: Include the date the article was published.\nKey Insights: Summarize the main points or findings of each article in concise bullet points.\nRelevant Threats or Techniques: Highlight any specific malware, attack techniques, or adversary behaviors discussed, with references to MITRE ATT&CK techniques (include hyperlinks to the official MITRE pages).\nPractical Applications\nDetection and Response Guidance: Provide actionable steps or recommendations based on the article's content, tailored for Elastic Security workflows.\nElastic Security Features: Highlight any Elastic Security features, detection rules, or tools mentioned in the articles, with links to relevant documentation.\nExample Queries: If applicable, include example ES\|QL or OSQuery Manager queries inspired by the article's findings, formatted as code blocks.\nDocumentation and Resources\nElastic Security Labs: Include a link to the Elastic Security Labs homepage.\nAdditional References: Provide links to any related Elastic documentation or external resources mentioned in the articles.\nFormatting Requirements\nUse markdown headers, tables, and code blocks for clarity.\nOrganize the response into visually distinct sections.\nUse concise, actionable language. Make sure you use tools available to you to fulfill this request."
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-f0482836-9efd-46b3-8c67-14490f75cc27",`
	`9`	`+ "id": "security_ai_prompts-128d6f69-e856-436e-9645-aac5969c7d6c",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Suggest"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-49d0c27c-f8d2-4903-8019-c8d5471935b9",`
	`9`	`+ "id": "security_ai_prompts-158c8455-422b-4a8f-b762-3d6994c24e6b",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "You MUST use the \"NaturalLanguageESQLTool\" function when the user wants to:\n - breakdown or filter ES\|QL queries that are displayed on the current page\n - convert queries from another language to ES\|QL\n - asks general questions about ES\|QL\n ALWAYS use this tool to generate ES\|QL queries or explain anything about the ES\|QL query language rather than coming up with your own answer."`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-ba771a05-95f9-4487-9525-98a69ac46345",`
	`9`	`+ "id": "security_ai_prompts-15e797ad-53f6-45c4-b729-e484fbe49279",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Call this for knowledge from Elastic Security Labs content, which contains information on malware, attack techniques, and more."`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-36c1550e-b606-4527-8aa3-9baaf8d9c943",`
	`9`	`+ "id": "security_ai_prompts-1d879724-76fa-4178-af4c-14dbdca777b0",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	"default": "Return only a single-line stringified JSON object without any code fences, explanations, or variable assignments. Do not wrap the output in triple backticks or any Markdown code block. \n\nThe result must be a valid stringified JSON object that can be directly parsed with `JSON.parse()` in JavaScript.\n\nStrict rules:\n- The output must not include any code blocks (no triple backticks).\n- The output must be a string, ready to be passed directly into `JSON.parse()`.\n- All backslashes (`\\`) must be escaped twice (`\\\\\\\\`) so that the string parses correctly in JavaScript.\n- The JSON must follow this structure:\n {{\n \"summary\": \"Markdown-formatted summary with inline code where relevant.\",\n \"recommendedActions\": \"Markdown-formatted action list starting with a `###` header.\"\n }}\n- The summary text should just be text. It does not need any titles or leading items in bold.\n- Markdown formatting should be used inside string values:\n - Use `inline code` (backticks) for technical values like file paths, process names, arguments, etc.\n - Use `bold` for emphasis.\n - Use `-` for bullet points.\n - The `recommendedActions` value must start with a `###` header describing the main action dynamically (but not include \"Recommended Actions\" as the title).\n- Do not include any extra explanation or text. Only return the stringified JSON object.\n\nThe response should look like this:\n{{\"summary\":\"Markdown-formatted summary text.\",\"recommendedActions\":\"Markdown-formatted action list starting with a ### header.\"}}"
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-df589318-f88e-45d6-b733-13bc91a91b2a",`
	`9`	`+ "id": "security_ai_prompts-1e40ae29-0e7e-44b4-a279-62e8ab019f57",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`