diff --git a/explore-analyze/ai-features.md b/explore-analyze/ai-features.md index 41789681d3..7135a195c1 100644 --- a/explore-analyze/ai-features.md +++ b/explore-analyze/ai-features.md @@ -110,15 +110,11 @@ The [Model Context Protocol (MCP)](/solutions/search/mcp.md) lets you connect AI [Elastic AI Assistant for Security](/solutions/security/ai/ai-assistant.md) helps you with tasks such as alert investigation, incident response, and query generation throughout {{elastic-sec}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights that explain errors and messages and suggest remediation steps. -This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). - ### Attack Discovery [Attack Discovery](/solutions/security/ai/attack-discovery.md) uses AI to triage your alerts and identify potential threats. Each "discovery" represents a potential attack and describes relationships among alerts to identify related users and hosts, map alerts to the MITRE ATT&CK matrix, and help identify threat actors. -This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). - ### Automatic Migration @@ -127,15 +123,11 @@ This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides * Splunk rules * Splunk dashboards -This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). - ### Automatic Import [Automatic Import](/solutions/security/get-started/automatic-import.md) helps you ingest data from sources that do not have prebuilt Elastic integrations. It uses AI to parse a sample of the data you want to ingest, and creates a new integration specifically for that type of data. -This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). - ### Automatic Troubleshooting @@ -144,4 +136,11 @@ This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides * **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies. * **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that might conflict with {{elastic-defend}}. -This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). + +### Entity summary +```yaml {applies_to} +stack: ga 9.3 +serverless: ga +``` + +[Entity summary](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-summary), available in the entity details flyout, uses AI to generate a summary of a user's or host's security context. It aggregates information such as risk scores, asset criticality, vulnerabilities, and {{ml}} anomalies to provide a consolidated view of the entity's security posture. The summary helps you prioritize investigations and identify recommended next steps. diff --git a/solutions/images/security-entity-summary.png b/solutions/images/security-entity-summary.png new file mode 100644 index 0000000000..f8ee201c2c Binary files /dev/null and b/solutions/images/security-entity-summary.png differ diff --git a/solutions/images/security-host-details-flyout.png b/solutions/images/security-host-details-flyout.png index a5a960a596..6b0b9e0e92 100644 Binary files a/solutions/images/security-host-details-flyout.png and b/solutions/images/security-host-details-flyout.png differ diff --git a/solutions/security/advanced-entity-analytics/view-entity-details.md b/solutions/security/advanced-entity-analytics/view-entity-details.md index 07a44a8e0c..35bd43a67a 100644 --- a/solutions/security/advanced-entity-analytics/view-entity-details.md +++ b/solutions/security/advanced-entity-analytics/view-entity-details.md @@ -18,6 +18,7 @@ You can learn more about an entity (host, user, or service) from the entity deta The entity details flyout includes the following sections: +* {applies_to}`serverless: ga` {applies_to}`stack: ga 9.3` [Entity summary](#entity-summary), which allows you to generate an AI summary of the entity. * [Entity risk summary](#entity-risk-summary), which displays entity risk data and inputs. * [Asset Criticality](#asset-criticality), which allows you to view and assign asset criticality. * [Insights](#insights), which displays vulnerabilities or misconfiguration findings for the entity. @@ -28,6 +29,40 @@ The entity details flyout includes the following sections: :screenshot: ::: +### Entity summary +```yaml {applies_to} +stack: ga 9.3 +serverless: ga +``` + +::::{note} +* To generate an AI summary, you need to configure a [generative AI connector](kibana://reference/connectors-kibana/gen-ai-connectors.md). +* This feature is only available for users and hosts. +:::: + +The **Entity summary** section allows you to generate an AI-powered summary of the entity's security context. Click **Generate** to create a comprehensive overview that aggregates information from: + +* Risk scores and risk inputs +* Asset criticality levels +* Vulnerabilities +* {{ml-cap}} anomalies associated with the entity + +The summary provides a consolidated view of the entity's security posture, helping you quickly assess its significance and prioritize investigations. It includes information such as: + +* The entity's current risk score with details about which alerts or rules contribute most significantly to the score +* The entity's asset criticality level and how it contributes to the overall risk score +* Details about detected vulnerabilities, including CVE identifiers, CVSS scores, affected packages or systems, and remediation guidance +* Recommended next steps based on the entity's security posture, such as updating vulnerable packages, investigating specific alerts, or implementing additional security controls + +::::{tip} +If you have [AI Assistant](/solutions/security/ai/ai-assistant.md) or [Agent Builder](/solutions/search/elastic-agent-builder.md) set up, you can select **More actions** ({icon}`boxes_vertical`) → **Ask AI Assistant** or **Add to chat** to continue the conversation about the entity in AI Assistant or Agent Builder. +:::: + +:::{image} /solutions/images/security-entity-summary.png +:alt: Entity summary +:screenshot: +::: + ### Entity risk summary ::::{admonition} Requirements