[Security] [Serverless: Jan 6] Entity summary

explore-analyze/ai-features.md

@@ -110,15 +110,11 @@ The [Model Context Protocol (MCP)](/solutions/search/mcp.md) lets you connect AI
 
 [Elastic AI Assistant for Security](/solutions/security/ai/ai-assistant.md) helps you with tasks such as alert investigation, incident response, and query generation throughout {{elastic-sec}}. It provides a chat interface where you can ask questions about the {{stack}} and your data, and provides contextual insights that explain errors and messages and suggest remediation steps.
 
-This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
-
 
 ### Attack Discovery
 
 [Attack Discovery](/solutions/security/ai/attack-discovery.md) uses AI to triage your alerts and identify potential threats. Each "discovery" represents a potential attack and describes relationships among alerts to identify related users and hosts, map alerts to the MITRE ATT&CK matrix, and help identify threat actors.
 
-This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
-
 
 ### Automatic Migration
 
@@ -127,15 +123,11 @@ This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides
 * Splunk rules
 * Splunk dashboards
 
-This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
-
 
 ### Automatic Import
 
 [Automatic Import](/solutions/security/get-started/automatic-import.md) helps you ingest data from sources that do not have prebuilt Elastic integrations. It uses AI to parse a sample of the data you want to ingest, and creates a new integration specifically for that type of data.
 
-This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
-
 
 ### Automatic Troubleshooting
 
@@ -144,4 +136,11 @@ This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides
 * **Policy responses**: Detect warnings or failures in {{elastic-defend}}’s integration policies.
 * **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that might conflict with {{elastic-defend}}.
 
-This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md).
+
+### Entity summary
+```yaml {applies_to}
+stack: ga 9.3
+serverless: ga
+```
+
+[Entity summary](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-summary), available in the entity details flyout, uses AI to generate a summary of a user's or host's security context. It aggregates information such as risk scores, asset criticality, vulnerabilities, and {{ml}} anomalies to provide a consolidated view of the entity's security posture. The summary helps you prioritize investigations and identify recommended next steps.

solutions/security/advanced-entity-analytics/view-entity-details.md

@@ -18,6 +18,7 @@
 
 The entity details flyout includes the following sections:
 
+* {applies_to}`serverless: ga` {applies_to}`stack: ga 9.3` [Entity summary](#entity-summary), which allows you to generate an AI summary of the entity.
 * [Entity risk summary](#entity-risk-summary), which displays entity risk data and inputs.
 * [Asset Criticality](#asset-criticality), which allows you to view and assign asset criticality.
 * [Insights](#insights), which displays vulnerabilities or misconfiguration findings for the entity.
@@ -28,6 +29,40 @@
 :screenshot:
 :::
 
+### Entity summary
+```yaml {applies_to}
+stack: ga 9.3
+serverless: ga
+```
+
+::::{note}
+* To generate an AI summary, you need to configure a [generative AI connector](kibana://reference/connectors-kibana/gen-ai-connectors.md).
+* This feature is only available for users and hosts.
+::::
+
+The **Entity summary** section allows you to generate an AI-powered summary of the entity's security context. Click **Generate** to create a comprehensive overview that aggregates information from:
+
+* Risk scores and risk inputs
+* Asset criticality levels
+* Vulnerabilities
+* {{ml-cap}} anomalies associated with the entity
+
+The summary provides a consolidated view of the entity's security posture, helping you quickly assess its significance and prioritize investigations. It includes information such as:
+
+* The entity's current risk score with details about which alerts or rules contribute most significantly to the score
+* The entity's asset criticality level and how it contributes to the overall risk score
+* Details about detected vulnerabilities, including CVE identifiers, CVSS scores, affected packages or systems, and remediation guidance
+* Recommended next steps based on the entity's security posture, such as updating vulnerable packages, investigating specific alerts, or implementing additional security controls
+
+::::{tip}
+If you have [AI Assistant](/solutions/security/ai/ai-assistant.md) or [Agent Builder](/solutions/search/elastic-agent-builder.md) set up, you can select **More actions** ({icon}`boxes_vertical`) → **Ask AI Assistant** or **Add to chat** to continue the conversation about the entity in AI Assistant or Agent Builder.
+::::
+
+:::{image} /solutions/images/security-entity-summary.png
+:alt: Entity summary
+:screenshot:
+:::
+
 ### Entity risk summary
 
 ::::{admonition} Requirements