Skip to content

[Security Solution] [AI Assistant] Introducing security labs content as an integration #13967

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

[Security Solution] [AI Assistant] Introducing security labs content as an integration #13967

wants to merge 5 commits into from

Conversation

KDKHD
Copy link
Member

@KDKHD KDKHD commented May 22, 2025
edited
Loading

Proposed commit message

Introducing a new integration for the security labs content from https://www.elastic.co/security-labs. The content from security-labs is used to improve the capabilities of the security AI assistant by giving the assistant context on security threats.

Users do not need to install this integration through the integrations page in Kibana. Rather, the integration will be installed when a user sets up the Security AI assistant knowledge base under http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base.

Why

Currently, the security labs content is included in the Kibana repository. There are several problems with the current approach that this integration will solve:

  1. As the security labs content contains information about malware, it is triggering antivirus software, preventing users from upgrading Kibana (Kibana Knowledge Base Files being detected as Malware after update to 8.16 kibana#202114). Moving the content to an integration and removing the Security Labs content from the Kibana build, will ensure that anti virus software does not prevent users from upgrading Kibana.
  2. In addition to the raw content, we would like to include the embeddings for that content in the integration. This way we do not need to generate the embeddings on the user's cluster. In the future, embeddings for the security labs' content can be shipped through this integration. The embeddings are not included in the integration yet, this will be added in the future.

Requires elastic/package-spec#900

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@KDKHD KDKHD changed the title security labs integration [Security Solution] [AI Assistant] Security labs content as an integration May 22, 2025
@KDKHD KDKHD added the enhancement New feature or request label May 22, 2025
@KDKHD KDKHD changed the title [Security Solution] [AI Assistant] Security labs content as an integration [Security Solution] [AI Assistant] Introducing security labs content as an integration May 22, 2025
@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label May 22, 2025
@elasticmachine
Copy link

💔 Build Failed

Failed CI Steps

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@KDKHD @elasticmachine @andrewkroh