Security ai prompts #871
Security ai prompts #871
Conversation
Adds `kibana/security_ai_prompt` to support security AI prompt assets. ## Why is it important? In order to have the flexibility to tweak AI prompts outside of our regular ESS release schedule, `kibana/security_ai_prompt` assets introduce the ability to ship prompt updates for the security AI Assistant and Attack Discovery. ## Checklist - [x] I have added test packages to [`test/packages`](https://github.com/elastic/package-spec/tree/main/test/packages) that prove my change is effective. - [x] I have added an entry in [`spec/changelog.yml`](https://github.com/elastic/package-spec/blob/main/spec/changelog.yml). ## Related issues - <elastic/security-team#11196>
|
test integrations |
|
Created or updated PR in integrations repository to test this version. Check elastic/integrations#12719 |
|
Duplicate of #870? I was commenting on the other one 😅 |
|
yeah, I just want to test it before @andrew-goldstein wakes up :) |
test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json
Outdated
Show resolved
Hide resolved
spec/integration/kibana/spec.yml
Outdated
| - description: Folder containing security AI prompt assets | ||
| type: folder | ||
| name: "security_ai_prompt" | ||
| required: false | ||
| contents: | ||
| - description: A security AI prompt asset file | ||
| type: file | ||
| contentMediaType: "application/json" | ||
| pattern: '^{PACKAGE_NAME}-.+\.json$' |
There was a problem hiding this comment.
Would it make sense to add this Kibana asset to content packages? Or is it intended just for integration packages ?
There was a problem hiding this comment.
I’m not sure what "content packages" is?
There was a problem hiding this comment.
Reading through the the Package specification section of the Integrations Developer Guide, I don't believe this package should be a "content package" since the assets do not include any dashboards, visualizations, or ingest pipelines to enhance the user experience. The assets are JSON saved objects to deliver text at certain points in AI workflows. The user does not see the additional prompting, it is sent to the LLM.
There was a problem hiding this comment.
Or do you mean defining it in the Kibana repo? This is already done: https://github.com/elastic/kibana/blob/main/x-pack/platform/plugins/shared/fleet/common/types/models/epm.ts#L62
There was a problem hiding this comment.
Looking at the integrations PR elastic/integrations#13323 you linked, this looks like a candidate to be also available in content packages (under Kibana folder too with the JSON path to remove it in previous versions). Integration packages allow to define data streams, mappings, ingest pipelines and it looks like that all those resources would not be needed for these security AI prompt assets to work (is that right?).
I think it could also be kept as part of integration packages, in case it also needed to add/provide Security AI prompts in integration packages.
WDYT @jsoriano ?
There was a problem hiding this comment.
If you have branches of integrations or elastic-package using this change you will need to update the references, yes.
There was a problem hiding this comment.
The docs say that elastic-package supports only the "integration" package type. Is that right? How do I update the references?
There was a problem hiding this comment.
The docs say that
elastic-packagesupports only the "integration" package type. Is that right?
This is probably outdated, elastic-package supports integration, input and content packages. Where have you seen this?
How do I update the references?
These lines should do the trick in the integrations or elastic-package repos:
go mod edit -replace github.com/elastic/package-spec/v3=github.com/patrykkopycinski/package-spec/v3@security_ai_prompts
go mod tidy
There was a problem hiding this comment.
elastic-package supports integration, input and content packages. Where have you seen this?
Thank you. Here is the outdated doc reference https://www.elastic.co/guide/en/integrations-developer/current/elastic-package.html#_elastic_package_build
There was a problem hiding this comment.
Updating docs elastic/elastic-package#2507
|
question for @mrodm / @jsoriano |
To release these changes and make them available up to the integrations repository, there are a few steps that needs to be performed:
However, the version of the spec where these new assets are available would depend on when the support in Fleet/Kibana is added too. |
Support is already in Kibana/Fleet. However, it would be a manual installation. This PR is to automatically install the integration and registers the package version, and it will target 8.19.0/9.1.0 elastic/kibana#216106 |
When talking about support in Fleet we refer to Fleet being able to install these assets when found in a package. If we are targeting unreleased versions of Kibana we should use a new minor, 3.4.0 sounds good. |
|
anything else I need on this PR for approval @jsoriano ? Thanks! |
| }, | ||
| "id": "good_content-security-ai-prompt-1", | ||
| "type": "security-ai-prompt" | ||
| } |
There was a problem hiding this comment.
I am still missing a sample with a real use case. Is the idea to distribute a package with a collection of prompts? Or to associate prompts to specific data?
There was a problem hiding this comment.
Sorry, I'm confused what else you need here? All the package does is distribute prompts as saved objects. The prompts are looked up with the saved object API within security solution. If no saved object prompt exists, a fallback prompt value exists. https://github.com/elastic/kibana/blob/0d415a6d3a09200dad48a58851d89d81ef897b81/x-pack/solutions/security/packages/security-ai-prompts/src/get_prompt.ts#L109-L113
There was a problem hiding this comment.
I am not sure about the package that is planned after this new asset is supported. Will it be a package that will contain only a collection of prompts? Or will prompts be added to other packages?
There was a problem hiding this comment.
There will be one new package that contains only a collection of prompts as saved objects, see here: https://github.com/elastic/integrations/pull/13323/files
There was a problem hiding this comment.
Ok, then the model proposed here based on content package will fit great.
💚 Build Succeeded
History
|
Adds
kibana/security_ai_promptto support security AI prompt assets.Why is it important?
In order to have the flexibility to tweak AI prompts outside of our regular ESS release schedule,
kibana/security_ai_promptassets introduce the ability to ship prompt updates for the security AI Assistant and Attack Discovery.Checklist
test/packagesthat prove my change is effective.spec/changelog.yml.Related issues