kibana icon indicating copy to clipboard operation
kibana copied to clipboard

Published 20 hours ago verified publisher icon elastic

[Security Solution][Detection Engine] adds AI Assistant to rule create form

Open vitaliidm opened this issue 11 months ago • 20 comments

Summary

  • adds AI assistant for queries for every rule type, apart Machine Learning
  • AI assistant is shown only when query is not empty and invalid
  • When user clicks on assistant it records telemetry event open_assistant_on_rule_query_error

Design

Design

AI assistant help contextual

Demo

https://github.com/elastic/kibana/assets/92328789/92435f3b-c51e-471b-940f-604a1f245e94

Old Demoes

Note: old demo videos use old UI design, and assistant is shown even for valid queries.

list of videos

ES|QL Case 1

Simple ES|QL query validation error solving There 2 problems in query highlighted by validation. First, missing metadata operator Second, operator = instead of == By feeding query twice in Ai Assistant, I was able to get working solution

https://github.com/elastic/kibana/assets/92328789/1eb49505-b161-4fdb-ac3c-d2833c16e2cd

ES|QL Case 2

Fixes missing _id field, when metadata operator is present

https://github.com/elastic/kibana/assets/92328789/82024fcb-822e-46f1-a80a-8b9f1725816e

EQL Case 1

fixes EQL typo

https://github.com/elastic/kibana/assets/92328789/ea18ceec-92f8-4322-b359-50e689a0ef72

Issues

Results might not be always consistent and for more complex queries they might not correct

https://github.com/elastic/kibana/assets/92328789/e3bedfd6-943c-4979-8708-f6c33d1756a6

vitaliidm avatar Mar 20 '24 18:03 vitaliidm