From 9fdd8e79c7c5bb2631ca00281fb6e7f2c35b2907 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 23 Apr 2025 15:53:35 -0700 Subject: [PATCH 1/4] Updates AI example workflows page --- solutions/security/ai/use-cases.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/solutions/security/ai/use-cases.md b/solutions/security/ai/use-cases.md index 48f718bf1b..41884cb0f8 100644 --- a/solutions/security/ai/use-cases.md +++ b/solutions/security/ai/use-cases.md @@ -8,7 +8,7 @@ applies_to: security: all --- -# Example AI workflows +# AI use cases The guides in this section describe example workflows for AI Assistant and Attack discovery. Refer to them for examples of each tool’s individual capabilities and how they can work together. @@ -18,6 +18,12 @@ The guides in this section describe example workflows for AI Assistant and Attac For general information, refer to [AI Assistant](/solutions/security/ai/ai-assistant.md) or [Attack discovery](/solutions/security/ai/attack-discovery.md). +## Other AI-powered tools +In addition to AI Assistant and Attack Discovery, {{elastic-sec}} provides several other AI-powered tools for specific use-cases. These include: + +* [Automatic Import](../security/get-started/automatic-import.md): helps you quickly parse, ingest, and create [ECS mappings](https://www.elastic.co/elasticsearch/common-schema) for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. +* [Automatic Migration](../security/get-started/automatic-migration.md): helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. +* [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md): helps you quickly check whether your endpoints have third-party AV software installed by analyzing file event logs from your hosts to determine whether antivirus software is present. From there, you can address any incompatibilities to make sure your endpoints are protected. From 03656038e8842b5ed21a949e001e3b9adaf100eb Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 24 Apr 2025 09:18:47 -0700 Subject: [PATCH 2/4] fixes links --- solutions/security/ai/use-cases.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solutions/security/ai/use-cases.md b/solutions/security/ai/use-cases.md index 41884cb0f8..7c807e9357 100644 --- a/solutions/security/ai/use-cases.md +++ b/solutions/security/ai/use-cases.md @@ -22,8 +22,8 @@ For general information, refer to [AI Assistant](/solutions/security/ai/ai-assis In addition to AI Assistant and Attack Discovery, {{elastic-sec}} provides several other AI-powered tools for specific use-cases. These include: -* [Automatic Import](../security/get-started/automatic-import.md): helps you quickly parse, ingest, and create [ECS mappings](https://www.elastic.co/elasticsearch/common-schema) for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. -* [Automatic Migration](../security/get-started/automatic-migration.md): helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. +* [Automatic Import](/solutions/security/get-started/automatic-import.md): helps you quickly parse, ingest, and create [ECS mappings](https://www.elastic.co/elasticsearch/common-schema) for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. +* [Automatic Migration](/solugions/security/get-started/automatic-migration.md): helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. * [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md): helps you quickly check whether your endpoints have third-party AV software installed by analyzing file event logs from your hosts to determine whether antivirus software is present. From there, you can address any incompatibilities to make sure your endpoints are protected. From f4d817178d84d75c0187b29d0052f0cf056eb070 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 24 Apr 2025 09:21:34 -0700 Subject: [PATCH 3/4] fixes link --- solutions/security/ai/use-cases.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/ai/use-cases.md b/solutions/security/ai/use-cases.md index 7c807e9357..10ec25ac83 100644 --- a/solutions/security/ai/use-cases.md +++ b/solutions/security/ai/use-cases.md @@ -23,7 +23,7 @@ For general information, refer to [AI Assistant](/solutions/security/ai/ai-assis In addition to AI Assistant and Attack Discovery, {{elastic-sec}} provides several other AI-powered tools for specific use-cases. These include: * [Automatic Import](/solutions/security/get-started/automatic-import.md): helps you quickly parse, ingest, and create [ECS mappings](https://www.elastic.co/elasticsearch/common-schema) for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. -* [Automatic Migration](/solugions/security/get-started/automatic-migration.md): helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. +* [Automatic Migration](/solutions/security/get-started/automatic-migration.md): helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. * [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md): helps you quickly check whether your endpoints have third-party AV software installed by analyzing file event logs from your hosts to determine whether antivirus software is present. From there, you can address any incompatibilities to make sure your endpoints are protected. From c033faa5fe154d4a2284de7ff7e39ce5a0ca9596 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Thu, 24 Apr 2025 14:00:52 -0700 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- solutions/security/ai/use-cases.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/solutions/security/ai/use-cases.md b/solutions/security/ai/use-cases.md index 10ec25ac83..6a1d94a451 100644 --- a/solutions/security/ai/use-cases.md +++ b/solutions/security/ai/use-cases.md @@ -20,10 +20,10 @@ For general information, refer to [AI Assistant](/solutions/security/ai/ai-assis ## Other AI-powered tools -In addition to AI Assistant and Attack Discovery, {{elastic-sec}} provides several other AI-powered tools for specific use-cases. These include: +In addition to AI Assistant and Attack Discovery, {{elastic-sec}} provides several other AI-powered tools for specific use cases. These include: -* [Automatic Import](/solutions/security/get-started/automatic-import.md): helps you quickly parse, ingest, and create [ECS mappings](https://www.elastic.co/elasticsearch/common-schema) for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. -* [Automatic Migration](/solutions/security/get-started/automatic-migration.md): helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. -* [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md): helps you quickly check whether your endpoints have third-party AV software installed by analyzing file event logs from your hosts to determine whether antivirus software is present. From there, you can address any incompatibilities to make sure your endpoints are protected. +* [Automatic Import](/solutions/security/get-started/automatic-import.md): Helps you quickly parse, ingest, and create [ECS mappings](https://www.elastic.co/elasticsearch/common-schema) for data from sources that don’t yet have prebuilt Elastic integrations. This can accelerate your migration to {{elastic-sec}}, and help you quickly add new data sources to an existing SIEM solution in {{elastic-sec}}. +* [Automatic Migration](/solutions/security/get-started/automatic-migration.md): Helps you quickly convert SIEM rules from the Splunk Processing Language (SPL) to the Elasticsearch Query Language ({{esql}}). If comparable Elastic-authored rules exist, it simplifies onboarding by mapping your rules to them. Otherwise, it creates custom rules on the fly so you can verify and edit them instead of writing them from scratch. +* [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md): Helps you quickly check whether your endpoints have third-party AV software installed by analyzing file event logs from your hosts to determine whether antivirus software is present. From there, you can address any incompatibilities to make sure your endpoints are protected.