Elastic AI

the elastic ai connector enables direct interaction with elastic ai's conversational intelligence capabilities, allowing users to manage and engage with ai driven conversations elastic ai is a cutting edge conversational ai platform that leverages large language models to analyze and interpret complex security data this connector enables swimlane turbine users to integrate elastic ai's conversational capabilities directly into their security workflows, facilitating advanced analysis and decision making by harnessing the power of elastic ai, users can automate the generation of detailed incident reports, triage steps, and recommendations, all contextualized with mitre att\&ck data and elastic security features, enhancing the efficiency and accuracy of security operations the elastic ai connector allows for streamlined integration with elastic ai's conversational intelligence services, enabling automated conversation management and analysis elastic ai is a powerful language model platform that enables advanced communication and analysis capabilities this connector allows swimlane turbine users to integrate with elastic ai's conversational apis, facilitating real time interactions with large language models (llms) users can create, update, and manage ai driven conversations, leveraging elastic ai's capabilities to analyze security events, generate insights, and automate responses within the swimlane ecosystem the integration enhances security operations by providing actionable intelligence and streamlining incident analysis and triage through natural language processing prerequisites to effectively utilize the elastic ai connector within the swimlane turbine platform, ensure you have the following prerequisites api key authentication with the following parameters url endpoint for elastic ai services api key unique identifier for api access http basic authentication with the following parameters url endpoint for elastic ai services username account username for elastic ai password account password for elastic ai capabilities this connector provides the following capabilities complete chat create conversation delete conversation find conversations get conversation update conversations notes https //www elastic co/guide/en/security/current/assistant api overview\ html configurations elastic ai api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required port host port to use number optional x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional elastic ai http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions complete chat communicate with elastic ai's large language model, optionally persisting the conversation by creating or extending a session endpoint url /api/security ai assistant/chat/complete method post input argument name type required description conversationid string optional conversation id to append to messages and use as context refer to conversation apis connectorid string optional id for an llm connector a kibana integration with the specific llm provider promptid string optional default conversation prompt id persist boolean optional defines if the conversation should be created, or updated (if conversationid is provided) isstream boolean optional define the type of the response if isstream equals true, the result will be returned as streaming chunks model string optional name of a specific llm to use responselanguage string optional defines the language for the llm to respond in messages array optional array of conversation messages messages role string required message role can be "user", "assistant" or "system" messages content string required message content to send to llm messages data object optional json object to include as context for the model messages data event category string optional response data messages data process pid number optional response data messages data host os version number optional response data messages data host os name string optional response data messages data host name string optional response data messages data process name string optional response data messages data user name string optional response data messages data process working directory string optional response data messages data event module string optional response data messages data process executable string optional response data messages data process args string optional response data messages data message string optional response data messages fields to anonymize array optional list of fields in the data object to anonymize input example {"json body" {"conversationid" "df071e68 3c8e 4c0d b0e7 1557e80c0319","connectorid" "my gpt4o ai","promptid" "","persist"\ false,"isstream"\ false,"model" "","responselanguage" "","messages" \[{"role" "user","content" "evaluate the event from the context and format your output neatly in markdown syntax for my elastic security case \nadd your description, recommended actions and bulleted triage steps use the mitre att\&ck data provided to add more context and recommendations from mitre, and hyperlink to the relevant pages on mitre's website be sure to include the user and host risk score data from the context your response should include steps that point to elastic security specific features, including endpoint response actions, the elastic agent osquery manager integration (with example osquery queries), timelines and entity analytics and link to all the relevant elastic security documentation ","data" {"event category" "process","process pid" 69516,"host os version" 14 5,"host os name" "macos","host name" "test mbp","process name" "biomesyncd","user name" "usertest","process working directory" "/","event module" "system","process executable" "/usr/libexec/biomesyncd","process args" "/usr/libexec/biomesyncd","message" "process biomesyncd (pid 69516) by user usertest stopped"},"fields to anonymize" \["host os name","event module"]}]}} output parameter type description status code number http status code of the response reason string response reason phrase connector id string unique identifier data string response data trace data object response data trace data transactionid string response data trace data traceid string response data replacements object output field replacements replacements dc00f5d9 bdf3 4517 b7ef de5a89f0d071 string output field replacements dc00f5d9 bdf3 4517 b7ef de5a89f0d071 replacements e4d4dc93 754e 4282 ac84 94fe72071ab1 string output field replacements e4d4dc93 754e 4282 ac84 94fe72071ab1 replacements 2fede99b 5ec7 4274 b990 469b4110f7ba string output field replacements 2fede99b 5ec7 4274 b990 469b4110f7ba replacements 661a7e8f 42c3 4f8c a1bc 6ff1aa750034 string output field replacements 661a7e8f 42c3 4f8c a1bc 6ff1aa750034 status string status value conversationid string unique identifier output example {"status code" 200,"response headers" {"cache control" "private, no cache, no store, must revalidate","content length" "663","content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ","content security policy report only" "form action 'report sample' 'self'; report to violations endpoint","content type" "application/json; charset=utf 8","cross origin opener policy" "same origin","date" "fri, 06 sep 2024 08 01 15 gmt","elastic api version" "202 create conversation initiates a new conversation with the elastic ai assistant using a specified title endpoint url /api/security ai assistant/current user/conversations method post input argument name type required description title string optional conversation title if you set it to "new chat", the ai will generate a title category string optional can be "assistant", "insights", or not defined messages array optional array of conversation messages messages content string optional message content to send to llm messages role string required message role can be "user", "assistant", or "system" messages iserror boolean optional define if the message is an error message instead of an llm response messages timestamp string optional timestamp when the message was sent messages tracedata object optional response data messages tracedata traceid string optional response data messages tracedata transactionid string optional response data apiconfig object optional conversation configuration apiconfig actiontypeid string required kibana connector action type id apiconfig connectorid string required kibana connector id apiconfig defaultsystempromptid string required default system prompt id apiconfig model string optional specific llm name isdefault boolean optional define if conversation is a system conversation which cannot be deleted defaults to false excludefromlastconversationstorage boolean optional defines if conversation can appear as the latest conversation replacements object optional parameter for create conversation replacements field1 string optional list of the fields with anonymization input example {"json body" {"title" "the conversation title ","category" "assistant","messages" \[{"content" "test content","role" "user","iserror"\ false,"timestamp" "2019 12 13t16 40 33 400z","tracedata" {"traceid" "1234","transactionid" "2"}}],"apiconfig" {"actiontypeid" " gen ai","connectorid" "86ab 471c a00b 25b7e20c2d12","defaultsystempromptid" "default","model" "gpt 4o"},"isdefault"\ false,"excludefromlastconversationstorage"\ true,"replacements" {"field1" "914beb92 86ab 471c a00b"}}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier title string output field title category string output field category timestamp string output field timestamp updatedat string output field updatedat createdat string output field createdat replacements object output field replacements replacements field1 string output field replacements field1 users array output field users users name string name of the resource messages array response message messages content string response content messages role string response message messages timestamp string response message messages tracedata object response data messages tracedata transactionid string response data messages tracedata traceid string response data apiconfig object output field apiconfig apiconfig connectorid string unique identifier apiconfig actiontypeid string unique identifier apiconfig defaultsystempromptid string unique identifier apiconfig model string output field apiconfig model isdefault boolean output field isdefault output example {"status code" 200,"response headers" {"cache control" "private, no cache, no store, must revalidate","content length" "663","content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ","content security policy report only" "form action 'report sample' 'self'; report to violations endpoint","content type" "application/json; charset=utf 8","cross origin opener policy" "same origin","date" "fri, 06 sep 2024 08 01 15 gmt","elastic api version" "202 delete conversation remove a specific elastic ai assistant conversation using the provided conversation id endpoint url /api/security ai assistant/current user/conversations/{{id}} method delete input argument name type required description path parameters id string required the conversation id input example {"path parameters" {"id" "df071e68 3c8e 4c0d b0e7 1557e80c0319"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"cache control" "private, no cache, no store, must revalidate","content length" "2","content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ","content security policy report only" "form action 'report sample' 'self'; report to violations endpoint","content type" "application/json; charset=utf 8","cross origin opener policy" "same origin","date" "fri, 06 sep 2024 09 42 17 gmt","elastic api version" "2023 find conversations retrieve a list of conversations from elastic ai assistant specific to the current user endpoint url /api/security ai assistant/current user/conversations/ find method get input argument name type required description parameters page number optional the page number to return defaults to 1 parameters per page number optional the number of items to return per page defaults to 10 parameters filter string optional the filter query to apply on the request parameters sort field string optional the field to sort the results by parameters sort order string optional the order to sort the results in parameters fields string optional defines the fields of the document to return in the response input example {"parameters" {"page" 1,"per page" 10,"filter" "","sort field" "title","sort order" "asc","fields" ""}} output parameter type description status code number http status code of the response reason string response reason phrase perpage number output field perpage page number output field page total number output field total data array response data data timestamp string response data data createdat string response data data users array response data data users id string response data data users name string response data data title string response data data category string response data data apiconfig object response data data apiconfig connectorid string response data data apiconfig actiontypeid string response data data apiconfig defaultsystempromptid string response data data apiconfig model string response data data excludefromlastconversationstorage boolean response data data isdefault boolean response data data messages array response data data messages timestamp string response data data messages content string response data data messages role string response data data messages tracedata object response data output example {"status code" 200,"response headers" {"accept ranges" "bytes","cache control" "private, no cache, no store, must revalidate","content length" "706","content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ","content security policy report only" "form action 'report sample' 'self'; report to violations endpoint","content type" "application/json; charset=utf 8","cross origin opener policy" "same origin","date" "fri, 06 sep 2024 09 53 24 gmt","e get conversation retrieves an existing conversation from elastic ai assistant using the specified conversation id endpoint url /api/security ai assistant/current user/conversations/{{id}} method get input argument name type required description path parameters id string required the conversation id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase timestamp string output field timestamp createdat string output field createdat users array output field users users name string name of the resource title string output field title category string output field category apiconfig object output field apiconfig apiconfig connectorid string unique identifier apiconfig actiontypeid string unique identifier apiconfig defaultsystempromptid string unique identifier apiconfig model string output field apiconfig model excludefromlastconversationstorage boolean output field excludefromlastconversationstorage isdefault boolean output field isdefault messages array response message messages timestamp string response message messages content string response content messages role string response message messages tracedata object response data messages tracedata traceid string response data messages tracedata transactionid string response data updatedat string output field updatedat replacements object output field replacements replacements field1 string output field replacements field1 output example {"status code" 200,"response headers" {"accept ranges" "bytes","cache control" "private, no cache, no store, must revalidate","content length" "663","content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ","content security policy report only" "form action 'report sample' 'self'; report to violations endpoint","content type" "application/json; charset=utf 8","cross origin opener policy" "same origin","date" "tue, 10 sep 2024 09 01 21 gmt","e update conversations update an existing conversation in elastic ai assistant using the specified conversation id and provided data endpoint url /api/security ai assistant/current user/conversations/{{id}} method put input argument name type required description path parameters id string required the conversation id id string optional conversation id to update title string optional conversation title if you set it to "new chat", the ai will generate a title messages array optional array of conversation messages messages content string required message content to send to llm messages role string required message role can be "user", "assistant", or "system" messages iserror boolean optional define if the message is an error message instead of an llm response messages timestamp string optional timestamp when the message was sent apiconfig object optional conversation configuration apiconfig actiontypeid string optional kibana connector action type id apiconfig connectorid string optional kibana connector id apiconfig defaultsystempromptid string optional default system prompt id apiconfig model string optional llm specific model input example {"json body" {"id" "a696901d efff 4871 acbe 8123af841932","title" "the conversation title ","messages" \[{"content" "test content","role" "user","iserror"\ false,"timestamp" "2019 12 13t16 40 33 400z"}],"apiconfig" {"actiontypeid" " gen ai","connectorid" "86ab 471c a00b 25b7e20c2d12","defaultsystempromptid" "default","model" "gpt 4o"}},"path parameters" {"id" "df071e68 3c8e 4c0d b0e7 1557e80c0319"}} output parameter type description status code number http status code of the response reason string response reason phrase timestamp string output field timestamp createdat string output field createdat users array output field users users id string unique identifier users name string name of the resource title string output field title category string output field category apiconfig object output field apiconfig apiconfig connectorid string unique identifier apiconfig actiontypeid string unique identifier apiconfig defaultsystempromptid string unique identifier apiconfig model string output field apiconfig model excludefromlastconversationstorage boolean output field excludefromlastconversationstorage isdefault boolean output field isdefault messages array response message messages timestamp string response message messages content string response content messages role string response message messages tracedata object response data messages tracedata traceid string response data messages tracedata transactionid string response data updatedat string output field updatedat replacements object output field replacements output example {"status code" 200,"response headers" {"cache control" "private, no cache, no store, must revalidate","content length" "663","content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ","content security policy report only" "form action 'report sample' 'self'; report to violations endpoint","content type" "application/json; charset=utf 8","cross origin opener policy" "same origin","date" "tue, 10 sep 2024 09 32 10 gmt","elastic api version" "202 response headers header description example accept ranges http response header accept ranges bytes cache control directives for caching mechanisms private, no cache, no store, must revalidate content length the length of the response body in bytes 706 content security policy http response header content security policy script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; style src 'report sample' 'self' 'unsafe inline'; report to violations endpoint content security policy report only http response header content security policy report only form action 'report sample' 'self'; report to violations endpoint content type the media type of the resource application/json; charset=utf 8 cross origin opener policy http response header cross origin opener policy same origin date the date and time at which the message was originated fri, 06 sep 2024 08 01 15 gmt elastic api version http response header elastic api version 2023 10 31 kbn license sig http response header kbn license sig 7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665 kbn name http response header kbn name instance 0000000001 permissions policy http response header permissions policy camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), web share=() referrer policy http response header referrer policy strict origin when cross origin reporting endpoints http response header reporting endpoints violations endpoint=" https //b04803c24d7b4d889da4894db78f841c us central1 gcp cloud es io 9243/internal/security/analytics/ record violations " x cloud request id http response header x cloud request id w3mpkqq2tvwzoeo6v53 ha x content type options http response header x content type options nosniff x found handling cluster http response header x found handling cluster b04803c24d7b4d889da4894db78f841c x found handling instance http response header x found handling instance instance 0000000001