Elastic AI

the elastic ai connector enables direct interaction with elastic ai's conversational intelligence capabilities, allowing users to manage and engage with ai driven conversations elastic ai is a cutting edge conversational ai platform that leverages large language models to analyze and interpret complex security data this connector enables swimlane turbine users to integrate elastic ai's conversational capabilities directly into their security workflows, facilitating advanced analysis and decision making by harnessing the power of elastic ai, users can automate the generation of detailed incident reports, triage steps, and recommendations, all contextualized with mitre att\&ck data and elastic security features, enhancing the efficiency and accuracy of security operations the elastic ai connector allows for streamlined integration with elastic ai's conversational intelligence services, enabling automated conversation management and analysis elastic ai is a powerful language model platform that enables advanced communication and analysis capabilities this connector allows swimlane turbine users to integrate with elastic ai's conversational apis, facilitating real time interactions with large language models (llms) users can create, update, and manage ai driven conversations, leveraging elastic ai's capabilities to analyze security events, generate insights, and automate responses within the swimlane ecosystem the integration enhances security operations by providing actionable intelligence and streamlining incident analysis and triage through natural language processing prerequisites to effectively utilize the elastic ai connector within the swimlane turbine platform, ensure you have the following prerequisites api key authentication with the following parameters url endpoint for elastic ai services api key unique identifier for api access http basic authentication with the following parameters url endpoint for elastic ai services username account username for elastic ai password account password for elastic ai capabilities this connector provides the following capabilities complete chat create conversation delete conversation find conversations get conversation update conversations configurations elastic ai api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required port host port to use number optional x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional elastic ai http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions complete chat communicate with elastic ai's large language model, optionally persisting the conversation by creating or extending a session endpoint url /api/security ai assistant/chat/complete method post input argument name type required description conversationid string optional conversation id to append to messages and use as context refer to conversation apis connectorid string required id for an llm connector a kibana integration with the specific llm provider promptid string optional default conversation prompt id persist boolean required defines if the conversation should be created, or updated (if conversationid is provided) isstream boolean optional define the type of the response if isstream equals true, the result will be returned as streaming chunks model string optional name of a specific llm to use responselanguage string optional defines the language for the llm to respond in messages array required array of conversation messages role string required message role can be "user", "assistant" or "system" content string required message content to send to llm data object optional json object to include as context for the model event category string optional parameter for complete chat process pid number optional unique identifier host os version number optional parameter for complete chat host os name string optional name of the resource host name string optional name of the resource process name string optional name of the resource user name string optional name of the resource process working directory string optional parameter for complete chat event module string optional parameter for complete chat process executable string optional parameter for complete chat process args string optional parameter for complete chat message string optional response message fields to anonymize array optional list of fields in the data object to anonymize output parameter type description status code number http status code of the response reason string response reason phrase connector id string unique identifier data string response data trace data object response data transactionid string unique identifier traceid string unique identifier replacements object output field replacements dc00f5d9 bdf3 4517 b7ef de5a89f0d071 string output field dc00f5d9 bdf3 4517 b7ef de5a89f0d071 e4d4dc93 754e 4282 ac84 94fe72071ab1 string output field e4d4dc93 754e 4282 ac84 94fe72071ab1 2fede99b 5ec7 4274 b990 469b4110f7ba string output field 2fede99b 5ec7 4274 b990 469b4110f7ba 661a7e8f 42c3 4f8c a1bc 6ff1aa750034 string output field 661a7e8f 42c3 4f8c a1bc 6ff1aa750034 status string status value conversationid string unique identifier example \[ { "status code" 200, "response headers" { "cache control" "private, no cache, no store, must revalidate", "content length" "663", "content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ", "content security policy report only" "form action 'report sample' 'self'; report to violations endpoint", "content type" "application/json; charset=utf 8", "cross origin opener policy" "same origin", "date" "fri, 06 sep 2024 08 01 15 gmt", "elastic api version" "2023 10 31", "kbn license sig" "7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665", "kbn name" "instance 0000000001", "permissions policy" "camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), ", "referrer policy" "strict origin when cross origin", "reporting endpoints" "violations endpoint=\\"https //b04803c24d7b4d889da4894db78f841c us central1 gcp cl ", "x cloud request id" "wiayzcgfrb2ktbj8 o1rha", "x content type options" "nosniff" }, "reason" "ok", "json body" { "connector id" "my gpt4o ai", "data" "### elastic security case process stopped event\n\n#### description\na process nam ", "trace data" {}, "replacements" {}, "status" "ok", "conversationid" "df071e68 3c8e 4c0d b0e7 1557e80c0319" } } ] create conversation initiates a new conversation with the elastic ai assistant using a specified title endpoint url /api/security ai assistant/current user/conversations method post input argument name type required description title string required conversation title if you set it to "new chat", the ai will generate a title category string optional can be "assistant", "insights", or not defined messages array optional array of conversation messages content string optional message content to send to llm role string required message role can be "user", "assistant", or "system" iserror boolean optional define if the message is an error message instead of an llm response timestamp string optional timestamp when the message was sent tracedata object optional response data traceid string optional unique identifier transactionid string optional unique identifier apiconfig object optional conversation configuration actiontypeid string required kibana connector action type id connectorid string required kibana connector id defaultsystempromptid string required default system prompt id model string optional specific llm name isdefault boolean optional define if conversation is a system conversation which cannot be deleted defaults to false excludefromlastconversationstorage boolean optional defines if conversation can appear as the latest conversation replacements object optional parameter for create conversation field1 string optional list of the fields with anonymization output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier title string output field title category string output field category timestamp string output field timestamp updatedat string output field updatedat createdat string output field createdat replacements object output field replacements field1 string output field field1 users array output field users name string name of the resource messages array response message content string response content role string output field role timestamp string output field timestamp tracedata object response data transactionid string unique identifier traceid string unique identifier apiconfig object output field apiconfig connectorid string unique identifier actiontypeid string unique identifier defaultsystempromptid string unique identifier model string output field model isdefault boolean output field isdefault example \[ { "status code" 200, "response headers" { "cache control" "private, no cache, no store, must revalidate", "content length" "663", "content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ", "content security policy report only" "form action 'report sample' 'self'; report to violations endpoint", "content type" "application/json; charset=utf 8", "cross origin opener policy" "same origin", "date" "fri, 06 sep 2024 08 01 15 gmt", "elastic api version" "2023 10 31", "kbn license sig" "7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665", "kbn name" "instance 0000000001", "permissions policy" "camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), ", "referrer policy" "strict origin when cross origin", "reporting endpoints" "violations endpoint=\\"https //b04803c24d7b4d889da4894db78f841c us central1 gcp cl ", "x cloud request id" "wiayzcgfrb2ktbj8 o1rha", "x content type options" "nosniff" }, "reason" "ok", "json body" { "id" "2a786666 d082 4501 98b7 256dc3cc60ee", "title" "the conversation title ", "category" "assistant", "timestamp" "2024 09 06t08 01 14 586z", "updatedat" "2024 09 06t08 01 14 586z", "createdat" "2024 09 06t08 01 14 586z", "replacements" {}, "users" \[], "messages" \[], "apiconfig" {}, "isdefault" false, "excludefromlastconversationstorage" true, "namespace" "default" } } ] delete conversation remove a specific elastic ai assistant conversation using the provided conversation id endpoint url /api/security ai assistant/current user/conversations/{{id}} method delete input argument name type required description id string required the conversation id output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "cache control" "private, no cache, no store, must revalidate", "content length" "2", "content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ", "content security policy report only" "form action 'report sample' 'self'; report to violations endpoint", "content type" "application/json; charset=utf 8", "cross origin opener policy" "same origin", "date" "fri, 06 sep 2024 09 42 17 gmt", "elastic api version" "2023 10 31", "kbn license sig" "7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665", "kbn name" "instance 0000000001", "permissions policy" "camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), ", "referrer policy" "strict origin when cross origin", "reporting endpoints" "violations endpoint=\\"https //b04803c24d7b4d889da4894db78f841c us central1 gcp cl ", "x cloud request id" "c4vzroswrjikxelgb stma", "x content type options" "nosniff" }, "reason" "ok", "json body" {} } ] find conversations retrieve a list of conversations from elastic ai assistant specific to the current user endpoint url /api/security ai assistant/current user/conversations/ find method get input argument name type required description page number optional the page number to return defaults to 1 per page number optional the number of items to return per page defaults to 10 filter string optional the filter query to apply on the request sort field string optional the field to sort the results by sort order string optional the order to sort the results in fields string optional defines the fields of the document to return in the response output parameter type description status code number http status code of the response reason string response reason phrase perpage number output field perpage page number output field page total number output field total data array response data timestamp string output field timestamp createdat string output field createdat users array output field users id string unique identifier name string name of the resource title string output field title category string output field category apiconfig object output field apiconfig connectorid string unique identifier actiontypeid string unique identifier defaultsystempromptid string unique identifier model string output field model excludefromlastconversationstorage boolean output field excludefromlastconversationstorage isdefault boolean output field isdefault messages array response message timestamp string output field timestamp content string response content role string output field role tracedata object response data example \[ { "status code" 200, "response headers" { "accept ranges" "bytes", "cache control" "private, no cache, no store, must revalidate", "content length" "706", "content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ", "content security policy report only" "form action 'report sample' 'self'; report to violations endpoint", "content type" "application/json; charset=utf 8", "cross origin opener policy" "same origin", "date" "fri, 06 sep 2024 09 53 24 gmt", "elastic api version" "2023 10 31", "kbn license sig" "7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665", "kbn name" "instance 0000000001", "permissions policy" "camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), ", "referrer policy" "strict origin when cross origin", "reporting endpoints" "violations endpoint=\\"https //b04803c24d7b4d889da4894db78f841c us central1 gcp cl ", "x cloud request id" "mzfgsl28r3 bcz47rbgsda" }, "reason" "ok", "json body" { "perpage" 10, "page" 1, "total" 1, "data" \[] } } ] get conversation retrieves an existing conversation from elastic ai assistant using the specified conversation id endpoint url /api/security ai assistant/current user/conversations/{{id}} method get input argument name type required description id string required the conversation id output parameter type description status code number http status code of the response reason string response reason phrase timestamp string output field timestamp createdat string output field createdat users array output field users name string name of the resource title string output field title category string output field category apiconfig object output field apiconfig connectorid string unique identifier actiontypeid string unique identifier defaultsystempromptid string unique identifier model string output field model excludefromlastconversationstorage boolean output field excludefromlastconversationstorage isdefault boolean output field isdefault messages array response message timestamp string output field timestamp content string response content role string output field role tracedata object response data traceid string unique identifier transactionid string unique identifier updatedat string output field updatedat replacements object output field replacements field1 string output field field1 example \[ { "status code" 200, "response headers" { "accept ranges" "bytes", "cache control" "private, no cache, no store, must revalidate", "content length" "663", "content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ", "content security policy report only" "form action 'report sample' 'self'; report to violations endpoint", "content type" "application/json; charset=utf 8", "cross origin opener policy" "same origin", "date" "tue, 10 sep 2024 09 01 21 gmt", "elastic api version" "2023 10 31", "kbn license sig" "7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665", "kbn name" "instance 0000000001", "permissions policy" "camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), ", "referrer policy" "strict origin when cross origin", "reporting endpoints" "violations endpoint=\\"https //b04803c24d7b4d889da4894db78f841c us central1 gcp cl ", "x cloud request id" "w3mpkqq2tvwzoeo6v53 ha" }, "reason" "ok", "json body" { "timestamp" "2024 09 06t09 53 08 239z", "createdat" "2024 09 06t09 53 08 239z", "users" \[], "title" "the conversation title ", "category" "assistant", "apiconfig" {}, "excludefromlastconversationstorage" true, "isdefault" false, "messages" \[], "updatedat" "2024 09 06t09 53 08 239z", "replacements" {}, "namespace" "default", "id" "597cfbff 6074 45ee b681 d045b729aa44" } } ] update conversations update an existing conversation in elastic ai assistant using the specified conversation id and provided data endpoint url /api/security ai assistant/current user/conversations/{{id}} method put input argument name type required description id string required the conversation id id string required conversation id to update title string optional conversation title if you set it to "new chat", the ai will generate a title messages array optional array of conversation messages content string required message content to send to llm role string required message role can be "user", "assistant", or "system" iserror boolean optional define if the message is an error message instead of an llm response timestamp string optional timestamp when the message was sent apiconfig object optional conversation configuration actiontypeid string optional kibana connector action type id connectorid string optional kibana connector id defaultsystempromptid string optional default system prompt id model string optional llm specific model output parameter type description status code number http status code of the response reason string response reason phrase timestamp string output field timestamp createdat string output field createdat users array output field users id string unique identifier name string name of the resource title string output field title category string output field category apiconfig object output field apiconfig connectorid string unique identifier actiontypeid string unique identifier defaultsystempromptid string unique identifier model string output field model excludefromlastconversationstorage boolean output field excludefromlastconversationstorage isdefault boolean output field isdefault messages array response message timestamp string output field timestamp content string response content role string output field role tracedata object response data traceid string unique identifier transactionid string unique identifier updatedat string output field updatedat replacements object output field replacements example \[ { "status code" 200, "response headers" { "cache control" "private, no cache, no store, must revalidate", "content length" "663", "content security policy" "script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; styl ", "content security policy report only" "form action 'report sample' 'self'; report to violations endpoint", "content type" "application/json; charset=utf 8", "cross origin opener policy" "same origin", "date" "tue, 10 sep 2024 09 32 10 gmt", "elastic api version" "2023 10 31", "kbn license sig" "7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665", "kbn name" "instance 0000000001", "permissions policy" "camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), ", "referrer policy" "strict origin when cross origin", "reporting endpoints" "violations endpoint=\\"https //b04803c24d7b4d889da4894db78f841c us central1 gcp cl ", "x cloud request id" "2aw3m3swsm2qmuka5yvb7q", "x content type options" "nosniff" }, "reason" "ok", "json body" { "timestamp" "2024 09 06t09 53 08 239z", "createdat" "2024 09 06t09 53 08 239z", "users" \[], "title" "the conversation title ", "category" "assistant", "apiconfig" {}, "excludefromlastconversationstorage" true, "isdefault" false, "messages" \[], "updatedat" "2024 09 10t09 32 10 896z", "replacements" {}, "namespace" "default", "id" "597cfbff 6074 45ee b681 d045b729aa44" } } ] response headers header description example accept ranges http response header accept ranges bytes cache control directives for caching mechanisms private, no cache, no store, must revalidate content length the length of the response body in bytes 2 content security policy http response header content security policy script src 'report sample' 'self'; worker src 'report sample' 'self' blob ; style src 'report sample' 'self' 'unsafe inline'; report to violations endpoint content security policy report only http response header content security policy report only form action 'report sample' 'self'; report to violations endpoint content type the media type of the resource application/json; charset=utf 8 cross origin opener policy http response header cross origin opener policy same origin date the date and time at which the message was originated tue, 10 sep 2024 09 01 21 gmt elastic api version http response header elastic api version 2023 10 31 kbn license sig http response header kbn license sig 7185e757d262d256abd6cd3c45c959fda83e1b945e8acbca3d55d123d792c665 kbn name http response header kbn name instance 0000000001 permissions policy http response header permissions policy camera=(), display capture=(), fullscreen=(self), geolocation=(), microphone=(), web share=() referrer policy http response header referrer policy strict origin when cross origin reporting endpoints http response header reporting endpoints violations endpoint=" https //b04803c24d7b4d889da4894db78f841c us central1 gcp cloud es io 9243/internal/security/analytics/ record violations https //b04803c24d7b4d889da4894db78f841c us central1 gcp cloud es io 9243/internal/security/analytics/ record violations " x cloud request id http response header x cloud request id mzfgsl28r3 bcz47rbgsda x content type options http response header x content type options nosniff x found handling cluster http response header x found handling cluster b04803c24d7b4d889da4894db78f841c x found handling instance http response header x found handling instance instance 0000000001 notes elastic ai api documentation https //www elastic co/guide/en/security/current/assistant api overview\ html