[Security Assistant] Context prompts#224956
Conversation
stephmilovic
added
release_note:skip
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
| const styles = useStyles(); | ||
| const { isAssistantEnabled } = useDataQualityContext(); | ||
| const { isAssistantEnabled, httpFetch, toasts } = useDataQualityContext(); | ||
| const { |
There was a problem hiding this comment.
I tried for about 45 minutes to add tests for this, but the mocking logic in this package is extremely difficult to follow. Given the approaching feature freeze and lack of time, I ask that @elastic/security-threat-hunting-investigations add tests to this PR or forgive the missing tests.
There was a problem hiding this comment.
Sorry to hear that. Seems like your AssistantProvider file causes a circular imports issue that makes it impossible to jest mock components inside of it from outside. Will have a look at it some time later when I have time to pinpoint specifically where it happens.
Nevertheless I added tests and pushed to your branch.
To make this work, unfortunately had to completely mock out NewChat and remove assistant provider which makes it a blackbox from now on in our tests to test anything besides the immediate contract of your exposed components.
Also I spotted a slight uncovered edge case in title, fixed and tested it.
Let me know if it works for you
christineweng
left a comment
christineweng
left a comment
There was a problem hiding this comment.
Investigations changes LGTM. I pinged another team member on data quality tests
dplumlee
left a comment
dplumlee
left a comment
There was a problem hiding this comment.
Rule management changes LGTM
|
@elasticmachine merge upstream |
KDKHD
left a comment
KDKHD
left a comment
There was a problem hiding this comment.
Code changes look good! Ran locally and saw the API request being made and the prompts from the response being added into the Assistant.
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15865936770 |
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
History
|
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
(cherry picked from commit 2e384fb) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/index.ts # x-pack/platform/plugins/private/translations/translations/fr-FR.json # x-pack/platform/plugins/private/translations/translations/ja-JP.json # x-pack/platform/plugins/private/translations/translations/zh-CN.json # x-pack/solutions/security/plugins/security_solution/public/assistant/provider.tsx # x-pack/solutions/security/plugins/security_solution/public/plugin.tsx
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
# Backport This will backport the following commits from `main` to `8.19`: - [[Security Assistant] Context prompts (#224956)](#224956) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Steph Milovic","email":"stephanie.milovic@elastic.co"},"sourceCommit":{"committedDate":"2025-06-25T02:32:51Z","message":"[Security Assistant] Context prompts (#224956)","sha":"2e384fb0a56e84a2ea60c113fa009642e9fb8925","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0"],"title":"[Security Assistant] Context prompts","number":224956,"url":"https://github.com/elastic/kibana/pull/224956","mergeCommit":{"message":"[Security Assistant] Context prompts (#224956)","sha":"2e384fb0a56e84a2ea60c113fa009642e9fb8925"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224956","number":224956,"mergeCommit":{"message":"[Security Assistant] Context prompts (#224956)","sha":"2e384fb0a56e84a2ea60c113fa009642e9fb8925"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
| const promptContext = useObservable( | ||
| elasticAssistantSharedState.promptContexts.getPromptContext$(), | ||
| {} | ||
| ); |
There was a problem hiding this comment.
How come you needed to add this useObservable hook? Was it not enough to call elasticAssistantSharedState.promptContexts.setPromptContext(PROMPT_CONTEXTS) wheneverPROMPT_CONTEXTS changes?
There was a problem hiding this comment.
The useEffect was stack overflowing, crashed the app
8 participants
Summary
Implements the context prompts within the Security AI Prompts package. These prompts were client side only, so in order to fetch the prompts from the integration, a new find security AI prompts API was introduced. If the API fails, the prompts fallback to a client side
i18n'd version. The context prompts include:Alert/event analysis
Data Quality Dashboard
Rules
Imperfections
Given that this user prompt is executed in a conversation with a connector id, it would be nice to include the connector id in the request in case provider specific prompts are introduced. However, these prompts are currently stored in the assistant provider context. Because of the short turnaround required for this feature (I was asked to implement it shortly before feature freeze), I left the prompts in the provider context and did not implement a connector id as a requirement for the request. It would be nice to refactor this in the future, perhaps as a part of this issue: #219142
Cypress changes
We were checking if the correct user prompt was sent when these prompts are used. However, since it is now part of the Security AI Prompt package and the prompt can be changed out of band, this check could break if the integration is updated with a new prompt. Therefore, I removed this check.
Integrations PR
As this adds new prompts, the @elastic/security-generative-ai reviewer should also review this integrations PR: elastic/integrations#14296
The integrations PR includes new prompts from #224981