[AI assistant] Add setting to configure default LLM#231940
Merged
KDKHD merged 30 commits intoelastic:mainfrom Aug 29, 2025
Merged
[AI assistant] Add setting to configure default LLM#231940KDKHD merged 30 commits intoelastic:mainfrom
KDKHD merged 30 commits intoelastic:mainfrom
Conversation
KDKHD
force-pushed
the
feature/default-llm-setting
branch
from
16dbc05 to
779ffdc
Compare
KDKHD
changed the title
KDKHD
force-pushed
the
feature/default-llm-setting
branch
from
e84b84c to
3563bde
Compare
Member
Author
|
@elasticmachine merge upstream |
KDKHD
added
ci:project-deploy-security
10 tasks
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
KDKHD
added
backport:skip
kibanamachine
removed
the
backport missing
KDKHD
added
backport missing
kibanamachine
removed
the
backport missing
Member
Author
|
This PR could not be backported; instead, the setting was rebuilt for 9.1, 9.0, 8.19, 8.18 here: #233874 |
KDKHD
added a commit
that referenced
this pull request
Sep 25, 2025
…i features (#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. Follow-up to this change: elastic#231940 The PR linked above could not be backported to 8.18, 9.19, 9.1 because the GenAi settings page where the setting was added to does not exist in the versions just listed. As this setting is needed on these version, this PR is required. This PR adds the Default LLM setting to the Security, Obs & ES AI settings pages. <img width="1855" height="1171" alt="image" src="https://github.com/user-attachments/assets/ab09be60-97b6-40d4-bcfc-5e9859360502" /> <img width="1855" height="1171" alt="image" src="https://github.com/user-attachments/assets/b8c1ae43-e1ee-4f42-bbcb-d7f67be6a598" /> <img width="1855" height="1171" alt="image" src="https://github.com/user-attachments/assets/5647de7f-d1de-4e46-9940-f165b1ef8b7b" /> <img width="1855" height="1171" alt="image" src="https://github.com/user-attachments/assets/791c953e-a321-419c-a121-66974a6f8b34" /> ### How to test: - Enable the feature flag. Add `feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true` to kibana.dev.yml - Start Kibana and go to http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=connectors or http://localhost:5601/app/management/kibana/observabilityAiAssistantManagement - You should see the `genAiSettings:defaultAIConnector` setting. Changing the setting won't do anything just yet as changes within the assistants still need to be configured. TODO: When the feature flag is lifted, we should remove the following Kibana advanced setting as this one will rpelace it: <img width="2412" height="198" alt="image" src="https://github.com/user-attachments/assets/f3d1c421-f7c5-42b9-b5dc-85c29b8ef3eb" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 6141299) # Conflicts: # src/platform/packages/shared/kbn-management/settings/setting_ids/index.ts # src/platform/plugins/private/kibana_usage_collection/server/collectors/management/schema.ts # src/platform/plugins/private/kibana_usage_collection/server/collectors/management/types.ts # src/platform/plugins/shared/ai_assistant_management/selection/server/plugin.test.ts # src/platform/plugins/shared/ai_assistant_management/selection/server/plugin.ts # src/platform/plugins/shared/ai_assistant_management/selection/tsconfig.json # src/platform/plugins/shared/telemetry/schema/oss_platform.json # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/ai_for_soc_connector_settings_management/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/observability_ai_assistant_management/public/routes/components/settings_tab/settings_tab.test.tsx # x-pack/platform/plugins/private/observability_ai_assistant_management/public/routes/components/settings_tab/ui_settings.tsx # x-pack/platform/plugins/private/observability_ai_assistant_management/tsconfig.json # x-pack/solutions/security/plugins/security_solution/public/assistant/stack_management/management_settings.tsx # x-pack/solutions/security/plugins/security_solution/public/configurations/tabs/ai_settings.test.tsx # x-pack/solutions/security/plugins/security_solution/public/configurations/tabs/ai_settings.tsx
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/insights/workflow_insights_scan.tsx
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/api/chat_complete/use_chat_complete.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant_context/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/elastic_assistant/public/src/context/assistant_context/assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/create_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/details_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/insights/workflow_insights_scan.tsx # x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/assistant/assistant_card.tsx
rbrtj
pushed a commit
to rbrtj/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/api/chat_complete/use_chat_complete.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant_context/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/platform/plugins/private/gen_ai_settings/public/contexts/settings_context.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/elastic_assistant/public/src/context/assistant_context/assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/create_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/details_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/assistant/assistant_card.tsx
nickpeihl
pushed a commit
to nickpeihl/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
VladimirFilonov
pushed a commit
to VladimirFilonov/kibana
that referenced
this pull request
Sep 26, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 26, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/api/chat_complete/use_chat_complete.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant_context/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/elastic_assistant/public/src/context/assistant_context/assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/create_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/details_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/assistant/assistant_card.tsx
KDKHD
added a commit
that referenced
this pull request
Sep 26, 2025
…y GenAi features (#234480) (#236461) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
KDKHD
added a commit
that referenced
this pull request
Sep 26, 2025
…ty GenAi features (#234480) (#236464) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236461","number":236461,"state":"OPEN"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
KDKHD
added a commit
that referenced
this pull request
Sep 29, 2025
…y GenAi features (#234480) (#236587) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236461","number":236461,"state":"OPEN"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236473","number":236473,"state":"OPEN"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236464","number":236464,"state":"OPEN"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
…i features (#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
delanni
pushed a commit
that referenced
this pull request
Sep 30, 2025
…ty GenAi features (#234480) (#236473) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236461","number":236461,"state":"OPEN"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236464","number":236464,"state":"OPEN"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
Introduces a new setting in
/app/management/ai/genAiSettingsthat allows users to configure the default LLM. Currently, the setting is disabled since the changes in the assistants still need to be finalised. Once the changes in the assistants are completed, the settings can be made writable.Warning
When reading the setting
genAiSettings:defaultAIConnectorandgenAiSettings:defaultAIConnectorOnlyfrom uiSettings, you must handle the case where the default connector that is currently set does not exist anymore (because it was deleted). In that case, you should fall back to "No default connector selected".While we wait for the changes within the assistants, this setting will be disabled:
Access to modify these settings is permissioned by the Management > Advanced Settings in role privileges:
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.