[Security Solution] [GenAi] Use default LLM setting for security GenAi features#234480
Merged
KDKHD merged 20 commits intoelastic:mainfrom Sep 25, 2025
Merged
[Security Solution] [GenAi] Use default LLM setting for security GenAi features#234480KDKHD merged 20 commits intoelastic:mainfrom
KDKHD merged 20 commits intoelastic:mainfrom
Conversation
KDKHD
force-pushed
the
feature/default-llm-security
branch
from
a093286 to
267845a
Compare
qn895
reviewed
Sep 9, 2025
...atform/packages/shared/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx
Outdated
Show resolved
Hide resolved
qn895
reviewed
Sep 9, 2025
...atform/packages/shared/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx
Outdated
Show resolved
Hide resolved
qn895
reviewed
Sep 9, 2025
| const allAiConnectors = connectors.flatMap((connector) => { | ||
| if (!connector.isMissingSecrets && actionTypes.includes(connector.actionTypeId)) { | ||
| acc.push({ | ||
| const aiConnector: AIConnector = { |
PhilippeOberti
approved these changes
Sep 9, 2025
Contributor
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Approving for @elastic/security-threat-hunting-investigations team as only a small change in a single file impacts us.
A PR description would be nice though 😉
KDKHD
changed the title
KDKHD
changed the title
KDKHD
added
release_note:skip
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/insights/workflow_insights_scan.tsx
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/api/chat_complete/use_chat_complete.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant_context/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/connector_selector/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/elastic_assistant/public/src/context/assistant_context/assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/create_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/details_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/insights/workflow_insights_scan.tsx # x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/assistant/assistant_card.tsx
Member
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
rbrtj
pushed a commit
to rbrtj/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/api/chat_complete/use_chat_complete.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant_context/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/platform/plugins/private/gen_ai_settings/public/contexts/settings_context.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/elastic_assistant/public/src/context/assistant_context/assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/create_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/details_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/assistant/assistant_card.tsx
nickpeihl
pushed a commit
to nickpeihl/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this pull request
Sep 25, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
VladimirFilonov
pushed a commit
to VladimirFilonov/kibana
that referenced
this pull request
Sep 26, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
KDKHD
added a commit
to KDKHD/kibana
that referenced
this pull request
Sep 26, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/api/chat_complete/use_chat_complete.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant_context/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx # x-pack/solutions/security/plugins/elastic_assistant/public/src/context/assistant_context/assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/create_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/settings_flyout/schedule/details_flyout/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/mock/mock_assistant_provider.tsx # x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/assistant/assistant_card.tsx
Member
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
KDKHD
added a commit
that referenced
this pull request
Sep 26, 2025
…y GenAi features (#234480) (#236461) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
KDKHD
added a commit
that referenced
this pull request
Sep 26, 2025
…ty GenAi features (#234480) (#236464) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236461","number":236461,"state":"OPEN"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine
added
v8.19.5
backport missing
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
KDKHD
added a commit
that referenced
this pull request
Sep 29, 2025
…y GenAi features (#234480) (#236587) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236461","number":236461,"state":"OPEN"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236473","number":236473,"state":"OPEN"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236464","number":236464,"state":"OPEN"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
…i features (#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
delanni
pushed a commit
that referenced
this pull request
Sep 30, 2025
…ty GenAi features (#234480) (#236473) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)](#234480) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Kenneth Kreindler","email":"42113355+KDKHD@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-25T10:14:26Z","message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.2.0","v9.1.4","v9.0.7","v8.18.7","v8.19.4"],"title":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features","number":234480,"url":"https://github.com/elastic/kibana/pull/234480","mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234480","number":234480,"mergeCommit":{"message":"[Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)\n\n## Summary\n\nSummarize your PR. If it involves visual changes include a screenshot or\ngif.\n\nThis PR integrates the new [default LLM\nsetting](#231940) with the\nsecurity solution GenAI features (AI assistant and Attack discovery).\nThe default LLM setting allows admins to configure the preferred AI\nconnector. This PR make sure that this setting is actually respected in\nthe AI assistant and Attack discovery.\n\n### How to test: \n- Start Kibana locally from this branch\n- Make sure you have at least 3 LLM connectors configured (can be\npreconfigured ones).\n- Go to stack management > advanced settings and switch the following\nsetting to \"Security AI assistant in other apps\". (This will make\ntesting a little bit easier)\n<img width=\"1954\" height=\"133\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e\"\n/>\n\n- Enable the feature flag by adding the following to kibana.dev.yml: \n\n```\nfeature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true\n```\n\n- Go to the GenAi Settings page:\nhttp://localhost:5601/app/management/ai/genAiSettings\n- Select a default LLM:\n\n<img width=\"2524\" height=\"775\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30\"\n/>\n\n- Save the setting change using the footer at the bottom of the page.\n- Open the Security AI assistant (if you changed the Assistant\nvisibility setting, you can open the assistant from the GenAi page\ndirectly)\n- Check that the LLM connector for the conversation is the one you\nconfigured as the default LLM. Also, verify that you can still change\nthe connector used in your conversation to one of your other connectors.\n- Change the LLM to a non-default connector for the conversation.\n- Once you select a non-default connector, chat with the assistant and\nthen start a new conversation, your non-default connector should still\nbe active for the new conversation.\n- Now back on the GenAi settings page, check the `Disallow all other\nconnectors` checkbox.\n- Open the AI assistant again and go to the existing conversation that\nhas a few messages inside.\n- You should see a red banner indicating that a connector needs to be\nselected.\n- If you open the connector selector, you should now only see the\ndefault LLM you have configured as an option.\n\n#### Attack Discovery\nIn attack discovery, you should observe the same behavior.\n\n- Go to attack discovery\nhttp://localhost:5601/app/security/attack_discovery\n- Open the manual run config flyout\n<img width=\"3081\" height=\"1184\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10\"\n/>\n\n- Verify that only the default LLM is available as the connector:\n\n<img width=\"1698\" height=\"833\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545\"\n/>\n\n- Go back to the GenAi settings page\nhttp://localhost:5601/app/management/ai/genAiSettings and deselect the\n`Disallow all other connectors` checkbox and select a different default\nconnector.\n- Go to Attack Discovery and open the manual run config flyout again.\n- Check that by default, your new default connector is used. Also,\nverify that you now again have the option of changing the connector to\nany of the other configured connectors.\n\n### TODO\nThe designs of the connector selector for Attack discovery and the\nAssistant still need to be implemented. That will be done in a separate\nPR.\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [X] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [X]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for feaures that require explanation or tutorials\n- [X] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [X] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [X] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [X] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [X] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [X] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"b543b8c8fbb0527bd704984946bc240af8104bc2"}},{"branch":"9.1","label":"v9.1.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236461","number":236461,"state":"OPEN"},{"branch":"9.0","label":"v9.0.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/236464","number":236464,"state":"OPEN"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added
v8.18.8
and removed
backport missing
Member
Author
|
All backports merged:
|
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
This PR integrates the new default LLM setting with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery.
How to test:
Disallow all other connectorscheckbox.Attack Discovery
In attack discovery, you should observe the same behavior.
Disallow all other connectorscheckbox and select a different default connector.TODO
The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR.
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.