[9.1] [Security Solution] [GenAi] Use default LLM setting for security GenAi features (#234480)#236461
Merged
KDKHD merged 5 commits intoelastic:9.1from Sep 26, 2025
Merged
Conversation
…i features (elastic#234480) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR integrates the new [default LLM setting](elastic#231940) with the security solution GenAI features (AI assistant and Attack discovery). The default LLM setting allows admins to configure the preferred AI connector. This PR make sure that this setting is actually respected in the AI assistant and Attack discovery. ### How to test: - Start Kibana locally from this branch - Make sure you have at least 3 LLM connectors configured (can be preconfigured ones). - Go to stack management > advanced settings and switch the following setting to "Security AI assistant in other apps". (This will make testing a little bit easier) <img width="1954" height="133" alt="image" src="https://github.com/user-attachments/assets/12fc4313-b2a5-45f7-bca9-8e0e7ee7f19e" /> - Enable the feature flag by adding the following to kibana.dev.yml: ``` feature_flags.overrides.aiAssistant.defaultLlmSettingEnabled: true ``` - Go to the GenAi Settings page: http://localhost:5601/app/management/ai/genAiSettings - Select a default LLM: <img width="2524" height="775" alt="image" src="https://github.com/user-attachments/assets/d8c51f46-04d2-42bf-871b-735fa3849d30" /> - Save the setting change using the footer at the bottom of the page. - Open the Security AI assistant (if you changed the Assistant visibility setting, you can open the assistant from the GenAi page directly) - Check that the LLM connector for the conversation is the one you configured as the default LLM. Also, verify that you can still change the connector used in your conversation to one of your other connectors. - Change the LLM to a non-default connector for the conversation. - Once you select a non-default connector, chat with the assistant and then start a new conversation, your non-default connector should still be active for the new conversation. - Now back on the GenAi settings page, check the `Disallow all other connectors` checkbox. - Open the AI assistant again and go to the existing conversation that has a few messages inside. - You should see a red banner indicating that a connector needs to be selected. - If you open the connector selector, you should now only see the default LLM you have configured as an option. #### Attack Discovery In attack discovery, you should observe the same behavior. - Go to attack discovery http://localhost:5601/app/security/attack_discovery - Open the manual run config flyout <img width="3081" height="1184" alt="image" src="https://github.com/user-attachments/assets/a5a11f1e-8b0b-40d9-8937-6fe4497cbf10" /> - Verify that only the default LLM is available as the connector: <img width="1698" height="833" alt="image" src="https://github.com/user-attachments/assets/45b68d6c-6f36-487f-ba08-030f41c10545" /> - Go back to the GenAi settings page http://localhost:5601/app/management/ai/genAiSettings and deselect the `Disallow all other connectors` checkbox and select a different default connector. - Go to Attack Discovery and open the manual run config flyout again. - Check that by default, your new default connector is used. Also, verify that you now again have the option of changing the connector to any of the other configured connectors. ### TODO The designs of the connector selector for Attack discovery and the Assistant still need to be implemented. That will be done in a separate PR. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for feaures that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [X] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [X] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [X] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [X] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit b543b8c) # Conflicts: # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/conversations/conversation_settings/conversation_settings_editor.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.test.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/helpers.ts # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_management.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/assistant/settings/search_ai_lake_configurations_settings_management.test.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/connectorland/use_load_connectors/index.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/test_providers/test_providers.tsx # x-pack/platform/packages/shared/kbn-elastic-assistant/tsconfig.json # x-pack/platform/plugins/private/gen_ai_settings/public/components/default_ai_connector/default_ai_connector.tsx # x-pack/solutions/security/packages/ecs-data-quality-dashboard/impl/data_quality_panel/mock/test_providers/test_providers.tsx
Member
Author
|
/ci |
Contributor
💔 Build Failed
Failed CI StepsHistory
|
e40pud
approved these changes
Sep 26, 2025
10 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto9.1:Questions ?
Please refer to the Backport tool documentation