Skip to content

Commit

Permalink
Merge branch '8.14' into mergify/bp/8.14/pr-5358
Browse files Browse the repository at this point in the history
  • Loading branch information
benironside authored Jun 10, 2024
2 parents 0d6d5e1 + e95a049 commit cd85f66
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions docs/attack-discovery/attack-discovery.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,24 @@

preview::["This feature is in technical preview. It may change in the future, and you should exercise caution when using it in production environments. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of GA features."]

NOTE: This feature is available starting with {elastic-sec} version 8.14.0.

Attack discovery leverages large language models (LLMs) to analyze alerts in your environment and identify threats. Each "discovery" represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. This can help make the most of each security analyst's time, fight alert fatigue, and reduce your mean time to respond.

For a demo, refer to the following video.
=======
++++
<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js"></script>
<img
style="width: 100%; margin: auto; display: block;"
class="vidyard-player-embed"
src="https://play.vidyard.com/eT92arEbpRddmSM4JeyzdX.jpg"
data-uuid="eT92arEbpRddmSM4JeyzdX"
data-v="4"
data-type="inline"
/>
</br>
++++
=======

This page describes:

* <<attack-discovery-generate-discoveries, How to generate discoveries>>
Expand All @@ -38,7 +52,7 @@ image::images/select-model-empty-state.png[]
+
. Once you've selected a connector, click **Generate** to start the analysis.

It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery only analyzes alerts from the past 24 hours.
It may take from a few seconds up to several minutes to generate discoveries, depending on the number of alerts and the model you selected. Note that Attack discovery is in technical preview and will only analyze opened and acknowleged alerts from the past 24 hours.

IMPORTANT: Attack discovery uses the same data anonymization settings as <<security-assistant, Elastic AI Assistant>>. To configure which alert fields are sent to the LLM and which of those fields are obfuscated, use the Elastic AI Assistant settings. Consider the privacy policies of third-party LLMs before sending them sensitive data.

Expand Down

0 comments on commit cd85f66

Please sign in to comment.