diff --git a/explore-analyze/ai-features.md b/explore-analyze/ai-features.md index 41789681d3..61fa1372dd 100644 --- a/explore-analyze/ai-features.md +++ b/explore-analyze/ai-features.md @@ -145,3 +145,14 @@ This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides * **Third-party antivirus (AV) software**: Identify installed third-party antivirus (AV) products that might conflict with {{elastic-defend}}. This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). + + +### Entity summary +```yaml {applies_to} +stack: ga 9.3 +serverless: ga +``` + +[Entity summary](/solutions/security/advanced-entity-analytics/view-entity-details.md#entity-summary), available in the entity details flyout, uses AI to generate a summary of a user's or host's security context. It aggregates information such as risk scores, asset criticality, vulnerabilities, and {{ml}} anomalies to provide a consolidated view of the entity's security posture. The summary helps you prioritize investigations and identify recommended next steps. + +This feature requires an [LLM connector](/explore-analyze/ai-features/llm-guides/llm-connectors.md). diff --git a/solutions/images/security-entity-summary.png b/solutions/images/security-entity-summary.png new file mode 100644 index 0000000000..f8ee201c2c Binary files /dev/null and b/solutions/images/security-entity-summary.png differ diff --git a/solutions/images/security-host-details-flyout.png b/solutions/images/security-host-details-flyout.png index a5a960a596..6b0b9e0e92 100644 Binary files a/solutions/images/security-host-details-flyout.png and b/solutions/images/security-host-details-flyout.png differ diff --git a/solutions/security/advanced-entity-analytics/view-entity-details.md b/solutions/security/advanced-entity-analytics/view-entity-details.md index 07a44a8e0c..fafa272bc6 100644 --- a/solutions/security/advanced-entity-analytics/view-entity-details.md +++ b/solutions/security/advanced-entity-analytics/view-entity-details.md @@ -18,6 +18,7 @@ You can learn more about an entity (host, user, or service) from the entity deta The entity details flyout includes the following sections: +* {applies_to}`serverless: ga` {applies_to}`stack: ga 9.3` [Entity summary](#entity-summary), which allows you to generate an AI summary of the entity. * [Entity risk summary](#entity-risk-summary), which displays entity risk data and inputs. * [Asset Criticality](#asset-criticality), which allows you to view and assign asset criticality. * [Insights](#insights), which displays vulnerabilities or misconfiguration findings for the entity. @@ -28,6 +29,40 @@ The entity details flyout includes the following sections: :screenshot: ::: +### Entity summary +```yaml {applies_to} +stack: ga 9.3 +serverless: ga +``` + +::::{note} +* To generate an AI summary, you need to configure a [generative AI connector](kibana://reference/connectors-kibana/gen-ai-connectors.md). +* This feature is only available for users and hosts. +:::: + +The **Entity summary** section allows you to generate an AI-powered summary of the entity's security context. Click **Generate** to create a comprehensive overview that aggregates information from: + +* Risk scores and risk inputs +* Asset criticality levels +* Vulnerabilities and misconfigurations +* {{ml-cap}} anomalies associated with the entity + +The summary provides a consolidated view of the entity's security posture, helping you quickly assess its significance and prioritize investigations. It includes information such as: + +* The entity's current risk score with details about which alerts or rules contribute most significantly to the score +* The entity's asset criticality level and how it contributes to the overall risk score +* Details about detected vulnerabilities, including CVE identifiers, CVSS scores, affected packages or systems, and remediation guidance +* Recommended next steps based on the entity's security posture, such as updating vulnerable packages, investigating specific alerts, or implementing additional security controls + +::::{tip} +If you have [AI Assistant](/solutions/security/ai/ai-assistant.md) set up, you can select **More actions** ({icon}`boxes_vertical`) → **Ask AI Assistant** to continue the conversation about the entity in AI Assistant. +:::: + +:::{image} /solutions/images/security-entity-summary.png +:alt: Entity summary +:screenshot: +::: + ### Entity risk summary ::::{admonition} Requirements