diff --git a/solutions/_snippets/value-report-intro.md b/solutions/_snippets/value-report-intro.md new file mode 100644 index 0000000000..8d14f69ce6 --- /dev/null +++ b/solutions/_snippets/value-report-intro.md @@ -0,0 +1,11 @@ +The **Value report** page estimates your savings from using Elastic's AI SOC features for alert triage, in terms of **Analyst time saved** and **Cost Savings**. The message at the top of the page explains how those numbers were determined, and how many alerts were **Escalated** and **Filtered** by AI. + +You can interact with the page in the following ways: + +- **Update the time range:** Use the time selector in the upper right corner to select the time range for which to show value metrics. +- **Export report:** Select **Export report** in the upper right corner to download a sharable PDF of the value report. + + +:::{image} /solutions/images/security-ease-value-report.png +:alt: The Value Report in an EASE project +::: diff --git a/solutions/images/security-ease-value-report.png b/solutions/images/security-ease-value-report.png index a6657f9f31..d04bb3e548 100644 Binary files a/solutions/images/security-ease-value-report.png and b/solutions/images/security-ease-value-report.png differ diff --git a/solutions/images/security-value-report-rbac.png b/solutions/images/security-value-report-rbac.png new file mode 100644 index 0000000000..89fb047a9d Binary files /dev/null and b/solutions/images/security-value-report-rbac.png differ diff --git a/solutions/security/ai/ease/ease-intro.md b/solutions/security/ai/ease/ease-intro.md index 2f4c368bab..581c5d47fd 100644 --- a/solutions/security/ai/ease/ease-intro.md +++ b/solutions/security/ai/ease/ease-intro.md @@ -10,6 +10,40 @@ Elastic AI SOC Engine (EASE) is an {{sec-serverless}} project type that provides This page describes how to create an EASE project, how to ingest your data, and how to use its key features. + +## Features + +EASE provides a set of capabilities designed to help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond. Once your data is ingested, you can start using the following features: + +- **[Attack Discovery](/solutions/security/ai/attack-discovery.md)**: Helps you analyze alerts in your environment and identify threats. Each discovery represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. + + :::{image} /solutions/images/security-attck-disc-example-disc.png + :alt: Attack Discovery detail view + :width: 600px + ::: + + You can [schedule](/solutions/security/ai/attack-discovery.md#schedule-discoveries) Attack Discovery to run automatically, and notify you of any discoveries through a range of connectors such as Slack, Teams, PagerDuty, or email. + +- **[AI Assistant](/solutions/security/ai/ai-assistant.md)**: An LLM-powered virtual assistant specialized for digital security; it helps with data analysis, alert investigation, incident response, and {{esql}} query generation. You can add custom background knowledge and data to its [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md) and use natural language to ask for its assistance with your SOC operations. + + :::{image} /solutions/images/security-ease-ai-assistant.png + :alt: A new conversation with AI Assistant + :width: 450px + ::: + + You can add custom information to AI Assistant's [Knowledge Base](/solutions/security/ai/ai-assistant-knowledge-base.md), either in the form of individual documents or entire indices containing numerous documents. This information informs the AI Assistant's responses and can include everything from threat intelligence, to information about your team's on-call rotation, to information about your infrastructure, and more. + +- **[Cases](/solutions/security/investigate/cases.md)**: Helps you track and share related information about security issues. Track key investigation details and collect alerts in a central location. + + :::{image} /solutions/images/security-ease-cases.png + :alt: The Cases page in an EASE project showing the default state + ::: + +- **[Value report](/solutions/security/ai/ease/ease-value-report.md)**: + + :::{include} /solutions/_snippets/value-report-intro.md + ::: + ## Create an EASE project To create an EASE project: @@ -47,32 +81,3 @@ To ingest third-party security data: EASE uses LLM connectors to enable its AI features such as Attack Discovery and AI Assistant. The Elastic Managed LLM is enabled by default. You can also [configure your own third-party LLM connector](/solutions/security/ai/set-up-connectors-for-large-language-models-llm.md). Keep in mind that different models [perform differently](/solutions/security/ai/large-language-model-performance-matrix.md) on different tasks. - -## Features - -EASE provides a set of capabilities designed to help make the most of each security analyst’s time, fight alert fatigue, and reduce your mean time to respond. Once your data is ingested, you can start using the following features: - -- **[Attack Discovery](/solutions/security/ai/attack-discovery.md)**: Helps you analyze alerts in your environment and identify threats. Each discovery represents a potential attack and describes relationships among multiple alerts to tell you which users and hosts are involved, how alerts correspond to the MITRE ATT&CK matrix, and which threat actor might be responsible. - - :::{image} /solutions/images/security-attck-disc-example-disc.png - :alt: Attack Discovery detail view - :width: 600px - ::: - - You can [schedule](/solutions/security/ai/attack-discovery.md#schedule-discoveries) Attack Discovery to run automatically, and notify you of any discoveries through a range of connectors such as Slack, Teams, PagerDuty, or email. - -- **[AI Assistant](/solutions/security/ai/ai-assistant.md)**: An LLM-powered virtual assistant specialized for digital security; it helps with data analysis, alert investigation, incident response, and {{esql}} query generation. You can add custom background knowledge and data to its [knowledge base](/solutions/security/ai/ai-assistant-knowledge-base.md) and use natural language to ask for its assistance with your SOC operations. - - :::{image} /solutions/images/security-ease-ai-assistant.png - :alt: A new conversation with AI Assistant - :width: 450px - ::: - - You can add custom information to AI Assistant's [Knowledge Base](/solutions/security/ai/ai-assistant-knowledge-base.md), either in the form of individual documents or entire indices containing numerous documents. This information informs the AI Assistant's responses and can include everything from threat intelligence, to information about your team's on-call rotation, to information about your infrastructure, and more. - -- **[Cases](/solutions/security/investigate/cases.md)**: Helps you track and share related information about security issues. Track key investigation details and collect alerts in a central location. - - :::{image} /solutions/images/security-ease-cases.png - :alt: The Cases page in an EASE project showing the default state - ::: - diff --git a/solutions/security/ai/ease/ease-value-report.md b/solutions/security/ai/ease/ease-value-report.md index 3c27a04654..0b48a77f3d 100644 --- a/solutions/security/ai/ease/ease-value-report.md +++ b/solutions/security/ai/ease/ease-value-report.md @@ -3,18 +3,29 @@ navigation_title: Value report applies_to: serverless: security: preview + stack: preview 9.3 --- -# EASE Value Report +# Value report -The **Value report** page estimates your savings from using Elastic AI SOC Engine (EASE) for alert triage, in terms of **Analyst time saved** and **Cost Savings**. The message at the top of the page explains how those numbers were determined, and how many alerts were **Escalated** and **Filtered** by AI. +:::{include} /solutions/_snippets/value-report-intro.md +::: -You can interact with the page in the following ways: +## Requirements -- **Update the time range:** Use the time selector in the upper right corner to select the time range for which to show value metrics. -- **Export report:** Select **Export report** in the upper right corner to download a sharable PDF of the value report. +```{applies_to} +serverless: preview +stack: preview 9.3 +``` +* To access the **Value report** page, your subscription must include AI-powered features. For {{sec-serverless}}, this means you need either the Elastic AI SOC Engine (EASE) or Security Analytics Complete [feature tier](https://www.elastic.co/pricing/serverless-security). -:::{image} /solutions/images/security-ease-value-report.png -:alt: The Value Report in an EASE project -::: +* To access the **Value report** page, you need the **SOC Management** Security sub-feature [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). + +![value report RBAC setting](/solutions/images/security-value-report-rbac.png "=50%") + +::::{note} +The following default roles have the **SOC Management** privilege by default: +- EASE feature tier: ` _search_ai_lake_soc_manager` +- Security Analytics Complete: `admin` and `soc_manager` +:::: \ No newline at end of file diff --git a/solutions/toc.yml b/solutions/toc.yml index 0c1f0de30e..f26eb43f41 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -558,7 +558,6 @@ toc: - file: security/ai/ease/ease-intro.md children: - file: security/ai/ease/ease-alerts.md - - file: security/ai/ease/ease-value-report.md - file: security/ai/ease/ease-upgrade.md - file: security/ai/ai-assistant.md children: @@ -578,6 +577,7 @@ toc: - file: security/ai/triage-alerts.md - file: security/ai/identify-investigate-document-threats.md - file: security/ai/generate-customize-learn-about-esorql-queries.md + - file: security/ai/ease/ease-value-report.md - file: security/detect-and-alert.md children: - file: security/detect-and-alert/detections-requirements.md