The recently released Elasticsearch Relevance Engine™ (ESRE™) delivers new capabilities for creating highly relevant AI search applications. ESRE builds on more than two years of focused machine learning research and development made possible through Elastic’s leadership role in search use cases.
ESRE combines the best of AI with Elastic’s text search, providing developers a full suite of sophisticated retrieval algorithms and the ability to integrate with large language models (LLMs). It’s accessible via a simple, unified API that the Elastic community already trusts, so developers around the world can start using it immediately to elevate search relevance.
Today, we build on these innovations with our first domain-specific application for cybersecurity. Elastic’s open roots and rapid innovation provides all users access to powerful technology to solve their unique business challenges. The rapid advancements of generative AI have allowed Elastic to take the next step of making these capabilities available to every security analyst.
Elastic AI Assistant’s unique approach to incorporating generative AI can be summarized in the following user benefits:
Open and transparent
Elastic AI Assistant’s open framework enables users to adapt to the rapidly shifting LLM landscape — easily connecting to new models to facilitate comparison and the adoption of domain-specific models for different applications. Starting with Microsoft Azure OpenAI and OpenAI, users can choose which prompts and data to send to which model — putting security, privacy, and efficacy at the forefront of every decision.
Another unique advantage for Elastic customers is that our abundance of publically available product information allows existing LLMs to be well-versed in Elastic Security, improving the accuracy of generated results. Classically closed vendors cannot achieve this level of efficacy from these models due to the comparative scarcity of public technical information about black-box products.
For all analysts
Elastic users benefit from a unified data analytics platform, which dramatically reduces the cost and complexity of data collection, storage, and analysis. Elastic AI Assistant magnifies this benefit. As an assistant across numerous security use cases, simple built-in prompts allow for use case-specific application, and the freestyle ability provides the power to go beyond what comes prebuilt. Users can even create their own prompts to share with their team, allowing Elastic AI Assistant to evolve to best serve your organization.
Secure by design
Elastic displays all the data that will be sent to the LLM and allows the user to redact, remove, or change it beforehand. We are partnering with vendors committed to the security of customer information, starting with Microsoft Azure OpenAI.
Relevant, thanks to ESRE
Large language models are astonishing, almost magical. However, to provide an answer that applies well to a specific organization, the LLM needs relevant context. Without this context, a user receives generic information derived from publicly trained models. ESRE helps customers overcome these challenges by providing organizational context, grounding each answer in data that is unique to their organization.
Elastic AI Assistant bolsters your cybersecurity operations team with generative AI. It allows users to interact with Elastic Security for tasks such as alert investigation, incident response, and query generation or conversion using natural language. Today, this includes a connector for OpenAI and Azure OpenAI Service.
Elastic AI Assistant can be easily invoked with a simple keyboard shortcut or via contextual links in Elastic Security. It offers users prebuilt, recommended prompts as well as specific context for the LLM. Prompts and context are the key to making generative AI applicable to your team. The prompt ensures the answer coming back from the LLM is written for the right user (a tier 1 or 2 security analyst, for example). And context is the organization-specific information that tailors the answer to specific problems. Elastic AI Assistant makes this seamless with prebuilt prompts — one click and you’re done.
Some examples of the prebuilt prompts now available:
- Alert summarization: This prompt provides an alert document as context and returns a detailed description of why the alert triggered and recommended steps to triage and remediate the attack. This type of prompt can generate a dynamic runbook for an organization.
- Workflow suggestions: This can provide a step-by-step guide for accomplishing a task within Elastic, such as adding an alert exception or creating a custom dashboard.
- Query conversion: To streamline migration from legacy SIEMs, a user can paste a query from another product and Elastic AI Assistant will convert it into an Elastic query. This process has already been shown to slash the time and cost of SIEM migration.
- Agent integration advice: If you want to collect information but are unsure of the best method in Elastic, simply ask Elastic AI Assistant to help.
In addition to the numerous prebuilt prompts, users can add their own prompts to support the workflow that works best for them. Elastic AI Assistant can truly become part of your team through this customizable workflow.
When the answer returns from your selected LLM, you can continue to converse with the model. Each time, Elastic AI Assistant adds back the context of conversation, and once you are satisfied with the results you can then add to a timeline investigation or a case.
Get started today
Elastic AI Assistant is available now to all users. For more information on how to integrate it with your model of choice and begin harnessing the power of AI, read our documentation.
The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.
Elastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.