How Elastic's security team built an AI agent with RAG against MITRE's CWE and CAPEC catalogues to draft CVE advisories from raw vulnerability reports, including the full prompt and crawler configs.

How security advisories are drafted manually (and why it's slow)

Automating security advisory drafts with Elastic Agent Builder and RAG

Step 1: Indexing MITRE CWE and CAPEC data in Elasticsearch

CWE crawler configuration

CAPEC crawler configuration

Step 2: Building the security advisory AI agent

What tools Elastic Agent Builder agent uses

Grounding in CWE and CAPEC data

Index and schema discovery

Product-specific context

Fallback retrieval capabilities

How we tuned the system prompt for accurate advisory generation

Handling first-party and third-party vulnerabilities

What the agent outputs: draft advisory and reasoning

Elastic Security Advisory Generator

ROLE & OBJECTIVE

CORE BEHAVIOR

INTAKE

GROUNDING AND SAFETY RULES

CLASSIFICATION GUARDRAILS

MITIGATIONS AND SEVERITY

OUTPUT FORMAT

The result: faster, consistent CVE advisory drafts

What's next: closing the loop with Elastic Workflows

Learn how Elastic automated CVE advisory drafting with RAG and Elastic Agent Builder, grounded in MITRE CWE and CAPEC data indexed in Elasticsearch.

Security advisory automation with Elastic Agent Builder

From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AI

Author

Paul McCann

Articles

From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AI