Merge branch 'main' into issue-5291-expand-flyout-removed

Author: nastasha-solomon

.github/workflows/co-docs-builder.yml

@@ -21,11 +21,16 @@ on:
 jobs:
   publish:
     if: contains(github.event.pull_request.labels.*.name, 'ci:doc-build')
-    uses: elastic/workflows/.github/workflows/docs-elastic-co-publish.yml@main
+    uses: elastic/workflows/.github/workflows/docs-versioned-publish.yml@main
     with:
-      subdirectory: 'docs/serverless/'
+      # Refers to Vercel project
+      project-name: elastic-dot-co-docs-preview-docs
+      # Which prebuild step (dev or not)
+      prebuild: wordlake-docs
+      # Docsmobile project dir
+      site-repo: docs-site    
     secrets:
       VERCEL_GITHUB_TOKEN: ${{ secrets.VERCEL_GITHUB_TOKEN_PUBLIC }}
       VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN_PUBLIC }}
       VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID_PUBLIC }}
-      VERCEL_PROJECT_ID_DOCS_CO: ${{ secrets.VERCEL_PROJECT_ID_DOCS_CO_PUBLIC }}
+      VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID_ELASTIC_DOT_CO_DOCS_PRODUCTION_PUBLIC }}

docs/assistant/ai-alert-triage.asciidoc

@@ -1,5 +1,5 @@
 [[assistant-triage]]
-= Triage alerts with Elastic AI Assistant
+= Triage alerts
 Elastic AI Assistant can help you enhance and streamline your alert triage workflows by assessing multiple recent alerts in your environment, and helping you interpret an alert and its context. 
 
 When you view an alert in {elastic-sec}, details such as related documents, hosts, and users appear alongside a synopsis of the events that triggered the alert. This data provides a starting point for understanding a potential threat. AI Assistant can answer questions about this data and offer insights and actionable recommendations to remediate the issue.

docs/assistant/ai-esql-queries.asciidoc

@@ -0,0 +1,23 @@
+[[esql-queries-assistant]]
+= Generate, customize, and learn about {esql} queries
+
+:frontmatter-description: Elastic AI Assistant can help you write ES|QL queries.
+:frontmatter-tags-products: [security]
+:frontmatter-tags-content-type: [guide]
+:frontmatter-tags-user-goals: [get-started]
+
+Elastic AI Assistant can help you learn about and leverage the Elasticsearch Query Language ({esql}). 
+
+With AI Assistant's <<ai-assistant-knowledge-base, {esql} knowledge base>> enabled, AI Assistant benefits from specialized training data that enables it to answer questions related to {esql} at an expert level. 
+
+AI Assistant can help with {esql} in many ways, including:
+
+* **Education and training**: AI Assistant can serve as a powerful {esql} learning tool. Ask it for examples, explanations of complex queries, and best practices.
+* **Writing new queries**: Prompt AI Assistant to provide a query that accomplishes a particular task, and it will generate a query matching your description. For example: "Write a query to identify documents with `curl.exe` usage and calculate the sum of `destination.bytes`" or "What query would return all user logins to [a host] in the last six hours?"
+* **Providing feedback to optimize existing queries**: Send AI Assistant a query you want to work on and ask it for improvements, refactoring, a general assessment, or to optimize the query's performance with large data sets.
+* **Customizing queries for your environment**: Since each environment is unique, you may need to customize queries that you used in other contexts. AI Assistant can suggest necessary modifications based on contextual information you provide. 
+* **Troubleshooting**: Having trouble with a query or getting unexpected results? Ask AI Assistant to help you troubleshoot.
+
+In these ways and others, AI Assistant can enable you to make use of {esql}'s advanced search capabilities to accomplish goals across {elastic-sec}. 
+
+

docs/assistant/assistant-use-cases.asciidoc

@@ -0,0 +1,10 @@
+[[assistant-use-cases]]
+= AI Assistant use cases
+
+Elastic AI Assistant's flexibility means you can use it for many different purposes. These topics describe some of the possible uses for AI Assistant within {elastic-sec}:
+
+* <<attack-discovery-ai-assistant-incident-reporting>>
+* <<assistant-triage>>
+* <<esql-queries-assistant>>
+
+For general information about AI Assistant, refer to <<security-assistant, AI Assistant>>.

docs/assistant/azure-openai-setup.asciidoc

@@ -72,7 +72,7 @@ Now, set up the Azure OpenAI model:
 ** If you select `gpt-4`, set the **Model version** to `0125-Preview`. 
 ** If you select `gpt-4-32k`, set the **Model version** to `default`.
 +
-IMPORTANT: The models available to you will depend on https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#model-summary-table-and-region-availability[region availability]. For best results, use `GPT 4 Turbo version 0125-preview` or `GPT 4-32k` with the maximum Tokens-Per-Minute (TPM) capacity. In most regions, the GPT 4 Turbo model offers the largest supported context window.
+IMPORTANT: The models available to you depend on https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#model-summary-table-and-region-availability[region availability]. For best results, use `GPT-4o 2024-05-13` with the maximum Tokens-Per-Minute (TPM) capacity. For more information on how different models perform for different tasks, refer to the <<llm-performance-matrix>>.
 +
 . Under **Deployment type**, select **Standard**.
 . Name your deployment.

docs/assistant/connect-to-openai.asciidoc

@@ -12,7 +12,7 @@ This page provides step-by-step instructions for setting up an OpenAI connector
 
 Before creating an API key, you must choose a model. Refer to the https://platform.openai.com/docs/models/gpt-4-turbo-and-gpt-4[OpenAI docs] to select a model. Take note of the specific model name (for example `gpt-4-turbo`); you'll need it when configuring {kib}.
 
-NOTE: `GPT-4 Turbo` offers increased performance. `GPT-4` and `GPT-3.5` are also supported. 
+NOTE: `GPT-4o` offers increased performance over previous versions. For more information on how different models perform for different tasks, refer to the <<llm-performance-matrix>>.
 
 [discrete]
 === Create an API key
@@ -51,6 +51,7 @@ To integrate with {kib}:
 . Provide a name for your connector, such as `OpenAI (GPT-4 Turbo Preview)`, to help keep track of the model and version you are using.
 . Under **Select an OpenAI provider**, choose **OpenAI**.
 . The **URL** field can be left as default.
+. Under **Default model**, specify which https://platform.openai.com/docs/models/gpt-4-turbo-and-gpt-4[model] you want to use.
 . Paste the API key that you created into the corresponding field.
 . Click **Save**.
 

docs/assistant/images/attck-disc-11-alerts-disc.png

@@ -0,0 +1,11 @@
+[[llm-connector-guides]]
+= Set up connectors for large language models (LLM)
+
+This section contains instructions for setting up connectors for LLMs so you can use <<security-assistant, Elastic AI Assistant>> and <<attack-discovery, Attack discovery>>. 
+
+Setup guides are available for the following LLM providers:
+
+* <<assistant-connect-to-azure-openai, Azure OpenAI>>
+* <<assistant-connect-to-bedrock, Amazon Bedrock>>
+* <<assistant-connect-to-openai, OpenAI>>
+

docs/assistant/images/attck-disc-esql-query-gen-example.png

@@ -8,19 +8,11 @@
 
 The Elastic AI Assistant utilizes generative AI to bolster your cybersecurity operations team. It allows users to interact with {elastic-sec} for tasks such as alert investigation, incident response, and query generation or conversion using natural language and much more.
 
-AI Assistant can connect to multiple LLM providers so you can select the best model for your needs.
-
 [role="screenshot"]
 image::images/assistant-basic-view.png[Image of AI Assistant chat window,90%]
 
 WARNING: The Elastic AI Assistant is designed to enhance your analysis with smart dialogues. Its capabilities are still developing. Users should exercise caution as the quality of its responses might vary. Your insights and feedback will help us improve this feature. Always cross-verify AI-generated advice for accuracy.
 
-.Recommended models
-[sidebar]
---
-While AI Assistant is compatible with many different models, our testing found increased quality with Azure 32k, and faster and more cost-effective responses with Claude 3 Haiku and OpenAI GPT4 Turbo.
---
-
 .Requirements
 [sidebar]
 --
@@ -50,9 +42,13 @@ NOTE: Elastic can automatically anonymize event data that you provide to AI Assi
 [[set-up-ai-assistant]]
 == Set up AI Assistant
 
-You must create a generative AI connector before you can use AI Assistant. 
+You must create a generative AI connector before you can use AI Assistant. AI Assistant can connect to multiple large language model (LLM) providers so you can select the best model for your needs. To set up a connector, refer to <<llm-connector-guides,LLM connector setup guides>>.
 
-For more information about setting up generative AI connectors, refer to <<assistant-connect-to-bedrock>>, <<assistant-connect-to-openai>>, or <<assistant-connect-to-azure-openai>>.
+.Recommended models
+[sidebar]
+--
+While AI Assistant is compatible with many different models, our testing found increased quality with Azure 32k, and faster, more cost-effective responses with Claude 3 Haiku and OpenAI GPT4 Turbo. For more information, refer to the <<llm-performance-matrix>>.
+--
 
 [discrete]
 [[start-chatting]]
@@ -193,8 +189,14 @@ In addition to practical advice, AI Assistant can offer conceptual advice, tips,
 * “I need to monitor for unusual file creation patterns that could indicate ransomware activity. How would I construct this query using EQL?”
 
 
-include::ai-alert-triage.asciidoc[leveloffset=+1]
+include::assistant-use-cases.asciidoc[leveloffset=+1]
+include::ai-alert-triage.asciidoc[leveloffset=+2]
+include::use-attack-discovery-ai-assistant-incident-reporting.asciidoc[leveloffset=+2]
+include::ai-esql-queries.asciidoc[leveloffset=+2]
+
+include::llm-connector-guides.asciidoc[leveloffset=+1]
+include::azure-openai-setup.asciidoc[leveloffset=+2]
+include::connect-to-openai.asciidoc[leveloffset=+2]
+include::connect-to-bedrock.asciidoc[leveloffset=+2]
+
 include::llm-performance-matrix.asciidoc[leveloffset=+1]
-include::azure-openai-setup.asciidoc[leveloffset=+1]
-include::connect-to-openai.asciidoc[leveloffset=+1]
-include::connect-to-bedrock.asciidoc[leveloffset=+1]