From 261c321536918e665acf25cb1a768bcb58211b88 Mon Sep 17 00:00:00 2001 From: Andrew Macri Date: Mon, 10 Feb 2025 09:32:21 -0500 Subject: [PATCH 1/9] ## What does this PR do? Adds `kibana/security_ai_prompt` to support security AI prompt assets. ## Why is it important? In order to have the flexibility to tweak AI prompts outside of our regular ESS release schedule, `kibana/security_ai_prompt` assets introduce the ability to ship prompt updates for the security AI Assistant and Attack Discovery. ## Checklist - [x] I have added test packages to [`test/packages`](https://github.com/elastic/package-spec/tree/main/test/packages) that prove my change is effective. - [x] I have added an entry in [`spec/changelog.yml`](https://github.com/elastic/package-spec/blob/main/spec/changelog.yml). ## Related issues - --- spec/changelog.yml | 3 +++ spec/integration/kibana/spec.yml | 11 ++++++++++- .../good-security-ai-prompt-1.json | 12 ++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json diff --git a/spec/changelog.yml b/spec/changelog.yml index 53cc18b3a..d3cd52e14 100644 --- a/spec/changelog.yml +++ b/spec/changelog.yml @@ -10,6 +10,9 @@ - description: Add support for semantic_text field definition. type: enhancement link: https://github.com/elastic/package-spec/pull/807 + - description: Add kibana/security_ai_prompt to support security AI prompt assets. + type: enhancement + link: https://github.com/elastic/package-spec/pull/TODO_UPDATE_LINK_AFTER_OPENING_PR - version: 3.3.2 changes: - description: Add support for required conditional groups of variables. diff --git a/spec/integration/kibana/spec.yml b/spec/integration/kibana/spec.yml index 7d77285b9..0c5565e90 100644 --- a/spec/integration/kibana/spec.yml +++ b/spec/integration/kibana/spec.yml @@ -65,6 +65,15 @@ spec: type: file contentMediaType: "application/json" pattern: '^.+\.json$' + - description: Folder containing security AI prompt assets + type: folder + name: security_ai_prompt + required: false + contents: + - description: A security AI prompt asset file + type: file + contentMediaType: "application/json" + pattern: '^{PACKAGE_NAME}-.+\.json$' - description: Folder containing rules type: folder name: "security_rule" @@ -135,7 +144,7 @@ spec: contentMediaType: "application/json" pattern: '^{PACKAGE_NAME}-.+\.json$' forbiddenPatterns: - - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden + - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden versions: - before: 3.4.0 patch: diff --git a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json new file mode 100644 index 000000000..7ad47ac1d --- /dev/null +++ b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json @@ -0,0 +1,12 @@ +{ + "attributes": { + "promptId": "systemPrompt", + "promptGroupId": "aiAssistant", + "provider": "openai", + "prompt": { + "default": "You always talk like a pirate." + } + }, + "id": "security_ai_prompts-6e46c1bd-84d5-4609-9bf0-2f9ec1fc789d", + "type": "security-ai-prompt" +} \ No newline at end of file From 45b69849daebc5557d5bf540dca60f561132f973 Mon Sep 17 00:00:00 2001 From: Patryk Kopycinski Date: Tue, 11 Feb 2025 11:32:26 +0100 Subject: [PATCH 2/9] fix tests --- spec/integration/kibana/spec.yml | 18 +++++++++--------- .../good-security-ai-prompt-1.json | 2 +- .../good_v2-security-ai-prompt-1.json | 12 ++++++++++++ .../good_v3-security-ai-prompt-1.json | 12 ++++++++++++ 4 files changed, 34 insertions(+), 10 deletions(-) create mode 100644 test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json create mode 100644 test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json diff --git a/spec/integration/kibana/spec.yml b/spec/integration/kibana/spec.yml index 0c5565e90..1edeb4624 100644 --- a/spec/integration/kibana/spec.yml +++ b/spec/integration/kibana/spec.yml @@ -65,15 +65,6 @@ spec: type: file contentMediaType: "application/json" pattern: '^.+\.json$' - - description: Folder containing security AI prompt assets - type: folder - name: security_ai_prompt - required: false - contents: - - description: A security AI prompt asset file - type: file - contentMediaType: "application/json" - pattern: '^{PACKAGE_NAME}-.+\.json$' - description: Folder containing rules type: folder name: "security_rule" @@ -145,6 +136,15 @@ spec: pattern: '^{PACKAGE_NAME}-.+\.json$' forbiddenPatterns: - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden + - description: Folder containing security AI prompt assets + type: folder + name: "security_ai_prompt" + required: false + contents: + - description: A security AI prompt asset file + type: file + contentMediaType: "application/json" + pattern: '^{PACKAGE_NAME}-.+\.json$' versions: - before: 3.4.0 patch: diff --git a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json index 7ad47ac1d..6a4e20c36 100644 --- a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json +++ b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json @@ -7,6 +7,6 @@ "default": "You always talk like a pirate." } }, - "id": "security_ai_prompts-6e46c1bd-84d5-4609-9bf0-2f9ec1fc789d", + "id": "good-security-ai-prompt-1", "type": "security-ai-prompt" } \ No newline at end of file diff --git a/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json b/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json new file mode 100644 index 000000000..1a0b9616e --- /dev/null +++ b/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json @@ -0,0 +1,12 @@ +{ + "attributes": { + "promptId": "systemPrompt", + "promptGroupId": "aiAssistant", + "provider": "openai", + "prompt": { + "default": "You always talk like a pirate." + } + }, + "id": "good_v2-security-ai-prompt-1", + "type": "security-ai-prompt" +} \ No newline at end of file diff --git a/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json b/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json new file mode 100644 index 000000000..1b4183d6f --- /dev/null +++ b/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json @@ -0,0 +1,12 @@ +{ + "attributes": { + "promptId": "systemPrompt", + "promptGroupId": "aiAssistant", + "provider": "openai", + "prompt": { + "default": "You always talk like a pirate." + } + }, + "id": "good_v3-security-ai-prompt-1", + "type": "security-ai-prompt" +} \ No newline at end of file From 78cf47ab4029cf35dd5c955a42e6baf7a5bfa1d4 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Wed, 26 Mar 2025 08:17:43 -0600 Subject: [PATCH 3/9] updates from 870 --- spec/changelog.yml | 2 +- spec/integration/kibana/spec.yml | 4 ++++ .../kibana/security_ai_prompt/good-security-ai-prompt-1.json | 4 ++-- .../security_ai_prompt/good_v2-security-ai-prompt-1.json | 4 ++-- .../security_ai_prompt/good_v3-security-ai-prompt-1.json | 4 ++-- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/spec/changelog.yml b/spec/changelog.yml index d3cd52e14..d28a87c7d 100644 --- a/spec/changelog.yml +++ b/spec/changelog.yml @@ -12,7 +12,7 @@ link: https://github.com/elastic/package-spec/pull/807 - description: Add kibana/security_ai_prompt to support security AI prompt assets. type: enhancement - link: https://github.com/elastic/package-spec/pull/TODO_UPDATE_LINK_AFTER_OPENING_PR + link: https://github.com/elastic/package-spec/pull/871 - version: 3.3.2 changes: - description: Add support for required conditional groups of variables. diff --git a/spec/integration/kibana/spec.yml b/spec/integration/kibana/spec.yml index 1edeb4624..956ac9730 100644 --- a/spec/integration/kibana/spec.yml +++ b/spec/integration/kibana/spec.yml @@ -150,6 +150,10 @@ versions: patch: - op: remove path: "/contents/13" # remove SLO definitions + - before: 3.4.0 + patch: + - op: remove + path: "/contents/6" # remove AI prompt definitions - before: 2.10.0 patch: - op: remove diff --git a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json index 6a4e20c36..e76bbbccf 100644 --- a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json +++ b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json @@ -4,9 +4,9 @@ "promptGroupId": "aiAssistant", "provider": "openai", "prompt": { - "default": "You always talk like a pirate." + "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security." } }, "id": "good-security-ai-prompt-1", "type": "security-ai-prompt" -} \ No newline at end of file +} diff --git a/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json b/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json index 1a0b9616e..ec4b7fac5 100644 --- a/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json +++ b/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json @@ -4,9 +4,9 @@ "promptGroupId": "aiAssistant", "provider": "openai", "prompt": { - "default": "You always talk like a pirate." + "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security." } }, "id": "good_v2-security-ai-prompt-1", "type": "security-ai-prompt" -} \ No newline at end of file +} diff --git a/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json b/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json index 1b4183d6f..b4ca4cd50 100644 --- a/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json +++ b/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json @@ -4,9 +4,9 @@ "promptGroupId": "aiAssistant", "provider": "openai", "prompt": { - "default": "You always talk like a pirate." + "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security." } }, "id": "good_v3-security-ai-prompt-1", "type": "security-ai-prompt" -} \ No newline at end of file +} From 5927910e6b63821942b4068e126d3a6d3d969a97 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Wed, 26 Mar 2025 10:02:32 -0600 Subject: [PATCH 4/9] fix spec/integration/kibana/spec.yml --- spec/integration/kibana/spec.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/integration/kibana/spec.yml b/spec/integration/kibana/spec.yml index 956ac9730..43ba9f2a4 100644 --- a/spec/integration/kibana/spec.yml +++ b/spec/integration/kibana/spec.yml @@ -149,11 +149,9 @@ versions: - before: 3.4.0 patch: - op: remove - path: "/contents/13" # remove SLO definitions - - before: 3.4.0 - patch: + path: "/contents/14" # remove AI prompt definitions - op: remove - path: "/contents/6" # remove AI prompt definitions + path: "/contents/13" # remove SLO definitions - before: 2.10.0 patch: - op: remove From 77dacdfbbd9e042d3d722dfb8d1a2ca9a4cb972a Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Wed, 26 Mar 2025 11:30:40 -0600 Subject: [PATCH 5/9] rm sample json from good and good_v2 --- .../good-security-ai-prompt-1.json | 12 ------------ .../good_v2-security-ai-prompt-1.json | 12 ------------ 2 files changed, 24 deletions(-) delete mode 100644 test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json delete mode 100644 test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json diff --git a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json b/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json deleted file mode 100644 index e76bbbccf..000000000 --- a/test/packages/good/kibana/security_ai_prompt/good-security-ai-prompt-1.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "attributes": { - "promptId": "systemPrompt", - "promptGroupId": "aiAssistant", - "provider": "openai", - "prompt": { - "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security." - } - }, - "id": "good-security-ai-prompt-1", - "type": "security-ai-prompt" -} diff --git a/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json b/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json deleted file mode 100644 index ec4b7fac5..000000000 --- a/test/packages/good_v2/kibana/security_ai_prompt/good_v2-security-ai-prompt-1.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "attributes": { - "promptId": "systemPrompt", - "promptGroupId": "aiAssistant", - "provider": "openai", - "prompt": { - "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security." - } - }, - "id": "good_v2-security-ai-prompt-1", - "type": "security-ai-prompt" -} From 5945ba6984e084aa1a2748f7fb35100d711bd677 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 27 Mar 2025 14:50:33 -0600 Subject: [PATCH 6/9] integration => content --- spec/content/kibana/spec.yml | 11 +++++++++++ spec/integration/kibana/spec.yml | 11 ----------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/spec/content/kibana/spec.yml b/spec/content/kibana/spec.yml index b958ea35c..cd4fa4777 100644 --- a/spec/content/kibana/spec.yml +++ b/spec/content/kibana/spec.yml @@ -29,8 +29,19 @@ spec: pattern: '^{PACKAGE_NAME}-.+\.json$' forbiddenPatterns: - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden + - description: Folder containing security AI prompt assets + type: folder + name: "security_ai_prompt" + required: false + contents: + - description: A security AI prompt asset file + type: file + contentMediaType: "application/json" + pattern: '^{PACKAGE_NAME}-.+\.json$' versions: - before: 3.4.0 patch: + - op: remove + path: "/contents/3" # remove AI prompt definitions - op: remove path: "/contents/2" # remove SLO definitions diff --git a/spec/integration/kibana/spec.yml b/spec/integration/kibana/spec.yml index 43ba9f2a4..56ae3f694 100644 --- a/spec/integration/kibana/spec.yml +++ b/spec/integration/kibana/spec.yml @@ -136,20 +136,9 @@ spec: pattern: '^{PACKAGE_NAME}-.+\.json$' forbiddenPatterns: - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden - - description: Folder containing security AI prompt assets - type: folder - name: "security_ai_prompt" - required: false - contents: - - description: A security AI prompt asset file - type: file - contentMediaType: "application/json" - pattern: '^{PACKAGE_NAME}-.+\.json$' versions: - before: 3.4.0 patch: - - op: remove - path: "/contents/14" # remove AI prompt definitions - op: remove path: "/contents/13" # remove SLO definitions - before: 2.10.0 From 9551e8f0fedaaa2a0e34a4aa52453224292a14b9 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 27 Mar 2025 14:52:13 -0600 Subject: [PATCH 7/9] add space back --- spec/integration/kibana/spec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/integration/kibana/spec.yml b/spec/integration/kibana/spec.yml index 56ae3f694..7d77285b9 100644 --- a/spec/integration/kibana/spec.yml +++ b/spec/integration/kibana/spec.yml @@ -135,7 +135,7 @@ spec: contentMediaType: "application/json" pattern: '^{PACKAGE_NAME}-.+\.json$' forbiddenPatterns: - - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden + - '^.+-(ecs|ECS)\.json$' # ECS suffix is forbidden versions: - before: 3.4.0 patch: From e54eb29c87f27fbf99ea9258dda3f53b094247e4 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 27 Mar 2025 14:54:28 -0600 Subject: [PATCH 8/9] move test --- .../security_ai_prompt/good_content-security-ai-prompt-1.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename test/packages/{good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json => good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json} (100%) diff --git a/test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json b/test/packages/good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json similarity index 100% rename from test/packages/good_v3/kibana/security_ai_prompt/good_v3-security-ai-prompt-1.json rename to test/packages/good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json From ad2c8bf1da725563a3a36e6f029a871c7be0ce58 Mon Sep 17 00:00:00 2001 From: Steph Milovic Date: Thu, 27 Mar 2025 14:57:10 -0600 Subject: [PATCH 9/9] fix test --- .../security_ai_prompt/good_content-security-ai-prompt-1.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/packages/good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json b/test/packages/good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json index b4ca4cd50..9e95aaaf0 100644 --- a/test/packages/good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json +++ b/test/packages/good_content/kibana/security_ai_prompt/good_content-security-ai-prompt-1.json @@ -7,6 +7,6 @@ "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security." } }, - "id": "good_v3-security-ai-prompt-1", + "id": "good_content-security-ai-prompt-1", "type": "security-ai-prompt" }