Integrate Elastic AI Assistant for Security via API to advance SOC workflows

By

James Spiteri,

Dhrumil Patel

gen-ai-enhancements.jpg

Since releasing Elastic AI Assistant for Security, we’ve received overwhelmingly positive feedback from our customers. Elastic AI Assistant is helping security operations teams investigate and respond to threats faster by providing deep security expertise. Building on that momentum, we’re excited to announce the availability of chat and management APIs for Elastic AI Assistant in Elastic Security 8.15. These new APIs allow users to automate interactions with Elastic AI Assistant, manage conversations and anonymization settings, and more.

Benefits of an API for Elastic AI Assistant

AI for security operations is transforming SOC team workflows by augmenting analyst expertise and expediting mundane tasks. With the addition of an API for Elastic AI Assistant, teams can now automate new types of tasks. The new feature set includes:

  1. API communication: Users can now manage Elastic AI Assistant interactions via an API. This simplifies processes like threat identification and data enrichment directly within user workflows.

  2. Contextual conversations: The API supports the transmission of entire conversation histories, improving response accuracy and relevance.

  3. Privacy features: The API includes options to anonymize sensitive data before transmission, supporting data privacy and security requirements.

  4. Access to knowledge base resources: The API grants access to Elastic AI Assistant’s extensive knowledge base and sophisticated analytics capabilities, such as retrieval augmented generation (RAG), enabling contextually informed insights and decision-making within operational workflows.

  5. SOAR integration: The API also facilitates connections with security orchestration, automation, and response (SOAR) tools like Tines, facilitating automation of complex security responses.
code screenshot API

API use cases for Elastic AI Assistant

Integrating the API translates theoretical benefits into real-world advantages. Here are several scenarios where Elastic AI Assistant can be used:

  • Streamline threat management: Automate monitoring, analysis, and response to threats to enhance speed and accuracy.

  • Enhance operational workflows: Integrate Elastic AI Assistant into security operations processes to streamline decision-making without manual input.

  • Ensure compliance and privacy: Anonymize sensitive data automatically to support compliance with regulations.

Start integrating AI today

Our comprehensive documentation helps guide you through integrating these capabilities into your systems. It includes detailed tutorials, sample code, and API specifications to support your implementation efforts.

More exciting AI features in 8.15

In Elastic 8.15, we added a new large language model (LLM) integration for Google’s Gemini models. This connector works with Attack Discovery and Elastic AI Assistant. Elastic's support for numerous LLMs ensures that customers can select the best models for their unique security needs while balancing performance, accuracy, and cost.

selecting a connector

The release also embeds Elastic AI Assistant in the detection rule creation workflow. Should you encounter any errors as you craft a query, you can open the assistant to get help diagnosing and correcting those errors.

Video thumbnail

We also made significant improvements to Attack Discovery:

  • You can now run Attack Discovery in the background and return to view the results later.

  • It’s now possible to run Attack Discovery across different LLMs simultaneously, simplifying comparison of generative AI models.

  • Attack Discovery results are persisted and saved and won’t be lost if you close your browser session. This also means they are available to view and reference outside of the Attack Discovery UI (should you wish to add them to a custom dashboard, for example).

  • We’ve honed the output of lower-cost models to improve accuracy.

Conclusion

Elastic Security 8.15 advances our leadership in delivering security capabilities for the AI era. By integrating with Elastic AI Assistant via API, your security operations team can achieve greater automation, efficiency, and effectiveness.

Explore how our launch of Attack Discovery advances AI-driven security analytics, and learn about our other AI features for SOC teams.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial