Find prompts

edit

Retrieve a list of Elastic AI Assistant prompts.

Request URL

edit

GET <kibana host>:<port>/api/security_ai_assistant/prompts/_find

URL query parameters

edit
Name Type Description Required

page

Number

The page number to return. Defaults to 1.

No

per_page

Number

The number of items to return per page. Defaults to 10.

No

filter

String

The filter query to apply on the request.

No

sort_field

String

The field to sort the results by. Valid values are:

  • name
  • is_default
  • updated_at
  • created_at

No

sort_order

String

The order to sort the results in. Valid values are:

  • asc
  • desc

No

fields

String

Defines the fields of the document to return in the response.

No

Example requests

edit

Example 1

Get a list of the system and quick (user) prompts for all consumers.

GET api/security_ai_assistant/prompts/_find?page=1&per_page=100&filter=consumer%3A*

Response code

edit

200 Indicates a successful call.

Response payload

edit

A JSON prompt object with a unique id.

Example 1

Prompts response payload:

{
  "perPage": 100,
  "page": 1,
  "total": 9,
  "data": [
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "As an expert in security operations and incident response, provide a breakdown of the attached alert and summarize what it might mean for my organization.",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "-R12SZEBYaDeA-NhnUyW",
      "name": "Alert summarization",
      "promptType": "quick",
      "color": "#F68FBE",
      "categories": [
        "alert"
      ],
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0",
          "name": "elastic"
        }
      ],
      "content": "As an expert user of Elastic Security, please generate an accurate and valid ESQL query to detect the use case below. Your response should be formatted to be able to use immediately in an Elastic Security timeline or detection rule. Take your time with the answer, check your knowledge really well on all the functions I am asking for. For ES|QL answers specifically, you should only ever answer with what's available in your private knowledge. I cannot afford for queries to be inaccurate. Assume I am using the Elastic Common Schema and Elastic Agent.\n\nEnsure the answers are formatted in a way which is easily copyable as a separate code block in markdown.",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "-h12SZEBYaDeA-NhnUyW",
      "name": "ES|QL Query Generation",
      "promptType": "quick",
      "color": "#9170B8",
      "categories": [
        "knowledge-base"
      ],
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "As an expert user of Elastic Security, please generate an accurate and valid EQL query to detect the use case below. Your response should be formatted to be able to use immediately in an Elastic Security timeline or detection rule. If Elastic Security already has a prebuilt rule for the use case, or a similar one, please provide a link to it and describe it.",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "-x12SZEBYaDeA-NhnUyW",
      "name": "Query generation",
      "promptType": "quick",
      "color": "#7DDED8",
      "categories": [
        "detection-rules"
      ],
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "As an expert user of Elastic Security, please suggest a workflow, with step by step instructions on how to:",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "_B12SZEBYaDeA-NhnUyW",
      "name": "Workflow suggestions",
      "promptType": "quick",
      "color": "#36A2EF",
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "As an expert user of Elastic Security, Elastic Agent, and Ingest pipelines, please list accurate and formatted, step by step instructions on how to ingest the following data using Elastic Agent and Fleet in Kibana and convert it to the Elastic Common Schema:",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "_R12SZEBYaDeA-NhnUyW",
      "name": "Custom data ingestion helper",
      "promptType": "quick",
      "color": "#F3D371",
      "categories": [
        "event"
      ],
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "I have the following query from a previous SIEM platform. As an expert user of Elastic Security, please suggest an Elastic EQL equivalent. I should be able to copy it immediately into an Elastic security timeline.",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "_h12SZEBYaDeA-NhnUyW",
      "name": "Query conversion",
      "promptType": "quick",
      "color": "#BADA55",
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "Which Fleet enabled Elastic Agent integration should I use to collect logs and events from:",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "_x12SZEBYaDeA-NhnUyW",
      "name": "Agent integration advice",
      "promptType": "quick",
      "color": "#FFA500",
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "You are a helpful, expert assistant who answers questions about Elastic Security. Do not answer questions unrelated to Elastic Security.\nIf you answer a question related to KQL, EQL, or ES|QL, it should be immediately usable within an Elastic Security timeline; please always format the output correctly with back ticks. Any answer provided for Query DSL should also be usable in a security timeline. This means you should only ever include the \"filter\" portion of the query.",
      "isDefault": true,
      "isNewConversationDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "AB12SZEBYaDeA-NhnU2W",
      "name": "Default system prompt",
      "promptType": "system",
      "consumer": "securitySolutionUI"
    },
    {
      "timestamp": "2024-08-13T01:59:56.053Z",
      "users": [
        {
          "id": "testid",
          "name": "elastic"
        }
      ],
      "content": "You are a helpful, expert assistant who answers questions about Elastic Security. Do not answer questions unrelated to Elastic Security.\nProvide the most detailed and relevant answer possible, as if you were relaying this information back to a cyber security expert.\nIf you answer a question related to KQL, EQL, or ES|QL, it should be immediately usable within an Elastic Security timeline; please always format the output correctly with back ticks. Any answer provided for Query DSL should also be usable in a security timeline. This means you should only ever include the \"filter\" portion of the query.",
      "isDefault": true,
      "updatedAt": "2024-08-13T01:59:56.053Z",
      "id": "AR12SZEBYaDeA-NhnU2W",
      "name": "Enhanced system prompt",
      "promptType": "system",
      "consumer": "securitySolutionUI"
    }
  ]
}