This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
Find prompts
editFind prompts
editRetrieve a list of Elastic AI Assistant prompts.
Request URL
editGET <kibana host>:<port>/api/security_ai_assistant/prompts/_find
URL query parameters
edit| Name | Type | Description | Required |
|---|---|---|---|
|
Number |
The page number to return. Defaults to |
No |
|
Number |
The number of items to return per page. Defaults to |
No |
|
String |
The filter query to apply on the request. |
No |
|
String |
The field to sort the results by. Valid values are:
|
No |
|
String |
The order to sort the results in. Valid values are:
|
No |
|
String |
Defines the fields of the document to return in the response. |
No |
Example requests
editExample 1
Get a list of the system and quick (user) prompts for all consumers.
GET api/security_ai_assistant/prompts/_find?page=1&per_page=100&filter=consumer%3A*
Response code
edit200
Indicates a successful call.
Response payload
editA JSON prompt object with a unique id.
Example 1
Prompts response payload:
{
"perPage": 100,
"page": 1,
"total": 9,
"data": [
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "As an expert in security operations and incident response, provide a breakdown of the attached alert and summarize what it might mean for my organization.",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "-R12SZEBYaDeA-NhnUyW",
"name": "Alert summarization",
"promptType": "quick",
"color": "#F68FBE",
"categories": [
"alert"
],
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0",
"name": "elastic"
}
],
"content": "As an expert user of Elastic Security, please generate an accurate and valid ESQL query to detect the use case below. Your response should be formatted to be able to use immediately in an Elastic Security timeline or detection rule. Take your time with the answer, check your knowledge really well on all the functions I am asking for. For ES|QL answers specifically, you should only ever answer with what's available in your private knowledge. I cannot afford for queries to be inaccurate. Assume I am using the Elastic Common Schema and Elastic Agent.\n\nEnsure the answers are formatted in a way which is easily copyable as a separate code block in markdown.",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "-h12SZEBYaDeA-NhnUyW",
"name": "ES|QL Query Generation",
"promptType": "quick",
"color": "#9170B8",
"categories": [
"knowledge-base"
],
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "As an expert user of Elastic Security, please generate an accurate and valid EQL query to detect the use case below. Your response should be formatted to be able to use immediately in an Elastic Security timeline or detection rule. If Elastic Security already has a prebuilt rule for the use case, or a similar one, please provide a link to it and describe it.",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "-x12SZEBYaDeA-NhnUyW",
"name": "Query generation",
"promptType": "quick",
"color": "#7DDED8",
"categories": [
"detection-rules"
],
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "As an expert user of Elastic Security, please suggest a workflow, with step by step instructions on how to:",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "_B12SZEBYaDeA-NhnUyW",
"name": "Workflow suggestions",
"promptType": "quick",
"color": "#36A2EF",
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "As an expert user of Elastic Security, Elastic Agent, and Ingest pipelines, please list accurate and formatted, step by step instructions on how to ingest the following data using Elastic Agent and Fleet in Kibana and convert it to the Elastic Common Schema:",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "_R12SZEBYaDeA-NhnUyW",
"name": "Custom data ingestion helper",
"promptType": "quick",
"color": "#F3D371",
"categories": [
"event"
],
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "I have the following query from a previous SIEM platform. As an expert user of Elastic Security, please suggest an Elastic EQL equivalent. I should be able to copy it immediately into an Elastic security timeline.",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "_h12SZEBYaDeA-NhnUyW",
"name": "Query conversion",
"promptType": "quick",
"color": "#BADA55",
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "Which Fleet enabled Elastic Agent integration should I use to collect logs and events from:",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "_x12SZEBYaDeA-NhnUyW",
"name": "Agent integration advice",
"promptType": "quick",
"color": "#FFA500",
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "You are a helpful, expert assistant who answers questions about Elastic Security. Do not answer questions unrelated to Elastic Security.\nIf you answer a question related to KQL, EQL, or ES|QL, it should be immediately usable within an Elastic Security timeline; please always format the output correctly with back ticks. Any answer provided for Query DSL should also be usable in a security timeline. This means you should only ever include the \"filter\" portion of the query.",
"isDefault": true,
"isNewConversationDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "AB12SZEBYaDeA-NhnU2W",
"name": "Default system prompt",
"promptType": "system",
"consumer": "securitySolutionUI"
},
{
"timestamp": "2024-08-13T01:59:56.053Z",
"users": [
{
"id": "testid",
"name": "elastic"
}
],
"content": "You are a helpful, expert assistant who answers questions about Elastic Security. Do not answer questions unrelated to Elastic Security.\nProvide the most detailed and relevant answer possible, as if you were relaying this information back to a cyber security expert.\nIf you answer a question related to KQL, EQL, or ES|QL, it should be immediately usable within an Elastic Security timeline; please always format the output correctly with back ticks. Any answer provided for Query DSL should also be usable in a security timeline. This means you should only ever include the \"filter\" portion of the query.",
"isDefault": true,
"updatedAt": "2024-08-13T01:59:56.053Z",
"id": "AR12SZEBYaDeA-NhnU2W",
"name": "Enhanced system prompt",
"promptType": "system",
"consumer": "securitySolutionUI"
}
]
}