Skip to content

[DE][9.4 & Serverless] Attach Security Detection rule as AI Agent context #5540

Open
nastasha-solomon wants to merge 7 commits intomainfrom
docs-5364-attach-detection-rule-to-ai-agent
Open

[DE][9.4 & Serverless] Attach Security Detection rule as AI Agent context #5540
nastasha-solomon wants to merge 7 commits intomainfrom
docs-5364-attach-detection-rule-to-ai-agent

Conversation

@nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Mar 17, 2026

Summary

Fixes #5364.

Documents the Add to chat feature that lets users attach a Security detection rule to the AI Agent from rule details, rule editing, rule creation, and alert flyouts.

  • New section "Attach a detection rule to the AI Agent" highlights the following:
    • Where Add to chat appears (rule details, rule editing, rule creation, alerts flyout rule summary, alerts table rule flyout).
    • What the agent can help with (detection intent, query logic, MITRE ATT&CK coverage, timing/scheduling, metadata quality, investigation guide suggestions).
    • What the agent can "see" -- only rule-defined fields. Also does not resolve exception lists.
  • Added a note after the "Edit a single rule" section. Highlights that Add to chat is available from the rule details page and edit rule settings view.

Generative AI disclosure

  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?
  • Yes
  • No

Cursor + Auto

@nastasha-solomon nastasha-solomon self-assigned this Mar 17, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 17, 2026
edited
Loading

Vale Linting Results

Summary: 2 suggestions found

💡 Suggestions (2)
File Line Rule Message
solutions/security/ai/agent-builder/agent-builder.md 27 Elastic.Clone Use clone only when referring to cloning a GitHub repository or creating a copy that is linked to the original. Often confused with 'copy' and 'duplicate'.
solutions/security/ai/agent-builder/agent-builder.md 50 Elastic.Semicolons Use semicolons judiciously.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 17, 2026
edited
Loading

🔍 Preview links for changed docs

benironside
benironside approved these changes Mar 18, 2026
View reviewed changes
Copy link
Contributor

@benironside benironside left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your work LGTM @nastasha-solomon! I added a section to the Validate and test your detection rules page about how to validate rules using AI. Please lmk what you think!

@benironside benironside self-assigned this Mar 18, 2026
@nastasha-solomon nastasha-solomon marked this pull request as ready for review March 20, 2026 20:41
@nastasha-solomon nastasha-solomon requested a review from a team as a code owner March 20, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benironside benironside benironside approved these changes

@vitaliidm vitaliidm Awaiting requested review from vitaliidm

@leemthompo leemthompo Awaiting requested review from leemthompo

Assignees

@nastasha-solomon nastasha-solomon

@benironside benironside

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Internal]: [Security Solution][Detection Engine] Attach Security Detection rule as AI Agent context

2 participants

@nastasha-solomon @benironside