elastic
diff --git a/‎packages/security_ai_prompts/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/security_ai_prompts/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-00dba7a7-4edb-4c46-8f6d-aa4670020cd4.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-00dba7a7-4edb-4c46-8f6d-aa4670020cd4.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-02d435d2-3ab1-45f7-be74-0715a8ca2ad9.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-02d435d2-3ab1-45f7-be74-0715a8ca2ad9.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0760d6bb-3255-4db8-8512-38ba25055a74.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0760d6bb-3255-4db8-8512-38ba25055a74.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07abbb80-404c-4d31-b4d6-50450c6c5561.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-07abbb80-404c-4d31-b4d6-50450c6c5561.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0c781c7f-9ff9-4335-a0e2-6e5508ac8fa0.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-0c781c7f-9ff9-4335-a0e2-6e5508ac8fa0.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1474ef6a-9da0-4871-87e6-eaf38b486699.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1474ef6a-9da0-4871-87e6-eaf38b486699.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-174eadbe-d322-4f74-af55-eb9c49ce9d24.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-174eadbe-d322-4f74-af55-eb9c49ce9d24.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-18f052ce-6a1c-408b-bedc-325189facd8d.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054.json‎ renamed to ‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-18f052ce-6a1c-408b-bedc-325189facd8d.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1b3525c5-4a67-4578-b9e7-2e15b457f21e.json‎
Lines changed: 11 additions & 0 deletions b/‎packages/security_ai_prompts/kibana/security_ai_prompt/security_ai_prompts-1b3525c5-4a67-4578-b9e7-2e15b457f21e.json‎
Lines changed: 11 additions & 0 deletions
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.0.9"
+  changes:
+    - description: "Add new Entity Highlights prompts"
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15750
 - version: "1.0.8"
   changes:
     - description: "Update ease prompts"
 
@@ -6,6 +6,6 @@
       "default": "The suggested remediation action to take for the policy response failure"
     }
   },
-  "id": "security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f",
+  "id": "security_ai_prompts-00dba7a7-4edb-4c46-8f6d-aa4670020cd4",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "The process.executable value of the event"
     }
   },
-  "id": "security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692",
+  "id": "security_ai_prompts-02d435d2-3ab1-45f7-be74-0715a8ca2ad9",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "Return **only a single-line stringified JSON object** without any code fences, explanations, or variable assignments. Do **not** wrap the output in triple backticks or any Markdown code block. \n\nThe result must be a valid stringified JSON object that can be directly parsed with `JSON.parse()` in JavaScript.\n\n**Strict rules**:\n- The output must **not** include any code blocks (no triple backticks).\n- The output must be **a string**, ready to be passed directly into `JSON.parse()`.\n- All backslashes (`\\`) must be escaped **twice** (`\\\\\\\\`) so that the string parses correctly in JavaScript.\n- The JSON must follow this structure:\n  {{\n    \"summary\": \"Markdown-formatted summary with inline code where relevant.\",\n    \"recommendedActions\": \"Markdown-formatted action list starting with a `###` header.\"\n  }}\n- The summary text should just be text. It does not need any titles or leading items in bold.\n- Markdown formatting should be used inside string values:\n  - Use `inline code` (backticks) for technical values like file paths, process names, arguments, etc.\n  - Use `**bold**` for emphasis.\n  - Use `-` for bullet points.\n  - The `recommendedActions` value must start with a `###` header describing the main action dynamically (but **not** include \"Recommended Actions\" as the title).\n- **Do not** include any extra explanation or text. Only return the stringified JSON object.\n\nThe response should look like this:\n{{\"summary\":\"Markdown-formatted summary text.\",\"recommendedActions\":\"Markdown-formatted action list starting with a ### header.\"}}"
     }
   },
-  "id": "security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96",
+  "id": "security_ai_prompts-0760d6bb-3255-4db8-8512-38ba25055a74",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "Discover the types of questions you can ask"
     }
   },
-  "id": "security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3",
+  "id": "security_ai_prompts-07abbb80-404c-4d31-b4d6-50450c6c5561",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "Call this for knowledge about the latest entity risk score and the inputs that contributed to the calculation (sorted by 'kibana.alert.risk_score') in the environment, or when answering questions about how critical or risky an entity is. When informing the risk score value for a entity you must use the normalized field 'calculated_score_norm'."
     }
   },
-  "id": "security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb",
+  "id": "security_ai_prompts-0c781c7f-9ff9-4335-a0e2-6e5508ac8fa0",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "Research"
     }
   },
-  "id": "security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4",
+  "id": "security_ai_prompts-1474ef6a-9da0-4871-87e6-eaf38b486699",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "A link to documented remediation steps for the policy response failure"
     }
   },
-  "id": "security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5",
+  "id": "security_ai_prompts-174eadbe-d322-4f74-af55-eb9c49ce9d24",
   "type": "security-ai-prompt"
 }
@@ -6,6 +6,6 @@
       "default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security. If available, use the Knowledge History provided to try and answer the question. If not provided, you can try and query for additional knowledge via the KnowledgeBaseRetrievalTool. {citations_prompt} \n{formattedTime}"
     }
   },
-  "id": "security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054",
+  "id": "security_ai_prompts-18f052ce-6a1c-408b-bedc-325189facd8d",
   "type": "security-ai-prompt"
 }
@@ -0,0 +1,11 @@
+{
+  "attributes": {
+    "promptId": "entityDetailsHighlights",
+    "promptGroupId": "aiForEntityDetails",
+    "prompt": {
+      "default": "Generate markdown text with most important information for entity so a Security analyst can act. Your response should take all the important elements of the entity into consideration. Limit your response to 500 characters. Only reply with the required sections, and nothing else.\n  ### Format  \n  Return a string with markdown text without any explanations, or variable assignments. Do **not** wrap the output in triple backticks. \n    The result must be a list of bullet points, nothing more.\n    Generate summaries for the following sections, but omit any section that if the information isn't available in the context:\n      - Risk score: Summarize the entity's risk score and the main factors contributing to it.\n      - Criticality: Note the entity's criticality level and its impact on the risk score.\n      - Vulnerabilities: Summarize any significant Vulnerability and briefly explain why it is significant.\n      - Anomalies: Summarize unusual activities or anomalies detected for the entity and briefly explain why it is significant.  \n    The generated data **MUST** follow this pattern:\n  \"\"\"- **{title1}**: {description1}\n  - **{title2}**: {description2}\n  ...\n  - **{titleN}**: {descriptionN}\n  \n  **Recommended action**: {description}\"\"\"\n  \n    **Strict rules**:\n      _ Only reply with the required sections, and nothing else.\n      - Limit your total response to 500 characters.\n      - Never return an section which there is no data available in the context.\n      - Use inline code (backticks) for technical values like file paths, process names, arguments, etc.\n      - Recommended action title should be bold and text should be inline.    \n      - **Do not** include any extra explanation, reasoning or text.\n    "
+    }
+  },
+  "id": "security_ai_prompts-1b3525c5-4a67-4578-b9e7-2e15b457f21e",
+  "type": "security-ai-prompt"
+}
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "The suggested remediation action to take for the policy response failure"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-6a9fe9d7-5cd3-4d24-b458-f948da93c19f",`
	`9`	`+ "id": "security_ai_prompts-00dba7a7-4edb-4c46-8f6d-aa4670020cd4",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "The process.executable value of the event"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-f940864a-3dfe-4c37-b3ff-eb93aca35692",`
	`9`	`+ "id": "security_ai_prompts-02d435d2-3ab1-45f7-be74-0715a8ca2ad9",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	"default": "Return only a single-line stringified JSON object without any code fences, explanations, or variable assignments. Do not wrap the output in triple backticks or any Markdown code block. \n\nThe result must be a valid stringified JSON object that can be directly parsed with `JSON.parse()` in JavaScript.\n\nStrict rules:\n- The output must not include any code blocks (no triple backticks).\n- The output must be a string, ready to be passed directly into `JSON.parse()`.\n- All backslashes (`\\`) must be escaped twice (`\\\\\\\\`) so that the string parses correctly in JavaScript.\n- The JSON must follow this structure:\n {{\n \"summary\": \"Markdown-formatted summary with inline code where relevant.\",\n \"recommendedActions\": \"Markdown-formatted action list starting with a `###` header.\"\n }}\n- The summary text should just be text. It does not need any titles or leading items in bold.\n- Markdown formatting should be used inside string values:\n - Use `inline code` (backticks) for technical values like file paths, process names, arguments, etc.\n - Use `bold` for emphasis.\n - Use `-` for bullet points.\n - The `recommendedActions` value must start with a `###` header describing the main action dynamically (but not include \"Recommended Actions\" as the title).\n- Do not include any extra explanation or text. Only return the stringified JSON object.\n\nThe response should look like this:\n{{\"summary\":\"Markdown-formatted summary text.\",\"recommendedActions\":\"Markdown-formatted action list starting with a ### header.\"}}"
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-924663fd-7d79-46b6-8eb9-77db4e242c96",`
	`9`	`+ "id": "security_ai_prompts-0760d6bb-3255-4db8-8512-38ba25055a74",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Discover the types of questions you can ask"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-be609c1f-1385-44c9-856e-40d23d3635e3",`
	`9`	`+ "id": "security_ai_prompts-07abbb80-404c-4d31-b4d6-50450c6c5561",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Call this for knowledge about the latest entity risk score and the inputs that contributed to the calculation (sorted by 'kibana.alert.risk_score') in the environment, or when answering questions about how critical or risky an entity is. When informing the risk score value for a entity you must use the normalized field 'calculated_score_norm'."`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-7e4fa357-c793-4b59-a08d-eb0b2afb7ffb",`
	`9`	`+ "id": "security_ai_prompts-0c781c7f-9ff9-4335-a0e2-6e5508ac8fa0",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "Research"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-04f42079-7f27-4892-8c63-4c500e5821c4",`
	`9`	`+ "id": "security_ai_prompts-1474ef6a-9da0-4871-87e6-eaf38b486699",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "A link to documented remediation steps for the policy response failure"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-c2198fab-2091-4eb3-8aec-c9b0e06c26b5",`
	`9`	`+ "id": "security_ai_prompts-174eadbe-d322-4f74-af55-eb9c49ce9d24",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,6 @@`
`6`	`6`	`"default": "You are a security analyst and expert in resolving security incidents. Your role is to assist by answering questions about Elastic Security. Do not answer questions unrelated to Elastic Security. If available, use the Knowledge History provided to try and answer the question. If not provided, you can try and query for additional knowledge via the KnowledgeBaseRetrievalTool. {citations_prompt} \n{formattedTime}"`
`7`	`7`	`}`
`8`	`8`	`},`
`9`		`- "id": "security_ai_prompts-546b95da-5d4c-4bb8-9e89-1550045a1054",`
	`9`	`+ "id": "security_ai_prompts-18f052ce-6a1c-408b-bedc-325189facd8d",`
`10`	`10`	`"type": "security-ai-prompt"`
`11`	`11`	`}`