Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] defend insights langgraph upgrade #211038

Merged
merged 4 commits into from
Mar 4, 2025
Merged

[Security Solution] defend insights langgraph upgrade #211038

merged 4 commits into from
Mar 4, 2025

Conversation

joeypoon
Copy link
Member

@joeypoon joeypoon commented Feb 13, 2025
edited
Loading

Summary

This is intended to be a "minimal" migration for Defend Insights to langgraph + output chunking. Other than the increased events due to the context increase from output chunking, the functionality is unchanged.

  • migrates defend insights to langgraph
  • adds output chunking / refinement

Checklist

@joeypoon joeypoon changed the title [Defend Insights] langgraph upgrade [Defend Insights] defend insights langgraph upgrade Feb 13, 2025
@joeypoon joeypoon changed the title [Defend Insights] defend insights langgraph upgrade [Security Solution] defend insights langgraph upgrade Feb 13, 2025
@joeypoon joeypoon force-pushed the feature/defend-insight-langgraph branch 5 times, most recently from ed41e6f to f48438b Compare February 17, 2025 15:02
@joeypoon joeypoon marked this pull request as ready for review February 17, 2025 15:11
@joeypoon joeypoon requested review from a team as code owners February 17, 2025 15:11
@joeypoon joeypoon added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Feb 17, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@joeypoon joeypoon added the backport:skip This commit does not require backporting label Feb 17, 2025
szwarckonrad
szwarckonrad reviewed Feb 19, 2025
View reviewed changes
Copy link
Contributor

@szwarckonrad szwarckonrad left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM! As for the architecture behind this upgrade - I’ll leave that to the GenAI team 😉.

Left a few questions and minor notes. The only “important” one is the lack of aggregation on path when fetching file events. Was this intentional? I still see value in fetching only unique paths, even with the larger window. - #211038 (comment)

I’ll run an end-to-end test tomorrow to ensure everything works on the frontend and will approve if all checks out.

x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights/helpers.ts Outdated
}> => {
const llmType = getLlmType(apiConfig.actionTypeId);
const model = apiConfig.model;
const tags = [DEFEND_INSIGHTS_TOOL_ID, llmType, model].flatMap((tag) => tag ?? []);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const tags = [DEFEND_INSIGHTS_TOOL_ID, llmType, model].flatMap((tag) => tag ?? []);
const tags = [DEFEND_INSIGHTS_TOOL_ID, llmType, model].filter(Boolean);

...s/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/index.ts Outdated
* Defend Insights graph.
*
* Refer to the following diagram for this graph:
* x-pack/solutions/security/plugins/elastic_assistant/docs/img/default_defend_insights_graph.png
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

404 😢

...ts/graphs/default_defend_insights_graph/nodes/retriever/anonymized_events_retriever/index.ts Outdated
Comment on lines 23 to 31
private insightType: DefendInsightType;
private endpointIds: string[];
private anonymizationFields?: AnonymizationFieldResponse[];
private esClient: ElasticsearchClient;
private onNewReplacements?: (newReplacements: Replacements) => void;
private replacements?: Replacements;
private size?: number;
private start?: DateMath;
private end?: DateMath;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want to follow strict class members types - all these can be readonly since set only in the constructor.

...ghts_graph/nodes/retriever/helpers/get_anonymized_events/get_events/get_file_events_query.ts Outdated
Comment on lines 24 to 74
return {
allow_no_indices: true,
fields: ['_id', 'agent.id', 'process.executable'],
query: {
bool: {
must: [
{
terms: {
'agent.id': endpointIds,
},
},
{
range: {
'@timestamp': {
gte: gte ?? 'now-24h',
lte: lte ?? 'now',
},
},
},
],
},
},
size: size ?? SIZE,
sort: [
{
'@timestamp': {
order: 'desc',
},
},
],
_source: false,
ignore_unavailable: true,
index: [FILE_EVENTS_INDEX_PATTERN],
};
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: Was the omission of the aggregations that were deduplicating by process.executable intentional?

https://github.com/elastic/kibana/pull/211038/files#diff-d52c783584105d55140fee86efcb8609cf3af470daa4b71bce774deb8ee43153

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, must have copied this over way back when and forgot to update after we added aggregations.

...efend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_combined/index.test.ts
Comment on lines +8 to +37
import { getCombined } from '.';

describe('getCombined', () => {
it('combines two strings correctly', () => {
const combinedGenerations = 'generation1';
const partialResponse = 'response1';
const expected = 'generation1response1';
const result = getCombined({ combinedGenerations, partialResponse });

expect(result).toEqual(expected);
});

it('handles empty combinedGenerations', () => {
const combinedGenerations = '';
const partialResponse = 'response1';
const expected = 'response1';
const result = getCombined({ combinedGenerations, partialResponse });

expect(result).toEqual(expected);
});

it('handles an empty partialResponse', () => {
const combinedGenerations = 'generation1';
const partialResponse = '';
const expected = 'generation1';
const result = getCombined({ combinedGenerations, partialResponse });

expect(result).toEqual(expected);
});
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good coverage :D

...end_insights/graphs/default_defend_insights_graph/nodes/helpers/get_continue_prompt/index.ts
* 2.0.
*/

export const getContinuePrompt =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A const somewhere among other consts?

...graphs/default_defend_insights_graph/nodes/refine/helpers/get_default_refine_prompt/index.ts
* 2.0.
*/

export const getDefaultRefinePrompt =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A const somewhere among other constants?

x-pack/solutions/security/plugins/elastic_assistant/server/lib/langchain/graphs/index.ts Outdated
export type GraphMetadata = AssistantGraphMetadata | AttackDiscoveryGraphMetadata;
export interface DefendInsightsGraphMetadata {
getDefaultDefendInsightsGraph: GetDefendInsightsGraph;
graphType: typeof DEFEND_INSIGHTS_TOOL_ID;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess we could rename this const and drop tool from it.

...plugins/elastic_assistant/server/lib/defend_insights/persistence/field_maps_configuration.ts Outdated
*/
import { FieldMap } from '@kbn/data-stream-adapter';

export const defendInsightsFieldMap: FieldMap = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not being used anywhere?

...solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/index.ts Outdated

const DEFAULT_PAGE_SIZE = 10;

export class DefendInsightsDataClient extends AIAssistantDataClient {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: I don't see this class being initialized anywhere? Also, helpers in this directory are being used only here? What's the story behind /persistence dir?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. .../ai_assistant_data_clients/defend_insights is supposed to be moved to persistence so I forgot to delete the old stuff and use persistence instead.

andrew-goldstein
andrew-goldstein reviewed Feb 19, 2025
View reviewed changes
x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/errors.ts
import { EndpointError } from '../../../../common/endpoint/errors';

export class InvalidDefendInsightTypeError extends EndpointError {
export class InvalidDefendInsightTypeError extends Error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider making elastic/security-defend-workflows CODEOWNERS of:

  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights

as that would cover most of the files below that are (by default) are owned by elastic/security-generative-ai:

Files by Code Owner

elastic/security-defend-workflows

  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/errors.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/schema/incompatible_antivirus.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/schema/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/prompts/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/get_events/get_file_events_query.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.test.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/index.test.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/prompts/incompatible_antivirus.ts
  • x-pack/solutions/security/plugins/security_solution/server/endpoint/services/workflow_insights/builders/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/endpoint/services/workflow_insights/index.test.ts
  • x-pack/solutions/security/plugins/security_solution/server/endpoint/services/workflow_insights/index.ts

elastic/security-generative-ai

  • x-pack/solutions/security/plugins/elastic_assistant/server/mocks/raw_defend_insights.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/errors.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/constants.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_end/helpers/get_generate_or_end_decision/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_end/helpers/get_generate_or_end_decision/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_end/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_end/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_refine_or_end/helpers/get_generate_or_refine_or_end_decision/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_refine_or_end/helpers/get_generate_or_refine_or_end_decision/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_refine_or_end/helpers/get_should_end/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_refine_or_end/helpers/get_should_end/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_refine_or_end/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/generate_or_refine_or_end/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/helpers/get_has_results/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/helpers/get_has_results/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/refine_or_end/helpers/get_refine_or_end_decision/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/refine_or_end/helpers/get_refine_or_end_decision/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/refine_or_end/helpers/get_should_end/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/refine_or_end/helpers/get_should_end/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/refine_or_end/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/refine_or_end/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/retrieve_anonymized_events_or_generate/get_retrieve_or_generate/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/retrieve_anonymized_events_or_generate/get_retrieve_or_generate/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/retrieve_anonymized_events_or_generate/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/edges/retrieve_anonymized_events_or_generate/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/helpers/get_max_hallucination_failures_reached/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/helpers/get_max_hallucination_failures_reached/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/helpers/get_max_retries_reached/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/helpers/get_max_retries_reached/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/mock/mock_anonymization_fields.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/mock/mock_anonymized_events.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/mock/mock_defend_insights.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/mock/mock_file_events_query_results.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/discard_previous_generations/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/discard_previous_generations/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/get_anonymized_events_from_state/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/get_anonymized_events_from_state/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/get_events_context_prompt/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/get_events_context_prompt/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/get_use_unrefined_results/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/helpers/get_use_unrefined_results/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/schema/incompatible_antivirus.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/schema/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/add_trailing_backticks_if_necessary/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/add_trailing_backticks_if_necessary/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/extract_json/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/extract_json/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/generations_are_repeating/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/generations_are_repeating/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_chain_with_format_instructions/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_chain_with_format_instructions/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_combined/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_combined/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_combined_prompt/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_combined_prompt/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_continue_prompt/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_continue_prompt/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_output_parser/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/get_output_parser/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/parse_combined_or_throw/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/prompts/incompatible_antivirus.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/prompts/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/response_is_hallucinated/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/response_is_hallucinated/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/discard_previous_refinements/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/discard_previous_refinements/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/get_combined_refine_prompt/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/get_combined_refine_prompt/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/get_default_refine_prompt/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/get_use_unrefined_results/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/helpers/get_use_unrefined_results/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/refine/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/anonymized_events_retriever/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/anonymized_events_retriever/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/helpers/get_anonymized_events/get_events/get_file_events_query.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/helpers/get_anonymized_events/get_events/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/helpers/get_anonymized_events/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/helpers/get_anonymized_events/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/retriever/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/state/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/state/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/types.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/field_maps_configuration.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/get_defend_insight.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/get_defend_insight.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/helpers.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/helpers.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/index.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/persistence/types.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/langchain/graphs/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/plugin.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights/helpers.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights/helpers.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.test.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights/post_defend_insights.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/defend_insights/translations.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/routes/evaluate/get_graphs_from_names/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/services/app_context.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/types.ts

elastic/security-solution

  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/errors.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/schema/incompatible_antivirus.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/generate/schema/index.ts
  • x-pack/solutions/security/plugins/elastic_assistant/server/lib/defend_insights/graphs/default_defend_insights_graph/nodes/helpers/prompts/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/get_events/get_file_events_query.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.test.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/get_events/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/index.test.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/defend_insights/prompts/incompatible_antivirus.ts
  • x-pack/solutions/security/plugins/security_solution/server/assistant/tools/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/endpoint/services/workflow_insights/builders/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/endpoint/services/workflow_insights/index.test.ts
  • x-pack/solutions/security/plugins/security_solution/server/endpoint/services/workflow_insights/index.ts
  • x-pack/solutions/security/plugins/security_solution/server/plugin.ts

@joeypoon joeypoon force-pushed the feature/defend-insight-langgraph branch 3 times, most recently from a101254 to c7aaef8 Compare February 26, 2025 14:08
@joeypoon
Copy link
Member Author

joeypoon commented Feb 26, 2025
edited
Loading

Addressed comments. Can I get another 👀 @andrew-goldstein @szwarckonrad?

  1. Code owners added
  2. Fixed incorrect usage of old data client stuff to use new persistence dir stuff
  3. Fixed file event query to use aggregation again
  4. The missing graph diagram I left missing for now. The draw-graph script is broken on main and out of scope for this PR.
  5. I made some of the smaller suggested stylistic changes where easy to do. Others require more file touches so I'd rather not delay this large PR any further.

szwarckonrad
szwarckonrad approved these changes Feb 27, 2025
View reviewed changes
Copy link
Contributor

@szwarckonrad szwarckonrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, great job!

@joeypoon joeypoon enabled auto-merge (squash) March 4, 2025 10:06
@joeypoon
[Security Solution] defend insights langgraph upgrade
6c8e366 
* migrates defend insights to langgraph
* adds output chunking / refinement
@joeypoon joeypoon force-pushed the feature/defend-insight-langgraph branch from 0856e6d to 8d7b309 Compare March 4, 2025 11:57
@joeypoon joeypoon force-pushed the feature/defend-insight-langgraph branch from 8d7b309 to 09e8cf7 Compare March 4, 2025 12:01
@joeypoon joeypoon merged commit 647a183 into elastic:main Mar 4, 2025
10 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
elasticAssistant 42 44 +2

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
elasticAssistant 2 3 +1
Unknown metric groups

API count

id before after diff
elasticAssistant 57 60 +3

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrew-goldstein andrew-goldstein andrew-goldstein approved these changes

@szwarckonrad szwarckonrad szwarckonrad approved these changes

@tomsonpl tomsonpl Awaiting requested review from tomsonpl tomsonpl is a code owner automatically assigned from elastic/security-defend-workflows

@parkiino parkiino Awaiting requested review from parkiino parkiino is a code owner automatically assigned from elastic/security-defend-workflows

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@joeypoon @elasticmachine @andrew-goldstein @szwarckonrad @kibanamachine