elastic · KDKHD · May 22, 2025 · May 22, 2025 · May 22, 2025 · May 22, 2025
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -362,6 +362,7 @@
 /packages/salesforce @elastic/obs-infraobs-integrations
 /packages/santa @elastic/security-service-integrations
 /packages/security_ai_prompts @elastic/security-generative-ai
+/packages/security_labs_content @elastic/security-generative-ai
 /packages/security_detection_engine @elastic/protections
 /packages/sentinel_one @elastic/security-service-integrations
 /packages/sentinel_one_cloud_funnel @elastic/security-service-integrations

@@ -0,0 +1,93 @@
+Elastic License 2.0
+
+URL: https://www.elastic.co/licensing/elastic-license
+
+## Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+## Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide,
+non-sublicensable, non-transferable license to use, copy, distribute, make
+available, and prepare derivative works of the software, in each case subject to
+the limitations and conditions below.
+
+## Limitations
+
+You may not provide the software to third parties as a hosted or managed
+service, where the service provides users with access to any substantial set of
+the features or functionality of the software.
+
+You may not move, change, disable, or circumvent the license key functionality
+in the software, and you may not remove or obscure any functionality in the
+software that is protected by the license key.
+
+You may not alter, remove, or obscure any licensing, copyright, or other notices
+of the licensor in the software. Any use of the licensor’s trademarks is subject
+to applicable law.
+
+## Patents
+
+The licensor grants you a license, under any patent claims the licensor can
+license, or becomes able to license, to make, have made, use, sell, offer for
+sale, import and have imported the software, in each case subject to the
+limitations and conditions in this license. This license does not cover any
+patent claims that you cause to be infringed by modifications or additions to
+the software. If you or your company make any written claim that the software
+infringes or contributes to infringement of any patent, your patent license for
+the software granted under these terms ends immediately. If your company makes
+such a claim, your patent license ends immediately for work on behalf of your
+company.
+
+## Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you
+also gets a copy of these terms.
+
+If you modify the software, you must include in any modified copies of the
+software prominent notices stating that you have modified the software.
+
+## No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in
+these terms.
+
+## Termination
+
+If you use the software in violation of these terms, such use is not licensed,
+and your licenses will automatically terminate. If the licensor provides you
+with a notice of your violation, and you cease all violation of this license no
+later than 30 days after you receive that notice, your licenses will be
+reinstated retroactively. However, if you violate these terms after such
+reinstatement, any additional violation of these terms will cause your licenses
+to terminate automatically and permanently.
+
+## No Liability
+
+*As far as the law allows, the software comes as is, without any warranty or
+condition, and the licensor will not be liable to you for any damages arising
+out of these terms or the use or nature of the software, under any kind of
+legal claim.*
+
+## Definitions
+
+The **licensor** is the entity offering these terms, and the **software** is the
+software the licensor makes available under these terms, including any portion
+of it.
+
+**you** refers to the individual or entity agreeing to these terms.
+
+**your company** is any legal entity, sole proprietorship, or other kind of
+organization that you work for, plus all organizations that have control over,
+are under the control of, or are under common control with that
+organization. **control** means ownership of substantially all the assets of an
+entity, or the power to direct its management and policies by vote, contract, or
+otherwise. Control can be direct or indirect.
+
+**your licenses** are all the licenses granted to you for the software under
+these terms.
+
+**use** means anything you do with the software requiring one of your licenses.
+
+**trademark** means trademarks, service marks, and similar rights.
@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+  changes:
+    - description: Initial draft of the package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13967
@@ -0,0 +1,46 @@
+# Security Labs Content Integration (Beta)
+
+## Overview
+
+The **Security Labs Content** integration provides the security labs content to be used within elastic security.
+
+This integration is in **beta** and subject to changes. Feedback and contributions are welcome.
+
+## Requirements
+
+- Elastic Stack **8.19.x**, **9.1.x**, or later.
+- Kibana with the **Elastic Assistant** plugin enabled.
+
+## Installation
+
+This integration is automatically installed when users setup the **Security AI Assistant knowledge base** in Kibana. No manual setup is required.
+
+## Usage
+
+1. Navigate to **Security Solution** in Kibana.
+2. The security labs content will be used by the security AI assistant
+
+## Developer Guide
+
+Developers updating this integration must regenerate and update the AI prompts in the package:
+
+1. Generate the Security AI Prompts in the Kibana repository:
+   ```sh
+   cd x-pack/solutions/security/plugins/elastic_assistant
+   yarn generate-security-labs-content
+   ```
+2. Copy the updated prompt files to this package:
+   ```sh
+   cd packages/security_labs_content/kibana/security_labs_content
+   rm ./*.json
+   cp $KIBANA_HOME/target/security_labs_content/*.json .
+   ```
+
+## Known Issues & Limitations
+This integration is currently in beta and subject to change.
+
+## Contributing
+Contributions are welcome! If you encounter issues or have suggestions, please open an issue or submit a pull request.
+
+## License
+This integration is subject to the Elastic License.
@@ -0,0 +1,24 @@
+{
+  "attributes": {
+    "raw": {
+      "document": "---\ntitle: \"2022 Elastic Global Threat Report Announcement\"\nslug: \"2022-elastic-global-threat-report-announcement\"\ndate: \"2022-11-30\"\ndescription: \"Discover our latest findings & strategic recommendations to better stay informed of potential directions threat actors may focus on.\"\nauthor:\n  - slug: devon-kerr\nimage: \"gtr-blog-image-720x420.jpg\"\ncategory:\n  - slug: reports\n---\n\nToday Elastic Security Labs celebrates another milestone: launching the [2022 Elastic Global Threat Report](https://www.elastic.co/explore/security-without-limits/global-threat-report), our inaugural summary of threat trends, forecasts, and recommendations. We analyzed millions of telemetry events from sources around the world to share these insights with you; all part of our continued commitment to transparency, and our mission to protect the world's data.\n\nYou can find the report [here](https://www.elastic.co/explore/security-without-limits/global-threat-report), we're excited to share it with you.\n"
+    },
+    "title": "2022 Elastic Global Threat Report Announcement",
+    "slug": "2022-elastic-global-threat-report-announcement",
+    "date": "2022-11-30",
+    "description": "Discover our latest findings & strategic recommendations to better stay informed of potential directions threat actors may focus on.",
+    "author": [
+      {
+        "slug": "devon-kerr"
+      }
+    ],
+    "image": "gtr-blog-image-720x420.jpg",
+    "category": [
+      {
+        "slug": "reports"
+      }
+    ]
+  },
+  "id": "security_labs_content-2022_elastic_global_threat_report_announcement-md",
+  "type": "security_labs_content"
+}
@@ -0,0 +1,24 @@
+{
+  "attributes": {
+    "raw": {
+      "document": "---\ntitle: \"2022 Elastic Global Threat Report: Helping security leaders navigate today’s threat landscape\"\nslug: \"2022-elastic-global-threat-report-helping-security-leaders-navigate-todays-threat-landscape\"\ndate: \"2022-11-30\"\ndescription: \"A significant percentage of all cyber threats achieve a degree of success against technical, procedural, and human mitigations. So what is a company to do in the face of such unfavorable odds? Find out in this article.\"\nauthor:\n  - slug: ken-exner\nimage: \"gtr-blog-image-720x420.jpg\"\ncategory:\n  - slug: reports\n---\n\nAs the threat landscape continues to evolve, cybersecurity stakes are growing exponentially higher for today’s organizations. Between Log4j, geopolitical tension, and increasing ransomware threats, security is not just at the top of the business agenda but also the societal agenda. Meanwhile, threat actors have adopted new capabilities and methods while increasing their cadence of activity.\n\nThreat detection and response has come a long way since the firewall dissolved and the cloud took center stage. AI and machine learning, for example, have been major contributors to the advancement of cybersecurity. Machine learning is being used to identify malicious behavior from bad actors by modeling network behavior and improving overall threat detection.\n\nWhat’s been difficult is the sea of sameness filled with vendors promising products to mitigate today’s threats while preparing for the next one. As the [2022 Elastic Global Threat Report](https://www.elastic.co/explore/security-without-limits/global-threat-report) outlines, a significant percentage of all threats achieve a degree of success against technical, procedural, and human mitigations. So what is a company to do in the face of such unfavorable odds? At Elastic, we believe there are several ingredients that are critical to managing today’s threat landscape.\n\n## Build a program, not just a tool\n\nVendors need to start thinking about security products as more than software. They are part of a living, breathing program that takes care and feeding. For Elastic, it’s not just about shipping a solution; it’s about offering a holistic approach to security that happens to come with a great product. It’s sharing insights and best practices and creating a community focused on security data intelligence that extends the value of Elastic Security for customers.\n\nThe 2022 Elastic Threat Report is an important part of that program, and we’re excited to share our knowledge with the community. In addition to vital information from the Elastic Security Labs team, the report provides actionable guidance to security practitioners about how to maximize positive outcomes for their organizations.\n\n## It takes an (open) community\n\nThe foundation of any good program is a strong community that can support and foster it. Take Elastic’s commitment to open security, for example. The community born from vendors being transparent about their security controls, detection rules, and threat logic can be a force multiplier of best practices across the entire industry.\n\nWhen vendors engage their experts with experts from across the broader security community about new threats they’ve observed or innovative methods for detecting nuanced attacks, it creates greater scalability of system defenses — not just for the enterprise but also for their customers.\n\nFor example, at Elastic we recently opened our Endpoint Security [protections-artifacts repo](https://github.com/elastic/protections-artifacts), adding to our already open [detection-rules repo](https://github.com/elastic/detection-rules/tree/main/rules), to foster further collaboration with our community and be transparent about how we protect users.\n\n## Treat the cause, not the symptom\n\nDespite the ever-growing threat landscape and the risks that it poses, many organizations are still treating security symptoms instead of the cause. Companies can no longer afford to keep the security team siloed and separate from the engineering team. The two functions must work closely to build products and solutions that can withstand the barrage of advancing threats.\n\nAt Elastic, we design and build products with security in mind from the start, so it’s baked into every solution we ship to our customers. In fact, we take security so seriously that the office of InfoSec is part of the engineering organization.\n\nWe hope that the 2022 Elastic Global Threat Report will help your understanding of the important shifts in the threat landscape, and provide the information you need to make your organization more resilient, prepared, and protected.\n\n[Download the 2022 Elastic Global Threat Report](https://www.elastic.co/explore/security-without-limits/global-threat-report).\n"
+    },
+    "title": "2022 Elastic Global Threat Report: Helping security leaders navigate today’s threat landscape",
+    "slug": "2022-elastic-global-threat-report-helping-security-leaders-navigate-todays-threat-landscape",
+    "date": "2022-11-30",
+    "description": "A significant percentage of all cyber threats achieve a degree of success against technical, procedural, and human mitigations. So what is a company to do in the face of such unfavorable odds? Find out in this article.",
+    "author": [
+      {
+        "slug": "ken-exner"
+      }
+    ],
+    "image": "gtr-blog-image-720x420.jpg",
+    "category": [
+      {
+        "slug": "reports"
+      }
+    ]
+  },
+  "id": "security_labs_content-2022_elastic_global_threat_report_helping_security_leaders_navigate_todays_threat_landscape-md",
+  "type": "security_labs_content"
+}