[mdx → asciidoc] Add AsciiDoc serverless files

README.md

@@ -9,36 +9,32 @@ Documentation Manager: Janeen Roberts (Github: `@jmikell821`)
 
 ## Contributing to Elastic Security docs
 
-You can open an issue using the appropriate [template](https://github.com/elastic/security-docs/issues/new/choose). 
+You can open an issue using the appropriate [template](https://github.com/elastic/security-docs/issues/new/choose).
 
 > [!NOTE]
-> Please report any **known issues** that need to be documented by creating an issue in our [private repo](https://github.com/elastic/security-docs-internal/issues) using the known issue template. 
+> Please report any **known issues** that need to be documented by creating an issue in our [private repo](https://github.com/elastic/security-docs-internal/issues) using the known issue template.
 
 To contribute directly to Elastic Security documentation:
 
-1. Please fork and clone the `security-docs` repo. 
-1. Check out the `main` branch and fetch the latest changes. 
-1. Check out a new branch and make your changes. 
-1. Save your changes and open a pull request. 
-1. Add all appropriate Github users as reviewers.  
-1. Add the appropriate release version label, backport version label if appropriate, and team label to the PR. 
-1. If your PR changes any [serverless docs content](https://github.com/elastic/security-docs/tree/main/docs/serverless), add the label `ci:doc-build` to generate a preview of the serverless docs on the PR.
-1. Once the docs team approves all changes, you can merge it. If a backport version label was added to a PR for stack versions 7.14.0 and newer, mergify will automatically open a backport PR. 
-1. Merge the backport PR once it passes all CI checks. 
+1. Please fork and clone the `security-docs` repo.
+1. Check out the `main` branch and fetch the latest changes.
+1. Check out a new branch and make your changes.
+1. Save your changes and open a pull request.
+1. Add all appropriate Github users as reviewers.
+1. Add the appropriate release version label, backport version label if appropriate, and team label to the PR.
+1. Once the docs team approves all changes, you can merge it. If a backport version label was added to a PR for stack versions 7.14.0 and newer, mergify will automatically open a backport PR.
+1. Merge the backport PR once it passes all CI checks.
 
 ### Preview documentation changes
 
 When you open a pull request, preview links are automatically added as a comment in the PR. Once the CI check builds successfully, the links will be live and you can click them to preview your changes.
 
-For stateful docs, you also might want to add targeted links to help reviewers find specific pages related to your PR. Preview URLs include the following pattern (replace `<YOUR_PR_NUMBER_HERE>` with the PR number):
+You also might want to add targeted links to help reviewers find specific pages related to your PR. Preview URLs include the following pattern (replace `<YOUR_PR_NUMBER_HERE>` with the PR number):
 
 ```
 https://security-docs_bk_<YOUR_PR_NUMBER_HERE>.docs-preview.app.elstc.co/guide/en/security/master/
 ```
 
-> [!NOTE]
-> Serverless docs previews don't allow targeted links, because the id in the URL changes with each rebuild.
-
 ## License
 
 Shield: [![CC BY-NC-ND 4.0][cc-by-nc-nd-shield]][cc-by-nc-nd]

docs/serverless/AI-for-security/ai-assistant-alert-triage.asciidoc

@@ -0,0 +1,37 @@
+[[security-triage-alerts-with-elastic-ai-assistant]]
+= Triage alerts
+
+// :description: Elastic AI Assistant can help you enhance and streamline your alert triage workflows.
+// :keywords: security, overview, get-started
+
+preview:[]
+
+Elastic AI Assistant can help you enhance and streamline your alert triage workflows.
+
+AI Assistant can help you interpret an alert and understand its context. When you view an alert in {elastic-sec}, details such as related documents, hosts, and users appear alongside a synopsis of the events that triggered the alert. This data provides a starting point for understanding a potential threat. AI Assistant can answer questions about this data and offer insights and actionable recommendations to remediate the issue.
+
+[discrete]
+[[use-ai-assistant-to-triage-an-alert]]
+== Use AI Assistant to triage an alert
+
+. Choose an alert to investigate, then click the **View details** button from the Alerts table.
+. On the details flyout, click **Chat** to launch AI Assistant. Data related to the selected alert is automatically added to the prompt.
+. Click **Alert (from summary)** to view which alert fields will be shared with AI Assistant. (For more information about selecting which fields to send, and to learn about anonymizing your data, refer to <<configure-ai-assistant,AI Assistant>>.)
+. (Optional) Click a quick prompt to use it as a starting point for your query, for example, **Alert summarization**. Customize the prompt and add detail to improve AI Assistant's response.
+Once you’ve submitted your query, the AI Assistant will process the information and provide a detailed response. Depending on your prompt and which alert data you included, its response can include a thorough analysis of the alert that highlights key elements such as the nature of the potential threat, potential impact, and suggested response actions.
+. (Optional) Ask follow-up questions, provide additional information for further analysis, and request clarification. The response is not a static report.
+
+[discrete]
+[[generate-triage-reports]]
+== Generate triage reports
+
+Elastic AI Assistant can streamline the documentation and report generation process by providing clear records of security incidents, their scope and impact, and your remediation efforts. You can use AI Assistant to create summaries or reports for stakeholders that include key event details, findings, and diagrams. Once the AI Assistant has finished analyzing one or more alerts, you can generate reports by using prompts such as:
+
+* “Generate a detailed report about this incident, including timeline, impact analysis, and response actions. Also, include a diagram of events.”
+* “Generate a summary of this incident/alert and include diagrams of events.”
+* “Provide more details on the mitigation strategies used.”
+
+After you review the report, click **Add to existing case** at the top of AI Assistant's response. This allows you to save a record of the report and make it available to your team.
+
+[role="screenshot"]
+image::images/ai-assistant-alert-triage/ai-triage-add-to-case.png[An AI Assistant dialogue with the add to existing case button highlighted]

docs/serverless/AI-for-security/ai-assistant-alert-triage.mdx

@@ -14,18 +14,18 @@ Elastic AI Assistant can help you enhance and streamline your alert triage workf
 
 AI Assistant can help you interpret an alert and understand its context. When you view an alert in ((elastic-sec)), details such as related documents, hosts, and users appear alongside a synopsis of the events that triggered the alert. This data provides a starting point for understanding a potential threat. AI Assistant can answer questions about this data and offer insights and actionable recommendations to remediate the issue.
 
-<div id="Use AI Assistant to triage an alert"></div>
+<div id="use-ai-assistant-to-triage-an-alert"></div>
 ## Use AI Assistant to triage an alert
 
 1. Choose an alert to investigate, then click the **View details** button from the Alerts table.
-2. On the details flyout, click **Chat** to launch AI Assistant. Data related to the selected alert is automatically added to the prompt. 
+2. On the details flyout, click **Chat** to launch AI Assistant. Data related to the selected alert is automatically added to the prompt.
 3. Click **Alert (from summary)** to view which alert fields will be shared with AI Assistant. (For more information about selecting which fields to send, and to learn about anonymizing your data, refer to <DocLink slug="/serverless/security/ai-assistant" section="configure-ai-assistant">AI Assistant</DocLink>.)
 4. (Optional) Click a quick prompt to use it as a starting point for your query, for example, **Alert summarization**. Customize the prompt and add detail to improve AI Assistant's response.
  Once you’ve submitted your query, the AI Assistant will process the information and provide a detailed response. Depending on your prompt and which alert data you included, its response can include a thorough analysis of the alert that highlights key elements such as the nature of the potential threat, potential impact, and suggested response actions.
 6. (Optional) Ask follow-up questions, provide additional information for further analysis, and request clarification. The response is not a static report.
 
 
-<div id="Generate triage reports"></div>
+<div id="generate-triage-reports"></div>
 ## Generate triage reports
 
 Elastic AI Assistant can streamline the documentation and report generation process by providing clear records of security incidents, their scope and impact, and your remediation efforts. You can use AI Assistant to create summaries or reports for stakeholders that include key event details, findings, and diagrams. Once the AI Assistant has finished analyzing one or more alerts, you can generate reports by using prompts such as:
@@ -34,6 +34,6 @@ Elastic AI Assistant can streamline the documentation and report generation proc
 * “Generate a summary of this incident/alert and include diagrams of events.”
 * “Provide more details on the mitigation strategies used.”
 
-After you review the report, click **Add to existing case** at the top of AI Assistant's response. This allows you to save a record of the report and make it available to your team. 
+After you review the report, click **Add to existing case** at the top of AI Assistant's response. This allows you to save a record of the report and make it available to your team.
 
 <DocImage size="xl" url="../images/ai-assistant-alert-triage/ai-triage-add-to-case.png" alt="An AI Assistant dialogue with the add to existing case button highlighted" />

docs/serverless/AI-for-security/ai-assistant-esql-queries.asciidoc

@@ -0,0 +1,19 @@
+[[security-ai-assistant-esql-queries]]
+= Generate, customize, and learn about {esql} queries
+
+// :description: AI Assistant has specialized {esql} capabilities.
+// :keywords: security, overview, get-started
+
+Elastic AI Assistant can help you learn about and leverage the Elasticsearch Query Language ({esql}).
+
+With AI Assistant's <<ai-assistant-knowledge-base,ES|QL knowledge base>> enabled, AI Assistant benefits from specialized training data that enables it to answer questions related to {esql} at an expert level.
+
+AI Assistant can help with {esql} in many ways, including:
+
+* **Education and training**: AI Assistant can serve as a powerful {esql} learning tool. Ask it for examples, explanations of complex queries, and best practices.
+* **Writing new queries**: Prompt AI Assistant to provide a query that accomplishes a particular task, and it will generate a query matching your description. For example: "Write a query to identify documents with `curl.exe` usage and calculate the sum of `destination.bytes`" or "What query would return all user logins to [a host] in the last six hours?"
+* **Providing feedback to optimize existing queries**: Send AI Assistant a query you want to work on and ask it for improvements, refactoring, a general assessment, or to optimize the query's performance with large data sets.
+* **Customizing queries for your environment**: Since each environment is unique, you may need to customize queries that you used in other contexts. AI Assistant can suggest necessary modifications based on contextual information you provide.
+* **Troubleshooting**: Having trouble with a query or getting unexpected results? Ask AI Assistant to help you troubleshoot.
+
+In these ways and others, AI Assistant can enable you to make use of {esql}'s advanced search capabilities to accomplish goals across {elastic-sec}.