How Elastic built Automatic Import, Attack Discovery, and Elastic AI Assistant using LangChain
Security teams faced labor-intensive SecOps tasks, and adopting Elastic's new ES|QL query language required learning complex query syntax and functions — creating a barrier to effective threat hunting and detection.
Three AI-powered security capabilities were deployed to production, reaching over 350 users, with LangSmith enabling the Elastic Security team to debug issues, track performance, and estimate costs across LLM requests.
Frequently asked questions
What did this team achieve with this AI workflow?
Three AI-powered security capabilities were deployed to production, reaching over 350 users, with LangSmith enabling the Elastic Security team to debug issues, track performance, and estimate costs across LLM requests.
What tools did this team use?
LangChain, LangGraph, LangSmith, Elasticsearch Platform, ES|QL.
What results were reported?
Users reached in production: over 350 users; SecOps task efficiency: expedite labor-intensive SecOps tasks (source-reported, not independently verified).
How is this incident management AI workflow structured?
User asks natural language question → RAG retrieves vectorized context → LangGraph orchestrates generation → Attack Discovery identifies attacks → Automatic Import generates integration package.