Skip to content

Add knowledge sources to Bits Security Analyst#38212

Open
janine-c wants to merge 4 commits into
masterfrom
janine/bits-security-analyst-knowledge-sources
Open

Add knowledge sources to Bits Security Analyst#38212
janine-c wants to merge 4 commits into
masterfrom
janine/bits-security-analyst-knowledge-sources

Conversation

@janine-c

Copy link
Copy Markdown
Contributor

What does this PR do? What is the motivation?

Adds a new feature where you can add knowledge sources for Bits Security Analyst. This also includes a small update to the existing configuration click paths, since we split the settings into multiple pages.

Merge readiness

Will check this box when I've gotten the okay from the PM!

  • Ready for merge

For Datadog employees:

  • ⚠️ Your branch name MUST follow the <name>/<description> convention and include the forward slash (/). If you've already created your PR with an incorrect branch name, please rename your branch and open a fresh PR.
  • 🤖 New: Comment with /review to run an automated check that catches common issues before a Documentation team member reviews your PR.

AI assistance

Additional notes

@janine-c janine-c requested a review from a team as a code owner July 16, 2026 00:36
@github-actions

Copy link
Copy Markdown
Contributor

Preview links (active after the build_preview check completes)

Modified Files

@evazorro evazorro left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! One optional suggestion, plus a question about formatting differences.

1. Click **Edit** to make the field editable so you can make your changes.
1. Click **Save**.
- **Situational Context**: Investigation-specific facts that Bits Security Analyst should apply in specific situations. You can search and filter the table of context entries, and choose to view expired entries, to get an overview of existing context.
1. Click **Create Context Entry**. A window opens, in which you can enter:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is more of a preference, but I'm not sure you need the "a window opens" / "the window closes." It seems like a common enough pattern to me that I don't think readers need extra guidance. But I leave it up to you!


To add knowledge, in Datadog, go to {{< ui >}}Security{{< /ui >}} > {{< ui >}}Settings{{< /ui >}} > {{< ui >}}Bits Security Analyst{{< /ui >}} > [{{< ui >}}Knowledge Sources{{< /ui >}}][8]. There, you can add two kinds of knowledge:
- **General Org Context (Bits.md)**: Organization-level instructions that Bits Security Analyst should apply to all investigations.
1. Click **Edit** to make the field editable so you can make your changes.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason you're using the UI tag elsewhere (e.g. line 127) but markdown bolding here?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@evazorro Good question! The UI tags were automatically inserted. I think the automation runs on an ongoing basis, so the asterisks don't hurt anything, but maybe I'm wrong?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope that sounds right to me! Carry on 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants