Proposal for GenAI Security fields

[susan-shu-c]

Related to: #1034

Changes

Proposing the following fields that enable security detections to protect LLMs from attacks, misuse (violations, compliance etc.). For example these detection rules.

gen_ai.policy.name	
gen_ai.policy.action
gen_ai.policy.confidence
gen_ai.compliance.violation_detected
gen_ai.compliance.violation_code
gen_ai.performance.request_size

Merge requirement checklist

• CONTRIBUTING.md guidelines followed.
• Change log entry added, according to the guidelines in When to add a changelog entry.
  • If your PR does not need a change log, start the PR title with [chore]
• schema-next.yaml updated with changes to existing conventions.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: susan-shu-c / name: Susan (a673664)

[susan-shu-c]

Notes

Some notes from 08-14-2024 working group regarding this proposal:

• [Liudmila] Should potentially re-use these attributes:
  • add new namespace "rule.*" #903
  • Try to merge with non-genai fields when possible
  • E.g. policy – category can be db, gen_ai, etc.
• (Advice to look at ECS - https://www.elastic.co/guide/en/ecs/current/index.html)

[jsuereth]

I think this may be related to #903 cc @trisch-me

[susan-shu-c]

Thanks, all! Now chatting with @trisch-me about what I can use from her PR #903, specifically some of those in security_rule

[github-actions]

This PR was marked stale due to lack of activity. It will be closed in 7 days.

[susan-shu-c]

I'm going to close this for now -- makes more sense to use what's in #903
If needed, I will reopen or create a new branch.