[Security Solution] [AI assistant] Security labs citations link to https://www.elastic.co/security-labs instead of knowledge base (#220668)

## Summary

Summarize your PR. If it involves visual changes include a screenshot or
gif.

This PR improves citations for the security labs content. Instead of
just opening
app/management/kibana/securityAiAssistantManagement?tab=knowledge_base,
citations now link to `https://www.elastic.co/security-labs/<slug>`

<img width="1726" alt="image"
src="https://github.com/user-attachments/assets/f77d7b09-e287-4246-8931-431eba5226ca"
/>


### How to test
- Start Kibana
- Load the knowledge base with security labs content
(http://localhost:5601/app/management/kibana/securityAiAssistantManagement?tab=knowledge_base)
- Wait for the security labs content to finish loading
- Open the security AI assistant
- Ask the following `Tell me what is in the security labs content`
- In the response, there should be a citation `[1]`
- Click on the citation link, and
`https://www.elastic.co/security-labs/<article>` should open in a new
tab.

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

### Identify risks

Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.

- [x] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Author: 3 people

oas_docs/output/kibana.serverless.yaml

@@ -57223,6 +57223,7 @@ components:
           - $ref: '#/components/schemas/Security_AI_Assistant_API_SecurityAlertsPageContentReference'
           - $ref: '#/components/schemas/Security_AI_Assistant_API_ProductDocumentationContentReference'
           - $ref: '#/components/schemas/Security_AI_Assistant_API_EsqlContentReference'
+          - $ref: '#/components/schemas/Security_AI_Assistant_API_HrefContentReference'
             additionalProperties: false
       description: A union of all content reference types
       type: object
@@ -57566,6 +57567,25 @@ components:
         - updated_at
       example: created_at
       type: string
+    Security_AI_Assistant_API_HrefContentReference:
+      allOf:
+        - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference'
+        - type: object
+          properties:
+            href:
+              description: URL to the external resource
+              type: string
+            label:
+              description: Label of the query
+              type: string
+            type:
+              enum:
+                - Href
+              type: string
+          required:
+            - type
+            - href
+      description: References an external URL
     Security_AI_Assistant_API_IndexEntry:
       allOf:
         - type: object

oas_docs/output/kibana.yaml

@@ -66540,6 +66540,7 @@ components:
           - $ref: '#/components/schemas/Security_AI_Assistant_API_SecurityAlertsPageContentReference'
           - $ref: '#/components/schemas/Security_AI_Assistant_API_ProductDocumentationContentReference'
           - $ref: '#/components/schemas/Security_AI_Assistant_API_EsqlContentReference'
+          - $ref: '#/components/schemas/Security_AI_Assistant_API_HrefContentReference'
             additionalProperties: false
       description: A union of all content reference types
       type: object
@@ -66883,6 +66884,25 @@ components:
         - updated_at
       example: created_at
       type: string
+    Security_AI_Assistant_API_HrefContentReference:
+      allOf:
+        - $ref: '#/components/schemas/Security_AI_Assistant_API_BaseContentReference'
+        - type: object
+          properties:
+            href:
+              description: URL to the external resource
+              type: string
+            label:
+              description: Label of the query
+              type: string
+            type:
+              enum:
+                - Href
+              type: string
+          required:
+            - type
+            - href
+      description: References an external URL
     Security_AI_Assistant_API_IndexEntry:
       allOf:
         - type: object

x-pack/platform/packages/shared/kbn-elastic-assistant-common/docs/openapi/ess/elastic_assistant_api_2023_10_31.bundled.schema.yaml

@@ -1829,6 +1829,7 @@ components:
           - $ref: '#/components/schemas/SecurityAlertsPageContentReference'
           - $ref: '#/components/schemas/ProductDocumentationContentReference'
           - $ref: '#/components/schemas/EsqlContentReference'
+          - $ref: '#/components/schemas/HrefContentReference'
             additionalProperties: false
       description: A union of all content reference types
       type: object
@@ -2184,6 +2185,25 @@ components:
         - updated_at
       example: created_at
       type: string
+    HrefContentReference:
+      allOf:
+        - $ref: '#/components/schemas/BaseContentReference'
+        - type: object
+          properties:
+            href:
+              description: URL to the external resource
+              type: string
+            label:
+              description: Label of the query
+              type: string
+            type:
+              enum:
+                - Href
+              type: string
+          required:
+            - type
+            - href
+      description: References an external URL
     IndexEntry:
       allOf:
         - type: object

x-pack/platform/packages/shared/kbn-elastic-assistant-common/docs/openapi/serverless/elastic_assistant_api_2023_10_31.bundled.schema.yaml

@@ -1829,6 +1829,7 @@ components:
           - $ref: '#/components/schemas/SecurityAlertsPageContentReference'
           - $ref: '#/components/schemas/ProductDocumentationContentReference'
           - $ref: '#/components/schemas/EsqlContentReference'
+          - $ref: '#/components/schemas/HrefContentReference'
             additionalProperties: false
       description: A union of all content reference types
       type: object
@@ -2184,6 +2185,25 @@ components:
         - updated_at
       example: created_at
       type: string
+    HrefContentReference:
+      allOf:
+        - $ref: '#/components/schemas/BaseContentReference'
+        - type: object
+          properties:
+            href:
+              description: URL to the external resource
+              type: string
+            label:
+              description: Label of the query
+              type: string
+            type:
+              enum:
+                - Href
+              type: string
+          required:
+            - type
+            - href
+      description: References an external URL
     IndexEntry:
       allOf:
         - type: object

x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/content_references/references/index.ts

@@ -11,6 +11,7 @@ import {
   KnowledgeBaseEntryContentReference,
   ProductDocumentationContentReference,
   EsqlContentReference,
+  HrefContentReference,
 } from '../../schemas';
 import { ContentReferenceId } from '../types';
 
@@ -63,6 +64,26 @@ export const knowledgeBaseReference = (
   };
 };
 
+/**
+ * Generates a contentReference for when a external page is referenced.
+ * @param id id of the contentReference
+ * @param href the external page url
+ * @param label content reference label
+ * @returns HrefContentReference
+ */
+export const hrefReference = (
+  id: ContentReferenceId,
+  href: string,
+  label?: string
+): HrefContentReference => {
+  return {
+    type: 'Href',
+    id,
+    href,
+    label,
+  };
+};
+
 /**
  * Generates a contentReference for when a ESQL query is referenced.
  * @param id id of the contentReference

x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts

@@ -107,6 +107,24 @@ export const SecurityAlertContentReference = BaseContentReference.merge(
   })
 );
 
+/**
+ * References an external URL
+ */
+export type HrefContentReference = z.infer<typeof HrefContentReference>;
+export const HrefContentReference = BaseContentReference.merge(
+  z.object({
+    type: z.literal('Href'),
+    /**
+     * Label of the query
+     */
+    label: z.string().optional(),
+    /**
+     * URL to the external resource
+     */
+    href: z.string(),
+  })
+);
+
 /**
  * References the security alerts page
  */
@@ -146,6 +164,7 @@ export const ContentReferenceInternal = z.union([
   SecurityAlertsPageContentReference,
   ProductDocumentationContentReference,
   EsqlContentReference,
+  HrefContentReference,
 ]);
 
 export type ContentReference = z.infer<typeof ContentReferenceInternal>;
@@ -164,6 +183,7 @@ export const ContentReferences = z
       SecurityAlertsPageContentReference,
       ProductDocumentationContentReference,
       EsqlContentReference,
+      HrefContentReference,
     ])
   );
 

x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml

@@ -113,6 +113,25 @@ components:
               type: string
               example: 'alert789'
 
+    HrefContentReference:
+      description: References an external URL
+      allOf:
+        - $ref: '#/components/schemas/BaseContentReference'
+        - type: object
+          required:
+            - 'type'
+            - 'href'
+          properties:
+            type: 
+              type: string
+              enum: [Href]
+            label:
+              description: Label of the query
+              type: string
+            href:
+              description: URL to the external resource
+              type: string
+
     SecurityAlertsPageContentReference:
       description: References the security alerts page
       allOf:
@@ -157,6 +176,7 @@ components:
         - $ref: '#/components/schemas/SecurityAlertsPageContentReference'
         - $ref: '#/components/schemas/ProductDocumentationContentReference'
         - $ref: '#/components/schemas/EsqlContentReference'
+        - $ref: '#/components/schemas/HrefContentReference'
           additionalProperties: false
 
     ContentReferences:
@@ -168,6 +188,7 @@ components:
           - $ref: '#/components/schemas/SecurityAlertsPageContentReference'
           - $ref: '#/components/schemas/ProductDocumentationContentReference'
           - $ref: '#/components/schemas/EsqlContentReference'
+          - $ref: '#/components/schemas/HrefContentReference'
             additionalProperties: false
       type: object
 

x-pack/solutions/security/plugins/elastic_assistant/server/knowledge_base/security_labs.test.ts

@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import yaml from 'js-yaml';
+
+describe('Security labs content', () => {
+  describe('content format', () => {
+    const contentDir = path.join(__dirname, 'security_labs');
+
+    const files = fs.readdirSync(contentDir);
+
+    files.forEach((file) => {
+      it(`should have non-empty string content in file: ${file}`, () => {
+        const filePath = path.join(contentDir, file);
+        const content = fs.readFileSync(filePath, 'utf-8');
+
+        expect(typeof content).toBe('string');
+        expect(content.trim().length).toBeGreaterThan(0);
+      });
+    });
+
+    files.forEach((file) => {
+      it(`should have title and slug defined in yaml header: ${file}`, () => {
+        const filePath = path.join(contentDir, file);
+        const content = fs.readFileSync(filePath, 'utf-8');
+
+        const split = content.split('---');
+        const yamlString = split[1];
+        const article = split[2];
+        const parsed = yaml.load(yamlString) as {
+          slug: string;
+          title: string;
+        };
+
+        const slug = parsed.slug;
+        const title = parsed.title;
+        expect(slug).toBeDefined();
+        expect(title).toBeDefined();
+        expect(typeof slug).toBe('string');
+        expect(typeof title).toBe('string');
+        expect(slug.trim().length).toBeGreaterThan(0);
+        expect(title.trim().length).toBeGreaterThan(0);
+
+        expect(article).toBeDefined();
+        expect(typeof article).toBe('string');
+      });
+    });
+
+    files.forEach((file) => {
+      it(`article should come after yaml definition: ${file}`, () => {
+        const filePath = path.join(contentDir, file);
+        const content = fs.readFileSync(filePath, 'utf-8');
+
+        const split = content.split('---');
+        const article = split[2];
+
+        expect(article).toBeDefined();
+        expect(typeof article).toBe('string');
+        expect(article.trim().length).toBeGreaterThan(0);
+      });
+    });
+  });
+});

x-pack/solutions/security/plugins/security_solution/public/assistant/get_comments/content_reference/components/content_reference_component_factory.test.tsx

@@ -75,6 +75,13 @@ describe('contentReferenceComponentFactory', () => {
         type: 'SecurityAlertsPage',
       } as ContentReference,
     ],
+    [
+      'HrefReference',
+      {
+        id: '1',
+        type: 'Href',
+      } as ContentReference,
+    ],
   ])(
     "Renders correct component for '%s'",
     async (testId: string, contentReference: ContentReference) => {

x-pack/solutions/security/plugins/security_solution/public/assistant/get_comments/content_reference/components/content_reference_component_factory.tsx

@@ -8,6 +8,7 @@
 import type {
   ContentReferences,
   EsqlContentReference,
+  HrefContentReference,
   KnowledgeBaseEntryContentReference,
   ProductDocumentationContentReference,
   SecurityAlertContentReference,
@@ -24,6 +25,7 @@ import { SecurityAlertsPageReference } from './security_alerts_page_reference';
 import { ContentReferenceButton } from './content_reference_button';
 import { ProductDocumentationReference } from './product_documentation_reference';
 import { EsqlQueryReference } from './esql_query_reference';
+import { HrefReference } from './href_reference';
 
 /** While a message is being streamed, content references are null. When a message has finished streaming, content references are either defined or undefined */
 export type StreamingOrFinalContentReferences = ContentReferences | undefined | null;
@@ -93,7 +95,17 @@ export const ContentReferenceComponentFactory: React.FC<Props> = ({
         />
       );
     }
+    case 'Href': {
+      return (
+        <HrefReference
+          contentReferenceNode={
+            contentReferenceNode as ResolvedContentReferenceNode<HrefContentReference>
+          }
+        />
+      );
+    }
     default:
-      return null;
+      const _exhaustiveCheck: never = contentReferenceNode.contentReference;
+      throw new Error(`Unhandled case: ${_exhaustiveCheck}`);
   }
 };