elastic · jmcarlock · Jul 25, 2025 · Jul 23, 2025 · Jul 23, 2025 · Jul 23, 2025
@@ -14,9 +14,16 @@ products:
 # Anomaly detection
 
 
+::::{note}
 [{{ml-cap}}](/explore-analyze/machine-learning/anomaly-detection.md) functionality is available when you have the appropriate role, subscription, are using a [cloud deployment](https://cloud.elastic.co/registration?page=docs&placement=docs-body), or are testing out a **Free Trial**. Refer to [Machine learning job and rule requirements](/solutions/security/advanced-entity-analytics/machine-learning-job-rule-requirements.md) for more information.
+::::
 
-You can view the details of detected anomalies within the `Anomalies` table widget shown on the Hosts, Network, and associated details pages, or even narrow to the specific date range of an anomaly from the `Max anomaly score by job` field in the overview of the details pages for hosts and IPs. These interfaces also offer the ability to drag and drop details of the anomaly to Timeline, such as the `Entity` itself, or any of the associated `Influencers`.
+Anomaly detection jobs allow you to to identify anomalous events or patterns in your data. In a security context, they are typically used with detection rules to create alerts when there is divergence from baseline data.
+
+
+::::{tip}
+See [{{ml-cap}}: Anomaly detection](/explore-analyze/machine-learning/anomaly-detection.md) and [About detection rules](/solutions/security/detect-and-alert/about-detection-rules.md) for more background.
+::::
 
 
 ## Manage {{ml}} jobs [manage-jobs]
@@ -47,6 +54,9 @@ You can also check the status of {{ml}} detection rules, and start or stop their
     :screenshot:
     :::
 
+::::{tip}
+For an overview of creating machine learning rules, see [Create a machine learning rule](/solutions/security/detect-and-alert/create-detection-rule.md#create-ml-rule).
+::::
 
 
 ### Prebuilt jobs [included-jobs]
@@ -73,6 +83,8 @@ Machine learning jobs look back and analyze two weeks of historical data prior t
 
 ## View detected anomalies [view-anomalies]
 
+From the security solution, you can view the details of detected anomalies within the `Anomalies` table widget shown on the Explore > Hosts, Network, and Users pages, or even narrow to the specific date range of an anomaly from the `Max anomaly score by job` field in the overview of the details pages for hosts and IPs. These interfaces also offer the ability to drag and drop details of the anomaly to Timeline, such as the `Entity` itself, or any of the associated `Influencers`.
+
 To view the `Anomalies` table widget and `Max Anomaly Score By Job` details, the user must have the `machine_learning_admin` or `machine_learning_user` role.
 
 ::::{note}

@@ -92,7 +92,10 @@ To create or edit {{ml}} rules, you need:
 * The appropriate [{{stack}} subscription](https://www.elastic.co/pricing) or [{{serverless-short}} project tier](../../../deploy-manage/deploy/elastic-cloud/project-settings.md).
 * The [`machine_learning_admin`](/deploy-manage/users-roles/cluster-or-deployment-auth/built-in-roles.md) in {{stack}} or the appropriate [user role](/deploy-manage/users-roles/cloud-organization/user-roles.md) in {{serverless-short}}.
 * The selected {{ml}} job to be running for the rule to function correctly.
+::::
 
+::::{tip}
+For an overview of using machine learning with security, see [Anomaly detection](/solutions/security/advanced-entity-analytics/anomaly-detection.md).
 ::::
 
 
@@ -120,6 +123,9 @@ To create or edit {{ml}} rules, you need:
 
 5. Click **Continue** to [configure basic rule settings](/solutions/security/detect-and-alert/create-detection-rule.md#rule-ui-basic-params).
 
+::::{tip}
+To filter noisy machine learning rules, use [Rule exceptions](/solutions/security/detect-and-alert/rule-exceptions.md).
+::::
 
 ## Create a threshold rule [create-threshold-rule]