diff --git a/docs/docset.yml b/docs/docset.yml index 1ff9b5d8ec..522b05eb25 100644 --- a/docs/docset.yml +++ b/docs/docset.yml @@ -7,8 +7,6 @@ cross_links: toc: - file: reference/index.md children: - - file: reference/endpoint-command-reference.md - - file: reference/prebuilt-jobs.md - toc: reference/prebuilt-rules - toc: reference/prebuilt-rules-downloadable-updates subs: diff --git a/docs/reference/endpoint-command-reference.md b/docs/reference/endpoint-command-reference.md deleted file mode 100644 index fd11eb9a3c..0000000000 --- a/docs/reference/endpoint-command-reference.md +++ /dev/null @@ -1,333 +0,0 @@ ---- -mapped_pages: - - https://www.elastic.co/guide/en/security/current/endpoint-command-ref.html - - https://www.elastic.co/guide/en/serverless/current/security-endpoint-command-ref.html ---- - -# Endpoint command reference [endpoint-command-ref] - -This page lists the commands for management and troubleshooting of {{elastic-endpoint}}, the installed component that performs {{elastic-defend}}'s threat monitoring and prevention. - -::::{note} -* {{elastic-endpoint}} is not added to the `PATH` system variable, so you must prepend the commands with the full OS-dependent path: - - * On Windows: `"C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe"` - * On macOS: `/Library/Elastic/Endpoint/elastic-endpoint` - * On Linux: `/opt/Elastic/Endpoint/elastic-endpoint` - -* You must run the commands with elevated privileges—using `sudo` to run as the root user on Linux and macOS, or running as Administrator on Windows. - -:::: - - -The following {{elastic-endpoint}} commands are available: - -* [diagnostics](#elastic-endpoint-diagnostics-command) -* [help](#elastic-endpoint-help-command) -* [inspect](#elastic-endpoint-inspect-command) -* [install](#elastic-endpoint-install-command) -* [memorydump](#elastic-endpoint-memorydump-command) -* [run](#elastic-endpoint-run-command) -* [send](#elastic-endpoint-send-command) -* [status](#elastic-endpoint-status-command) -* [test](#elastic-endpoint-test-command) -* [top](#elastic-endpoint-top-command) -* [uninstall](#elastic-endpoint-uninstall-command) -* [version](#elastic-endpoint-version-command) - -Each of the commands accepts the following logging options: - -* `--log [stdout,stderr,debugview,file]` -* `--log-level [error,info,debug]` - - -## elastic-endpoint diagnostics [elastic-endpoint-diagnostics-command] - -Gather diagnostics information from {{elastic-endpoint}}. This command produces an archive that contains: - -* `version.txt`: Version information -* `elastic-endpoint.yaml`: Current policy -* `metrics.json`: Metrics document -* `policy_response.json`: Last policy response -* `system_info.txt`: System information -* `analysis.txt`: Diagnostic analysis report -* `logs` directory: Copy of {{elastic-endpoint}} log files - - -### Example [_example] - -```shell -elastic-endpoint diagnostics -``` - - -## elastic-endpoint help [elastic-endpoint-help-command] - -Show help for the available commands. - - -### Example [_example_2] - -```shell -elastic-endpoint help -``` - - -## elastic-endpoint inspect [elastic-endpoint-inspect-command] - -Show the current {{elastic-endpoint}} configuration. - - -### Example [_example_3] - -```shell -elastic-endpoint inspect -``` - - -## elastic-endpoint install [elastic-endpoint-install-command] - -Install {{elastic-endpoint}} as a system service. - -::::{note} -We do not recommend installing {{elastic-endpoint}} using this command. {{elastic-endpoint}} is managed by {{agent}} and cannot function as a standalone service. Therefore, there is no separate installation package for {{elastic-endpoint}}, and it should not be installed independently. -:::: - - - -### Options [_options] - -`--resources ` -: Specify a resources `.zip` file to be used during the installation. This option is required. - -`--upgrade` -: Upgrade the existing installation. - - -### Example [_example_4] - -```shell -elastic-endpoint install --upgrade --resources endpoint-security-resources.zip -``` - - -## elastic-endpoint memorydump [elastic-endpoint-memorydump-command] - -Save a memory dump of the {{elastic-endpoint}} service. - - -### Options [_options_2] - -`--compress` -: Compress the saved memory dump. - -`--timeout ` -: Specify the memory collection timeout, in seconds; the default is 60 seconds. - - -### Example [_example_5] - -```shell -elastic-endpoint memorydump --timeout 120 -``` - - -## elastic-endpoint run [elastic-endpoint-run-command] - -Run `elastic-endpoint` as a foreground process if no other instance is already running. - - -### Example [_example_6] - -```shell -elastic-endpoint run -``` - - -## elastic-endpoint send [elastic-endpoint-send-command] - -Send the requested document to the {{stack}}. - - -### Subcommands [_subcommands] - -`metadata` -: Send an off-schedule metrics document to the {{stack}}. - - -### Example [_example_7] - -```shell -elastic-endpoint send metadata -``` - - -## elastic-endpoint status [elastic-endpoint-status-command] - -Retrieve the current status of the running {{elastic-endpoint}} service. The command also returns the last known status of {{agent}}. - - -### Options [_options_3] - -`--output` -: Control the level of detail and formatting of the information. Valid values are: - - * `human`: Returns limited information when {{elastic-endpoint}}'s status is `Healthy`. If any policy actions weren’t successfully applied, the relevant details are displayed. - * `full`: Always returns the full status information. - * `json`: Always returns the full status information. - - - -### Example [_example_8] - -```shell -elastic-endpoint status --output json -``` - - -## elastic-endpoint test [elastic-endpoint-test-command] - -Perform the requested test. - - -### Subcommands [_subcommands_2] - -`output` -: Test whether {{elastic-endpoint}} can connect to remote resources. - - -### Example [_example_9] - -```shell -elastic-endpoint test output -``` - - -### Example output [_example_output] - -```txt -Testing output connections - -Using proxy: - -Elasticsearch server: https://example.elastic.co:443 - Status: Success - -Global artifact server: https://artifacts.security.elastic.co - Status: Success - -Fleet server: https://fleet.example.elastic.co:443 - Status: Success -``` - - -## elastic-endpoint top [elastic-endpoint-top-command] - -Show a breakdown of the executables that triggered {{elastic-endpoint}} CPU usage within the last interval. This displays which {{elastic-endpoint}} features are resource-intensive for a particular executable. - -::::{note} -The meaning and output of this command are similar, but not identical, to the POSIX `top` command. The `elastic-endpoint top` command aggregates multiple processes by executable. The utilization values aren’t measured by the OS scheduler but by a wall clock in user mode. The output helps identify outliers causing excessive CPU utilization, allowing you to fine-tune the {{elastic-defend}} policy and exception lists in your deployment. -:::: - - - -### Options [_options_4] - -`--interval ` -: Specify the data collection interval, in seconds; the default is 5 seconds. - -`--limit ` -: Specify the number of updates to collect; by default, data is collected until interrupted by **Ctrl+C**. - -`--normalized` -: Normalize CPU usage values to a total of 100% across all CPUs on multi-CPU systems. - - -### Example [_example_10] - -```shell -elastic-endpoint top --interval 10 --limit 5 -``` - - -### Example output [_example_output_2] - -```txt -| PROCESS | OVERALL | API | BHVR | DIAG BHVR | DNS | FILE | LIB | MEM SCAN | MLWR | NET | PROC | RANSOM | REG | -============================================================================================================================================================= -| MSBuild.exe | 3146.0 | 0.0 | 0.8 | 0.7 | 0.0 | 2330.9 | 0.0 | 226.2 | 586.9 | 0.0 | 0.0 | 0.4 | 0.0 | -| Microsoft.Management.Services.IntuneWindowsAgen... | 30.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.2 | 29.8 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| svchost.exe | 27.3 | 0.0 | 0.1 | 0.1 | 0.0 | 0.4 | 0.2 | 0.0 | 26.6 | 0.0 | 0.0 | 0.0 | 0.0 | -| LenovoVantage-(LenovoServiceBridgeAddin).exe | 0.1 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.1 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| Lenovo.Modern.ImController.PluginHost.Device.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| msedgewebview2.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| msedge.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| powershell.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| WmiPrvSE.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| Lenovo.Modern.ImController.PluginHost.Device.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| Slack.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| uhssvc.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| explorer.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| taskhostw.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| Widgets.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| elastic-endpoint.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | -| sppsvc.exe | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | - -Endpoint service (16 CPU): 113.0% out of 1600% - -Collecting data. Press Ctrl-C to cancel -``` - - -#### Column abbreviations [_column_abbreviations] - -* `API`: Event Tracing for Windows (ETW) API events -* `AUTH`: Authentication events -* `BHVR`: Malicious behavior protection -* `CRED`: Credential access events -* `DIAG BHVR`: Diagnostic malicious behavior protection -* `DNS`: DNS events -* `FILE`: File events -* `LIB`: Library load events -* `MEM SCAN`: Memory scanning -* `MLWR`: Malware protection -* `NET`: Network events -* `PROC`: Process events -* `PROC INJ`: Process injection -* `RANSOM`: Ransomware protection -* `REG`: Registry events - - -## elastic-endpoint uninstall [elastic-endpoint-uninstall-command] - -Uninstall {{elastic-endpoint}}. - -::::{note} -{{elastic-endpoint}} is managed by {{agent}}. To remove {{elastic-endpoint}} from the target machine permanently, remove the {{elastic-defend}} integration from the {{fleet}} policy. The [elastic-agent uninstall](docs-content://solutions/security/configure-elastic-defend/uninstall-elastic-agent.md) command also uninstalls {{elastic-endpoint}}; therefore, in practice, the `elastic-endpoint uninstall` command is used only to troubleshoot broken installations. -:::: - - - -### Options [_options_5] - -`--uninstall-token ` -: Provide the uninstall token. The token is required if [agent tamper protection](docs-content://solutions/security/configure-elastic-defend/prevent-elastic-agent-uninstallation.md) is enabled. - - -### Example [_example_11] - -```shell -elastic-endpoint uninstall --uninstall-token 12345678901234567890123456789012 -``` - - -## elastic-endpoint version [elastic-endpoint-version-command] - -Show the version of {{elastic-endpoint}}. - - -### Example [_example_12] - -```shell -elastic-endpoint version -``` diff --git a/docs/reference/images/link.svg b/docs/reference/images/link.svg deleted file mode 100644 index 310607d546..0000000000 --- a/docs/reference/images/link.svg +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/docs/reference/prebuilt-jobs.md b/docs/reference/prebuilt-jobs.md deleted file mode 100644 index 315ebf45e7..0000000000 --- a/docs/reference/prebuilt-jobs.md +++ /dev/null @@ -1,217 +0,0 @@ ---- -mapped_pages: - - https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html ---- - -# Prebuilt jobs [prebuilt-ml-jobs] - -These {{anomaly-jobs}} automatically detect file system and network anomalies on your hosts. They appear in the **Anomaly Detection** interface of the {{security-app}} in {{kib}} when you have data that matches their configuration. For more information, refer to [Anomaly detection with machine learning](docs-content://solutions/security/advanced-entity-analytics/anomaly-detection.md). - - -## Security: Authentication [security-authentication] - -Detect anomalous activity in your ECS-compatible authentication logs. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -By default, when you create these job in the {{security-app}}, it uses a {{data-source}} that applies to multiple indices. To get the same results if you use the {{ml-app}} app, create a similar [{{data-source}}](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/manifest.json#L7) then select it in the job wizard. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| auth_high_count_logon_events | Looks for an unusually large spike in successful authentication events. This can be due to password spraying, user enumeration, or brute force activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_high_count_logon_events.json) | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_events.json)| -| auth_high_count_logon_events_for_a_source_ip | Looks for an unusually large spike in successful authentication events from a particular source IP address. This can be due to password spraying, user enumeration or brute force activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_high_count_logon_events_for_a_source_ip.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_events_for_a_source_ip.json)| -| auth_high_count_logon_fails | Looks for an unusually large spike in authentication failure events. This can be due to password spraying, user enumeration, or brute force activity and may be a precursor to account takeover or credentialed access. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_high_count_logon_fails.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_fails.json)| -| auth_rare_hour_for_a_user | Looks for a user logging in at a time of day that is unusual for the user. This can be due to credentialed access via a compromised account when the user and the threat actor are in different time zones. In addition, unauthorized user activity often takes place during non-business hours. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_rare_hour_for_a_user.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_rare_hour_for_a_user.json)| -| auth_rare_source_ip_for_a_user | Looks for a user logging in from an IP address that is unusual for the user. This can be due to credentialed access via a compromised account when the user and the threat actor are in different locations. An unusual source IP address for a username could also be due to lateral movement when a compromised account is used to pivot between hosts. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_rare_source_ip_for_a_user.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_rare_source_ip_for_a_user.json)| -| auth_rare_user | Looks for an unusual user name in the authentication logs. An unusual user name is one way of detecting credentialed access by means of a new or dormant user account. A user account that is normally inactive, because the user has left the organization, which becomes active, may be due to credentialed access using a compromised account password. Threat actors will sometimes also create new users as a means of persisting in a compromised web application. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_rare_user.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_rare_user.json)| -| suspicious_login_activity | Detect unusually high number of authentication attempts. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_suspicious_login_activity.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/suspicious_login_activity.json)| - - -## Security: CloudTrail [security-cloudtrail-jobs] - -Detect suspicious activity recorded in your CloudTrail logs. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_cloudtrail/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| high_distinct_count_error_message | Looks for a spike in the rate of an error message which may simply indicate an impending service failure but these can also be byproducts of attempted or successful persistence, privilege escalation, defense evasion, discovery, lateral movement, or collection activity by a threat actor. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/high_distinct_count_error_message.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/datafeed_high_distinct_count_error_message.json)| -| rare_error_code | Looks for unusual errors. Rare and unusual errors may simply indicate an impending service failure but they can also be byproducts of attempted or successful persistence, privilege escalation, defense evasion, discovery, lateral movement, or collection activity by a threat actor. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/rare_error_code.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/datafeed_rare_error_code.json)| -| rare_method_for_a_city | Looks for AWS API calls that, while not inherently suspicious or abnormal, are sourcing from a geolocation (city) that is unusual. This can be the result of compromised credentials or keys. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/rare_method_for_a_city.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/datafeed_rare_method_for_a_city.json)| -| rare_method_for_a_country | Looks for AWS API calls that, while not inherently suspicious or abnormal, are sourcing from a geolocation (country) that is unusual. This can be the result of compromised credentials or keys. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/rare_method_for_a_country.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/datafeed_rare_method_for_a_country.json)| -| rare_method_for_a_username | Looks for AWS API calls that, while not inherently suspicious or abnormal, are sourcing from a user context that does not normally call the method. This can be the result of compromised credentials or keys as someone uses a valid account to persist, move laterally, or exfil data. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/rare_method_for_a_username.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/datafeed_rare_method_for_a_username.json)| - - -## Security: Host [security-host-jobs] - -Anomaly detection jobs for host-based threat hunting and detection. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -To access the host traffic anomalies dashboard in Kibana, go to: `Security -> Dashboards -> Host Traffic Anomalies`. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| high_count_events_for_a_host_name | Looks for a sudden spike in host based traffic. This can be due to a range of security issues, such as a compromised system, DDoS attacks, malware infections, privilege escalation, or data exfiltration. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/high_count_events_for_a_host_name.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/datafeed_high_count_events_for_a_host_name.json)| -| low_count_events_for_a_host_name | Looks for a sudden drop in host based traffic. This can be due to a range of security issues, such as a compromised system, a failed service, or a network misconfiguration. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/low_count_events_for_a_host_name.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/datafeed_low_count_events_for_a_host_name.json)| - - -## Security: Linux [security-linux-jobs] - -Anomaly detection jobs for Linux host-based threat hunting and detection. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| v3_linux_anomalous_network_activity | Looks for unusual processes using the network which could indicate command-and-control, lateral movement, persistence, or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_anomalous_network_activity.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_anomalous_network_activity.json)| -| v3_linux_anomalous_network_port_activity | Looks for unusual destination port activity that could indicate command-and-control, persistence mechanism, or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_anomalous_network_port_activity.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_anomalous_network_port_activity.json)| -| v3_linux_anomalous_process_all_hosts | Looks for processes that are unusual to all Linux hosts. Such unusual processes may indicate unauthorized software, malware, or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_anomalous_process_all_hosts.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_anomalous_process_all_hosts.json)| -| v3_linux_anomalous_user_name | Rare and unusual users that are not normally active may indicate unauthorized changes or activity by an unauthorized user which may be credentialed access or lateral movement. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_anomalous_user_name.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_anomalous_user_name.json)| -| v3_linux_network_configuration_discovery | Looks for commands related to system network configuration discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used by a threat actor to engage in system network configuration discovery to increase their understanding of connected networks and hosts. This information may be used to shape follow-up behaviors such as lateral movement or additional discovery. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_network_configuration_discovery.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_datafeed_linux_network_configuration_discovery.json)| -| v3_linux_network_connection_discovery | Looks for commands related to system network connection discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used by a threat actor to engage in system network connection discovery to increase their understanding of connected services and systems. This information may be used to shape follow-up behaviors such as lateral movement or additional discovery. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_network_connection_discovery.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_datafeed_linux_network_connection_discovery.json)| -| v3_linux_rare_metadata_process | Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_rare_metadata_process.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_rare_metadata_process.json)| -| v3_linux_rare_metadata_user | Looks for anomalous access to the metadata service by an unusual user. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_rare_metadata_user.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_rare_metadata_user.json)| -| v3_linux_rare_sudo_user | Looks for sudo activity from an unusual user context. Unusual user context changes can be due to privilege escalation. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_rare_sudo_user.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/securiity_linux/ml/datafeed_v3_linux_rare_sudo_user.json)| -| v3_linux_rare_user_compiler | Looks for compiler activity by a user context which does not normally run compilers. This can be ad-hoc software changes or unauthorized software deployment. This can also be due to local privilege elevation via locally run exploits or malware activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_rare_user_compiler.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_rare_user_compiler.json)| -| v3_linux_system_information_discovery | Looks for commands related to system information discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used to engage in system information discovery to gather detailed information about system configuration and software versions. This may be a precursor to the selection of a persistence mechanism or a method of privilege elevation. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_system_information_discovery.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_system_information_discovery.json)| -| v3_linux_system_process_discovery | Looks for commands related to system process discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used to engage in system process discovery to increase their understanding of software applications running on a target host or network. This may be a precursor to the selection of a persistence mechanism or a method of privilege elevation. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_system_process_discovery.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_system_process_discovery.json)| -| v3_linux_system_user_discovery | Looks for commands related to system user or owner discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used to engage in system owner or user discovery to identify currently active or primary users of a system. This may be a precursor to additional discovery, credential dumping, or privilege elevation activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_linux_system_user_discovery.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_linux_system_user_discovery.json)| -| v3_rare_process_by_host_linux | Looks for processes that are unusual to a particular Linux host. Such unusual processes may indicate unauthorized software, malware, or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v3_rare_process_by_host_linux.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/datafeed_v3_rare_process_by_host_linux.json)| - - -## Security: Network [security-network-jobs] - -Detect anomalous network activity in your ECS-compatible network logs. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -By default, when you create these jobs in the {{security-app}}, it uses a {{data-source}} that applies to multiple indices. To get the same results if you use the {{ml-app}} app, create a similar [{{data-source}}](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/manifest.json#L7) then select it in the job wizard. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| high_count_by_destination_country | Looks for an unusually large spike in network activity to one destination country in the network logs. This could be due to unusually large amounts of reconnaissance or enumeration traffic. Data exfiltration activity may also produce such a surge in traffic to a destination country which does not normally appear in network traffic or business work-flows. Malware instances and persistence mechanisms may communicate with command-and-control (C2) infrastructure in their country of origin, which may be an unusual destination country for the source network. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/high_count_by_destination_country.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_by_destination_country.json)| -| high_count_network_denies | Looks for an unusually large spike in network traffic that was denied by network ACLs or firewall rules. Such a burst of denied traffic is usually either 1) a misconfigured application or firewall or 2) suspicious or malicious activity. Unsuccessful attempts at network transit, in order to connect to command-and-control (C2), or engage in data exfiltration, may produce a burst of failed connections. This could also be due to unusually large amounts of reconnaissance or enumeration traffic. Denial-of-service attacks or traffic floods may also produce such a surge in traffic. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/high_count_network_denies.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_network_denies.json)| -| high_count_network_events | Looks for an unusually large spike in network traffic. Such a burst of traffic, if not caused by a surge in business activity, can be due to suspicious or malicious activity. Large-scale data exfiltration may produce a burst of network traffic; this could also be due to unusually large amounts of reconnaissance or enumeration traffic. Denial-of-service attacks or traffic floods may also produce such a surge in traffic. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/high_count_network_events.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_network_events.json)| -| rare_destination_country | Looks for an unusual destination country name in the network logs. This can be due to initial access, persistence, command-and-control, or exfiltration activity. For example, when a user clicks on a link in a phishing email or opens a malicious document, a request may be sent to download and run a payload from a server in a country which does not normally appear in network traffic or business work-flows. Malware instances and persistence mechanisms may communicate with command-and-control (C2) infrastructure in their country of origin, which may be an unusual destination country for the source network. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/rare_destination_country.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_rare_destination_country.json)| - - -## Security: {{packetbeat}} [security-packetbeat-jobs] - -Detect suspicious network activity in {{packetbeat}} data. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_packetbeat/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| packetbeat_dns_tunneling | Looks for unusual DNS activity that could indicate command-and-control or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/packetbeat_dns_tunneling.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/datafeed_packetbeat_dns_tunneling.json)| -| packetbeat_rare_dns_question | Looks for unusual DNS activity that could indicate command-and-control activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/packetbeat_rare_dns_question.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/datafeed_packetbeat_rare_dns_question.json)| -| packetbeat_rare_server_domain | Looks for unusual HTTP or TLS destination domain activity that could indicate execution, persistence, command-and-control or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/packetbeat_rare_server_domain.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/datafeed_packetbeat_rare_server_domain.json)| -| packetbeat_rare_urls | Looks for unusual web browsing URL activity that could indicate execution, persistence, command-and-control or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/packetbeat_rare_urls.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/datafeed_packetbeat_rare_urls.json)| -| packetbeat_rare_user_agent | Looks for unusual HTTP user agent activity that could indicate execution, persistence, command-and-control or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/packetbeat_rare_user_agent.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/ml/datafeed_packetbeat_rare_user_agent.json)| - - -## Security: Windows [security-windows-jobs] - -Anomaly detection jobs for Windows host-based threat hunting and detection. - -In the {{ml-app}} app, these configurations are available only when data exists that matches the query specified in the [manifest file](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/manifest.json). In the {{security-app}}, it looks in the {{data-source}} specified in the [`securitySolution:defaultIndex` advanced setting](kibana://reference/advanced-settings.md#securitysolution-defaultindex) for data that matches the query. - -If there are additional requirements such as installing the Windows System Monitor (Sysmon) or auditing process creation in the Windows security event log, they are listed for each job. - -| Name | Description | Job | Datafeed | -| --- | --- | --- | --- | -| v3_rare_process_by_host_windows | Looks for processes that are unusual to a particular Windows host. Such unusual processes may indicate unauthorized software, malware, or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_rare_process_by_host_windows.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_rare_process_by_host_windows.json)| -| v3_windows_anomalous_network_activity | Looks for unusual processes using the network which could indicate command-and-control, lateral movement, persistence, or data exfiltration activity. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_network_activity.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_network_activity.json)| -| v3_windows_anomalous_path_activity | Looks for activity in unusual paths that may indicate execution of malware or persistence mechanisms. Windows payloads often execute from user profile paths. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_path_activity.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_path_activity.json)| -| v3_windows_anomalous_process_all_hosts | Looks for processes that are unusual to all Windows hosts. Such unusual processes may indicate execution of unauthorized software, malware, or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_process_all_hosts.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_process_all_hosts.json)| -| v3_windows_anomalous_process_creation | Looks for unusual process relationships which may indicate execution of malware or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_process_creation.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_process_creation.json)| -| v3_windows_anomalous_script | Looks for unusual powershell scripts that may indicate execution of malware, or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_script.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_script.json)| -| v3_windows_anomalous_service | Looks for rare and unusual Windows service names which may indicate execution of unauthorized services, malware, or persistence mechanisms. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_service.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_service.json)| -| v3_windows_anomalous_user_name | Rare and unusual users that are not normally active may indicate unauthorized changes or activity by an unauthorized user which may be credentialed access or lateral movement. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_anomalous_user_name.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_anomalous_user_name.json)| -| v3_windows_rare_metadata_process | Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_rare_metadata_process.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_rare_metadata_process.json)| -| v3_windows_rare_metadata_user | Looks for anomalous access to the metadata service by an unusual user. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_rare_metadata_user.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_rare_metadata_user.json)| -| v3_windows_rare_user_runas_event | Unusual user context switches can be due to privilege escalation. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_rare_user_runas_event.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_rare_user_runas_event.json)| -| v3_windows_rare_user_type10_remote_login | Unusual RDP (remote desktop protocol) user logins can indicate account takeover or credentialed access. | [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v3_windows_rare_user_type10_remote_login.json)| [![A link icon](images/link.svg)](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/datafeed_v3_windows_rare_user_type10_remote_login.json)| - - -## Security: Elastic Integrations [security-integrations-jobs] - -[Elastic Integrations](integration-docs://reference/index.md) are a streamlined way to add Elastic assets to your environment, such as data ingestion, {{transforms}}, and in this case, {{ml}} capabilities for Security. - -The following Integrations use {{ml}} to analyze patterns of user and entity behavior, and help detect and alert when there is related suspicious activity in your environment. - -* [Data Exfiltration Detection](integration-docs://reference/ded.md) -* [Domain Generation Algorithm Detection](integration-docs://reference/dga.md) -* [Lateral Movement Detection](integration-docs://reference/lmd.md) -* [Living off the Land Attack Detection](integration-docs://reference/problemchild.md) - -**Domain Generation Algorithm (DGA) Detection** - -{{ml-cap}} solution package to detect domain generation algorithm (DGA) activity in your network data. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription. - -To download, refer to the [documentation](integration-docs://reference/dga.md). - -| Name | Description | -| --- | --- | -| dga_high_sum_probability | Detect domain generation algorithm (DGA) activity in your network data. | - -The job configurations and datafeeds can be found [here](https://github.com/elastic/integrations/blob/main/packages/dga/kibana/ml_module/dga-ml.json). - -**Living off the Land Attack (LotL) Detection** - -{{ml-cap}} solution package to detect Living off the Land (LotL) attacks in your environment. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription. (Also known as ProblemChild). - -To download, refer to the [documentation](integration-docs://reference/problemchild.md). - -| Name | Description | -| --- | --- | -| problem_child_rare_process_by_host | Looks for a process that has been classified as malicious on a host that does not commonly manifest malicious process activity. | -| problem_child_high_sum_by_host | Looks for a set of one or more malicious child processes on a single host. | -| problem_child_rare_process_by_user | Looks for a process that has been classified as malicious where the user context is unusual and does not commonly manifest malicious process activity. | -| problem_child_rare_process_by_parent | Looks for rare malicious child processes spawned by a parent process. | -| problem_child_high_sum_by_user | Looks for a set of one or more malicious processes, started by the same user. | -| problem_child_high_sum_by_parent | Looks for a set of one or more malicious child processes spawned by the same parent process. | - -The job configurations and datafeeds can be found [here](https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json). - -**Data Exfiltration Detection (DED)** - -{{ml-cap}} package to detect data exfiltration in your network and file data. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription. - -To download, refer to the [documentation](integration-docs://reference/ded.md). - -| Name | Description | -| --- | --- | -| ded_high_sent_bytes_destination_geo_country_iso_code | Detects data exfiltration to an unusual geo-location (by country iso code). | -| ded_high_sent_bytes_destination_ip | Detects data exfiltration to an unusual geo-location (by IP address). | -| ded_high_sent_bytes_destination_port | Detects data exfiltration to an unusual destination port. | -| ded_high_sent_bytes_destination_region_name | Detects data exfiltration to an unusual geo-location (by region name). | -| ded_high_bytes_written_to_external_device | Detects data exfiltration activity by identifying high bytes written to an external device. | -| ded_rare_process_writing_to_external_device | Detects data exfiltration activity by identifying a file write started by a rare process to an external device. | -| ded_high_bytes_written_to_external_device_airdrop | Detects data exfiltration activity by identifying high bytes written to an external device via Airdrop. | - -The job configurations and datafeeds can be found [here](https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json). - -**Lateral Movement Detection (LMD)** - -{{ml-cap}} package to detect lateral movement based on file transfer activity and Windows RDP events. Refer to the [subscription page](https://www.elastic.co/subscriptions) to learn more about the required subscription. - -To download, refer to the [documentation](integration-docs://reference/lmd.md). - -| Name | Description | -| --- | --- | -| lmd_high_count_remote_file_transfer | Detects unusually high file transfers to a remote host in the network. | -| lmd_high_file_size_remote_file_transfer | Detects unusually high size of files shared with a remote host in the network. | -| lmd_rare_file_extension_remote_transfer | Detects data exfiltration to an unusual destination port. | -| lmd_rare_file_path_remote_transfer | Detects unusual folders and directories on which a file is transferred. | -| lmd_high_mean_rdp_session_duration | Detects unusually high mean of RDP session duration. | -| lmd_high_var_rdp_session_duration | Detects unusually high variance in RDP session duration. | -| lmd_high_sum_rdp_number_of_processes | Detects unusually high number of processes started in a single RDP session. | -| lmd_unusual_time_weekday_rdp_session_start | Detects an RDP session started at an usual time or weekday. | -| lmd_high_rdp_distinct_count_source_ip_for_destination | Detects a high count of source IPs making an RDP connection with a single destination IP. | -| lmd_high_rdp_distinct_count_destination_ip_for_source | Detects a high count of destination IPs establishing an RDP connection with a single source IP. | -| lmd_high_mean_rdp_process_args | Detects unusually high number of process arguments in an RDP session. | - -The job configurations and datafeeds can be found [here](https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json). - diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-linux-population.md index 9afcb6011b..3cf6498b6a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-windows-population.md index 7fb24dc39f..47646a967d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-windows-process-creation.md index b211e391d2..3a4c26f4a4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-network-traffic-to-rare-destination-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-network-traffic-to-rare-destination-country.md index 12ba7d671e..519918e74a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-network-traffic-to-rare-destination-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-network-traffic-to-rare-destination-country.md @@ -23,7 +23,7 @@ A machine learning job detected a rare destination country name in the network l **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-firewall-denies.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-firewall-denies.md index 8e7d478b58..ee133a87a6 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-firewall-denies.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-firewall-denies.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic that **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic-to-a-country.md index 18f9c3655f..a3983db3e4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic.md index 312e16f3d4..974e2ebbb0 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-spike-in-network-traffic.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic. Suc **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-network-port-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-network-port-activity.md index a22081a3c5..1c28060ef1 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-network-port-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-network-port-activity.md @@ -23,7 +23,7 @@ Identifies unusual destination port activity that can indicate command-and-contr **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-username.md index 520cfe13fa..81f0695943 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-linux-host.md index 9c9a943eef..6320fc29d2 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-windows-host.md index ab31281675..0df772538e 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-network-activity.md index eebfad7fb4..afe93ccff7 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-path-activity.md index f1ee195231..4a43ec9bac 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-username.md index 59d935d396..3614791e4c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-rare-aws-error-code.md index f11f55aae1..9afb98c99b 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-spike-in-aws-error-messages.md index f1265af51d..153563eb31 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-aws-command-for-a-user.md index 5b64615623..3609a56722 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-city-for-an-aws-command.md index 33e8bd0e66..502ea3e283 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-country-for-an-aws-command.md index 67c39ecaea..4c1e5ade6e 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-13-3-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-linux-population.md index 601df74178..52e0b794b2 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-windows-population.md index 5fdcffce9e..5e1a21162b 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-rare-aws-error-code.md index dbeb85e029..d5dedeb8e0 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-aws-error-messages.md index c36ebb910c..5c9dfd84cb 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-network-traffic.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-network-traffic.md index 2871a195a1..b4a1e99067 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-network-traffic.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-spike-in-network-traffic.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic. Suc **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-aws-command-for-a-user.md index 96cb679687..af87331f9c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-city-for-an-aws-command.md index 11ba5c3ff8..a571397660 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-country-for-an-aws-command.md index f473b27ceb..146990ea03 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-network-activity.md index 01effb4f23..ddfc47303c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-network-activity.md @@ -23,7 +23,7 @@ Identifies Linux processes that do not usually use the network but have unexpect **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-username.md index 632e8011d3..29f486d463 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-linux-host.md index a7f27ed20a..b162d2a39c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-windows-host.md index 7c0ca21f91..a927440014 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-network-activity.md index 4cfc60c6f6..a2bdf6fa28 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-username.md index 4b73d6866e..77d37ae37f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-aws-error-code.md index 1122c8849c..57ee306432 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-user-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-user-logon.md index 20e7ce3180..4661b523b5 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-user-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-aws-error-messages.md index 1aa802a91b..c44a1923e4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-logon-events-from-a-source-ip.md index b4be8ccc8b..8ec67b3367 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-spike-in-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-aws-command-for-a-user.md index e6a6450140..c11845d4d4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-city-for-an-aws-command.md index 38cb0736b7..fb1d39fe00 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-country-for-an-aws-command.md index e6c20b9345..5c3d779439 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-process-for-a-windows-host.md index 0479842ad4..6b947f8149 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-0-14-2-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-spike-in-aws-error-messages.md index 0de14876a3..037b33afea 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-country-for-an-aws-command.md index a2d4409890..7c23ddd997 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-process-for-a-windows-host.md index ec052d93dd..c162f9249e 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-1-0-2-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-linux-population.md index f904a90335..e5796f50c1 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-windows-population.md index 5fc68d2481..25c42d43da 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-windows-process-creation.md index 7ef7741d69..972557fd28 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-suspicious-powershell-script.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-suspicious-powershell-script.md index fb385229e5..b2c6dab141 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-activity.md index 6d6903e528..c9fea1d2b6 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-activity.md @@ -23,7 +23,7 @@ Identifies Linux processes that do not usually use the network but have unexpect **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-port-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-port-activity.md index 14dbf45c60..1c69ecadc9 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-port-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-network-port-activity.md @@ -23,7 +23,7 @@ Identifies unusual destination port activity that can indicate command-and-contr **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-username.md index 775c1d5c41..5694986ced 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-login-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-login-activity.md index adfd648d8a..0a1444c69e 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-login-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-login-activity.md @@ -23,7 +23,7 @@ Identifies an unusually high number of authentication attempts. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-linux-host.md index 9f13019694..53882e7108 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-windows-host.md index f3ac0172e4..c56425f3bb 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-network-activity.md index f03c58b912..84378c74c3 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-path-activity.md index 7587a944b0..ce117e057f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-remote-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-remote-user.md index 0211b7fc03..b10edd8391 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-remote-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-remote-user.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual remote desktop protocol (RDP) usernam **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-service.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-service.md index e4bc726d23..88f7ee5553 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-service.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-service.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual Windows service, This can indicate ex **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-user-privilege-elevation-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-user-privilege-elevation-activity.md index 5bd787c167..5c519dde9c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-user-privilege-elevation-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-user-privilege-elevation-activity.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual user context switch, using the runas **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-username.md index 383d815d12..5d3a5199d6 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-1-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-process-for-a-windows-population.md index 1fc685d444..e825ab2c1c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-windows-process-creation.md index aa22e4f642..08603d8d5a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-dns-tunneling.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-dns-tunneling.md index 1237070848..e07b742181 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-dns-tunneling.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-dns-tunneling.md @@ -23,7 +23,7 @@ A machine learning job detected unusually large numbers of DNS queries for a sin **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-process-arguments-in-an-rdp-session.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-process-arguments-in-an-rdp-session.md index 1acfac29c1..5bd9f93be1 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-process-arguments-in-an-rdp-session.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-process-arguments-in-an-rdp-session.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high number of process arguments i **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-rdp-session-duration.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-rdp-session-duration.md index 05b913087e..94ae6df69e 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-rdp-session-duration.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-mean-of-rdp-session-duration.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high mean of RDP session duration. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-variance-in-rdp-session-duration.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-variance-in-rdp-session-duration.md index 257f116c31..552155938c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-variance-in-rdp-session-duration.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-high-variance-in-rdp-session-duration.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high variance of RDP session durat **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md index 5075fb519a..7eeec7e5a9 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md @@ -26,7 +26,7 @@ A supervised machine learning model has identified a DNS question name that is p **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md index 3ea4ac490a..34e758f6ed 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md @@ -26,7 +26,7 @@ A supervised machine learning model has identified a DNS question name with a hi **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md index 5f95383a28..238f968cde 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md @@ -27,7 +27,7 @@ A supervised machine learning model (ProblemChild) has identified a suspicious W **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md index a051603ef1..d56963d0f2 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md @@ -27,7 +27,7 @@ A supervised machine learning model (ProblemChild) has identified a suspicious W **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md index 020e33dbb5..9624206f37 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md @@ -26,7 +26,7 @@ A supervised machine learning model has identified a DNS question name that used **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-network-traffic-to-rare-destination-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-network-traffic-to-rare-destination-country.md index b45c4a1576..e2b5d658ad 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-network-traffic-to-rare-destination-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-network-traffic-to-rare-destination-country.md @@ -23,7 +23,7 @@ A machine learning job detected a rare destination country name in the network l **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-destination-port.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-destination-port.md index b185a6c420..a0a5390565 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-destination-port.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-destination-port.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular destinatio **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-ip-address.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-ip-address.md index 92b432979e..4682de1b8a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-ip-address.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-ip-address.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular geo-locati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-iso-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-iso-code.md index dd999d645c..4286f61c29 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-iso-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-iso-code.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular geo-locati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-region.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-region.md index 9a52f9d157..212016af00 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-region.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-data-exfiltration-activity-to-an-unusual-region.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular geo-locati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-dga-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-dga-activity.md index 0dfcf3a218..4d08fe6bd8 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-dga-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-potential-dga-activity.md @@ -23,7 +23,7 @@ A population analysis machine learning job detected potential DGA (domain genera **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device-via-airdrop.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device-via-airdrop.md index 18b6800220..d7027041fb 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device-via-airdrop.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device-via-airdrop.md @@ -23,7 +23,7 @@ A machine learning job has detected high bytes of data written to an external de **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device.md index 49b4d0a0a5..7840688919 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-bytes-sent-to-an-external-device.md @@ -23,7 +23,7 @@ A machine learning job has detected high bytes of data written to an external de **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-firewall-denies.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-firewall-denies.md index b000e5be10..fcaf234e9d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-firewall-denies.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-firewall-denies.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic that **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-logon-events.md index aaafbcf684..79ba894232 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic-to-a-country.md index f33c077c90..5e55cda5fb 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic.md index 67968e382a..c079be581a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-network-traffic.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic. Suc **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-from-a-source-ip.md index b716505229..d5239e963f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job has detected a high count of destination IPs establishing **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-to-a-destination-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-to-a-destination-ip.md index 66c3d67157..55ade26e00 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-to-a-destination-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-connections-made-to-a-destination-ip.md @@ -23,7 +23,7 @@ A machine learning job has detected a high count of source IPs establishing an R **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-processes-in-an-rdp-session.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-processes-in-an-rdp-session.md index 09fa511577..91b24a7fd1 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-processes-in-an-rdp-session.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-number-of-processes-in-an-rdp-session.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high number of processes started i **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-remote-file-transfers.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-remote-file-transfers.md index 9e4f5de393..3559f83171 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-remote-file-transfers.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-spike-in-remote-file-transfers.md @@ -23,7 +23,7 @@ A machine learning job has detected an abnormal volume of remote files shared on **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity-with-high-confidence.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity-with-high-confidence.md index f05c95293f..4975d33fdc 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity-with-high-confidence.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity-with-high-confidence.md @@ -25,7 +25,7 @@ A statistical model has identified command-and-control (C2) beaconing activity w **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/beaconing](https://docs.elastic.co/en/integrations/beaconing) * [https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic](https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity.md index 558c65e5ea..512b385ebd 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-statistical-model-detected-c2-beaconing-activity.md @@ -25,7 +25,7 @@ A statistical model has identified command-and-control (C2) beaconing activity. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/beaconing](https://docs.elastic.co/en/integrations/beaconing) * [https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic](https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-powershell-script.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-powershell-script.md index af6c7f75fc..1d48210cec 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-host.md index bb0e810c7f..6648c52d2f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-host.md @@ -23,7 +23,7 @@ A machine learning job combination has detected a set of one or more suspicious **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-parent-process.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-parent-process.md index 3f64ce6806..20c905539b 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-parent-process.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-parent-process.md @@ -23,7 +23,7 @@ A machine learning job combination has detected a set of one or more suspicious **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-user.md index 8e80341c79..520a28d65f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-suspicious-windows-process-cluster-spawned-by-a-user.md @@ -23,7 +23,7 @@ A machine learning job combination has detected a set of one or more suspicious **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-dns-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-dns-activity.md index 6cd9a0aaaa..ef12e3d301 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-dns-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-dns-activity.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual DNS query that indicate netwo **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-activity.md index d270dea11e..e643226d8c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-activity.md @@ -23,7 +23,7 @@ Identifies Linux processes that do not usually use the network but have unexpect **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-port-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-port-activity.md index 3cfdb7866d..df37cdea13 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-port-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-network-port-activity.md @@ -23,7 +23,7 @@ Identifies unusual destination port activity that can indicate command-and-contr **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-username.md index a9371423da..6f578f6562 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-login-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-login-activity.md index e55381dd2e..aef3208dd3 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-login-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-login-activity.md @@ -23,7 +23,7 @@ Identifies an unusually high number of authentication attempts. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-network-destination-domain-name.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-network-destination-domain-name.md index 1b9e73b782..c01e99fea4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-network-destination-domain-name.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-network-destination-domain-name.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual network destination domain name. This **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-linux-host.md index d8e42f989c..07af0d0837 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-windows-host.md index eaa6f17b68..1aafda168d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-host.md index 855827559b..4a013a3681 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-host.md @@ -23,7 +23,7 @@ A machine learning job has detected a suspicious Windows process. This process h **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-parent-process.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-parent-process.md index 4d14bde759..fc3727ae85 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-parent-process.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-parent-process.md @@ -23,7 +23,7 @@ A machine learning job has detected a suspicious Windows process. This process h **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-user.md index c0ecafc9b5..48422f651c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-spawned-by-a-user.md @@ -23,7 +23,7 @@ A machine learning job has detected a suspicious Windows process. This process h **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-writing-data-to-an-external-device.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-writing-data-to-an-external-device.md index ee3370046f..6617b2356c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-writing-data-to-an-external-device.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-process-writing-data-to-an-external-device.md @@ -23,7 +23,7 @@ A machine learning job has detected a rare process writing data to an external d **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-directory.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-directory.md index 00655b9e2c..7837010c23 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-directory.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-directory.md @@ -23,7 +23,7 @@ An anomaly detection job has detected a remote file transfer on an unusual direc **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-extension.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-extension.md index d0e2ddc52e..dcd3db887c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-extension.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-extension.md @@ -23,7 +23,7 @@ An anomaly detection job has detected a remote file transfer with a rare extensi **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-size.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-size.md index 5c5787605a..32ce583685 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-size.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-remote-file-size.md @@ -23,7 +23,7 @@ A machine learning job has detected an unusually high file size shared by a remo **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-source-ip-for-a-user-to-logon-from.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-source-ip-for-a-user-to-logon-from.md index 4df4aca2c8..f2ef5c604d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-source-ip-for-a-user-to-logon-from.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-source-ip-for-a-user-to-logon-from.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in from an IP address that is unu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-time-or-day-for-an-rdp-session.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-time-or-day-for-an-rdp-session.md index 9f637ee29a..151e384430 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-time-or-day-for-an-rdp-session.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-time-or-day-for-an-rdp-session.md @@ -23,7 +23,7 @@ A machine learning job has detected an RDP session started at an usual time or w **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-request.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-request.md index f59fb32853..dda0a467f7 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-request.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-request.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual URL that indicates unusual we **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-user-agent.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-user-agent.md index 31f281d352..560e21a73f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-user-agent.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-web-user-agent.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual user agent indicating web bro **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-network-activity.md index d3e6fe90da..9d436ba56d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-path-activity.md index 01d9bd21ea..a046c521ac 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-remote-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-remote-user.md index 6361609a22..3b19b0cd80 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-remote-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-remote-user.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual remote desktop protocol (RDP) usernam **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-service.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-service.md index 17454b0bdc..4698febc8f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-service.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-service.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual Windows service, This can indicate ex **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-user-privilege-elevation-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-user-privilege-elevation-activity.md index 3e3a1bafd0..6b88e2366c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-user-privilege-elevation-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-user-privilege-elevation-activity.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual user context switch, using the runas **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-username.md index b1ed1b8388..94b7c9a615 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-17-4-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-linux-population.md index 7276dd63d1..b47b85a401 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-windows-population.md index 9c57e553e4..b480eb0d23 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-windows-process-creation.md index af4ef27481..6d8f6ba5a2 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-dns-tunneling.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-dns-tunneling.md index 7fc96ac43f..babad1db37 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-dns-tunneling.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-dns-tunneling.md @@ -23,7 +23,7 @@ A machine learning job detected unusually large numbers of DNS queries for a sin **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-aws-error-code.md index aa5fdb0ee4..75ca3f0754 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-user-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-user-logon.md index 7b0b091872..f0659ec750 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-user-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-aws-error-messages.md index 9242890490..8a976581cc 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-failed-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-failed-logon-events.md index 987516ff16..8351cee6a1 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-failed-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-failed-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in authentication failure **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events-from-a-source-ip.md index 145321cb32..ca78af3694 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events.md index 3f9ecc7ba1..5f271a3eee 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-spike-in-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-suspicious-powershell-script.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-suspicious-powershell-script.md index 3f646b970d..01a55b6955 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-aws-command-for-a-user.md index d17cf75593..2fe03447b3 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-city-for-an-aws-command.md index 2ee130233f..98e645dae9 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-country-for-an-aws-command.md index 99a046303c..061751302f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-dns-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-dns-activity.md index 993dfa06bb..fceb56e4fa 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-dns-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-dns-activity.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual DNS query that indicate netwo **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-hour-for-a-user-to-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-hour-for-a-user-to-logon.md index 94af8946a5..5a149a6824 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-hour-for-a-user-to-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-hour-for-a-user-to-logon.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in at a time of day that is unusu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-activity.md index ca89910160..59a3f862ac 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-activity.md @@ -23,7 +23,7 @@ Identifies Linux processes that do not usually use the network but have unexpect **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-port-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-port-activity.md index 07db1e73de..cacf3588b9 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-port-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-network-port-activity.md @@ -23,7 +23,7 @@ Identifies unusual destination port activity that can indicate command-and-contr **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-username.md index b46e425372..4127f78e26 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-login-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-login-activity.md index 0381e7a410..29d58c8397 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-login-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-login-activity.md @@ -23,7 +23,7 @@ Identifies an unusually high number of authentication attempts. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-linux-host.md index 7616aa9037..db8375682d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-windows-host.md index ce1eafe3c8..c891b05105 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-source-ip-for-a-user-to-logon-from.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-source-ip-for-a-user-to-logon-from.md index dbbdc15eac..91fe4e0fab 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-source-ip-for-a-user-to-logon-from.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-source-ip-for-a-user-to-logon-from.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in from an IP address that is unu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-request.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-request.md index e95d695910..3d052bd3be 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-request.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-request.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual URL that indicates unusual we **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-user-agent.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-user-agent.md index a852160096..f4d29dc322 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-user-agent.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-web-user-agent.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual user agent indicating web bro **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-network-activity.md index 42d1eeede5..828eac2a9f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-path-activity.md index ee4e3896fd..e1535a8fbd 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-remote-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-remote-user.md index eef234fd33..686c3b63d8 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-remote-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-remote-user.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual remote desktop protocol (RDP) usernam **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-service.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-service.md index 45ce9bc4d2..11218d50cc 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-service.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-service.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual Windows service, This can indicate ex **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-user-privilege-elevation-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-user-privilege-elevation-activity.md index ca3e2e4396..6b58e53634 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-user-privilege-elevation-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-user-privilege-elevation-activity.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual user context switch, using the runas **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-username.md index 27e7251708..0a5716d2ba 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-2-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-linux-population.md index e86cb01346..975b9eaaf4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-windows-population.md index bbc0660d56..55a6ec1b1d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-windows-process-creation.md index 94f93d2388..939d8b7129 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-suspicious-powershell-script.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-suspicious-powershell-script.md index 8a0fef2770..7ec40a4502 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-aws-command-for-a-user.md index f3cfcee751..33d1a6b982 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-city-for-an-aws-command.md index 4437504aed..07cf259bc7 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-country-for-an-aws-command.md index c079022e6c..98b61c6390 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-activity.md index 019384ecca..d052751fe4 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-activity.md @@ -23,7 +23,7 @@ Identifies Linux processes that do not usually use the network but have unexpect **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-port-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-port-activity.md index 6ff8ab0951..df6af501af 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-port-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-network-port-activity.md @@ -23,7 +23,7 @@ Identifies unusual destination port activity that can indicate command-and-contr **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-username.md index 0fe7ed248a..3ca4054f20 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-login-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-login-activity.md index 72c2079c87..3ef1e79469 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-login-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-login-activity.md @@ -23,7 +23,7 @@ Identifies an unusually high number of authentication attempts. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-linux-host.md index 21ad0ab76a..4eff52b370 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-windows-host.md index 878805ac5f..5bed1e563d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-network-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-network-activity.md index ee4c39f0a4..b00a5556b6 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-path-activity.md index 7aeea8dd88..7cb4edd478 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-remote-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-remote-user.md index d26fa9b013..4a806719c2 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-remote-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-remote-user.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual remote desktop protocol (RDP) usernam **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-service.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-service.md index 85ef9076eb..cf60346c14 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-service.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-service.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual Windows service, This can indicate ex **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-user-privilege-elevation-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-user-privilege-elevation-activity.md index cd7da679d3..bcd0332642 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-user-privilege-elevation-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-user-privilege-elevation-activity.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual user context switch, using the runas **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-username.md index a7bbe5610e..5456989715 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-rare-aws-error-code.md index 5eaed7ac34..7c00568ae6 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-spike-in-aws-error-messages.md index c5c6c30539..afcfaacbf0 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-aws-command-for-a-user.md index 3e06a72701..bd83bed31c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-city-for-an-aws-command.md index 5ce1458039..790c0982f3 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-country-for-an-aws-command.md index 20509d0887..f968ecc396 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-process-for-a-windows-host.md index 8763efbc42..1204b5e12a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-2-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-rare-aws-error-code.md index 0c0aeda3ba..a7cb76a57b 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-spike-in-aws-error-messages.md index f830461be3..c7150cf7eb 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-suspicious-powershell-script.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-suspicious-powershell-script.md index 57a908186f..361c76c0e5 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-aws-command-for-a-user.md index c011ac6074..6b26d22a00 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-city-for-an-aws-command.md index 089c2ea273..0f4851f544 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-country-for-an-aws-command.md index 26c35a4cb9..95e77cc327 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-process-for-a-windows-host.md index 044de9e195..fecca99b37 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-3-3-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-rare-aws-error-code.md index b729e51aef..7a49cb4283 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-spike-in-aws-error-messages.md index a1b29cb540..6db8a6c2a6 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-suspicious-powershell-script.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-suspicious-powershell-script.md index 28d66eb832..d1f4d7a41c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-aws-command-for-a-user.md index cbec8fe300..991a6f9052 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-city-for-an-aws-command.md index b5f506aeb9..ac843f1dca 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-country-for-an-aws-command.md index 3524068a1d..a8618011c0 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-process-for-a-windows-host.md index 9a6448f083..6f5610c971 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-rare-aws-error-code.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-rare-aws-error-code.md index 7dce077f9d..23fcaf6269 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-spike-in-aws-error-messages.md index 9b8d4ec920..a23f82b7f0 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-aws-command-for-a-user.md index 5e9af91543..046a645980 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-city-for-an-aws-command.md index 2ac44ccdae..14a6c2b10d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-country-for-an-aws-command.md index 11b32f9331..0b702c5fef 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-2-unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-linux-population.md index 601a8a026b..4f7ed4ba3e 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-windows-population.md index c6672cac35..a7c2e3e804 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-windows-process-creation.md index 1f49578620..97dc539ae7 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-rare-user-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-rare-user-logon.md index 9ae4adfec3..1fc8b6c408 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-rare-user-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-failed-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-failed-logon-events.md index a16160e627..23442b6865 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-failed-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-failed-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in authentication failure **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-network-traffic-to-a-country.md index 6196634fae..c901cf2f73 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-successful-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-successful-logon-events-from-a-source-ip.md index 2f99c4acab..0aaf0b8163 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-successful-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-spike-in-successful-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-hour-for-a-user-to-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-hour-for-a-user-to-logon.md index 50664d2625..4950c11622 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-hour-for-a-user-to-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-hour-for-a-user-to-logon.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in at a time of day that is unusu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-linux-host.md index ef0b9af79f..f1cad28f67 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-windows-host.md index 368d9343af..664acefa15 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-path-activity.md index ce269041b2..27155ac180 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-username.md index 9f4c6c2668..818014112b 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-4-3-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-linux-population.md index 6a67cbabad..99d226f730 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-windows-population.md index 4203731a17..d3238d1326 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-windows-process-creation.md index 0c7ac7052b..5e7e66c652 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-rare-user-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-rare-user-logon.md index 6f012011f1..131e20a2bb 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-rare-user-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-failed-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-failed-logon-events.md index c80e74f1fa..c1a1223151 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-failed-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-failed-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in authentication failure **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-network-traffic-to-a-country.md index ee482f7593..e7f62562e8 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-successful-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-successful-logon-events-from-a-source-ip.md index cb7b1a9807..e39ef4f90f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-successful-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-spike-in-successful-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-hour-for-a-user-to-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-hour-for-a-user-to-logon.md index 9c19755ec5..51959c914c 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-hour-for-a-user-to-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-hour-for-a-user-to-logon.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in at a time of day that is unusu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-linux-host.md index b7a321df0e..f328f3aef5 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-windows-host.md index 4005943b68..2c468abfc7 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-path-activity.md index 82a22e47b4..98cc493b3d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-username.md index 63802e2aec..42d8e63114 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-5-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-linux-population.md index f4e94e7042..8d8403a1b2 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-windows-population.md index f95f6e3798..1f23f44129 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-windows-process-creation.md index 9cf357d894..9cfa2d122f 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-rare-user-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-rare-user-logon.md index 5ccaf56abc..336ab2db3d 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-rare-user-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-failed-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-failed-logon-events.md index 4fdce6d9aa..de202b70e7 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-failed-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-failed-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in authentication failure **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-network-traffic-to-a-country.md index 7c7200849e..666d19cbdf 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-successful-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-successful-logon-events-from-a-source-ip.md index e231586474..95bad7b089 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-successful-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-spike-in-successful-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-hour-for-a-user-to-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-hour-for-a-user-to-logon.md index 8a2d2616ce..2c36933c08 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-hour-for-a-user-to-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-hour-for-a-user-to-logon.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in at a time of day that is unusu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-linux-host.md index 817f8c6985..c78d5dcf92 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-windows-host.md index faefa0b637..807ebef6f1 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-path-activity.md index 04dc594cdc..faffc34810 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-username.md index c15c66d39f..85d1179d50 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-6-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-linux-population.md index 8c787e42de..c237e7e67a 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-windows-population.md index 303e896ad5..8ea7fba954 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-windows-process-creation.md index 775e92ada4..d57a310882 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-rare-user-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-rare-user-logon.md index db50227032..13ba442b72 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-rare-user-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-failed-logon-events.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-failed-logon-events.md index c6823cd058..e7cd9a45ec 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-failed-logon-events.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-failed-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in authentication failure **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-network-traffic-to-a-country.md index c99d992af6..7f7b5d5047 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-successful-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-successful-logon-events-from-a-source-ip.md index f95a83c8cd..e83d7fdd26 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-successful-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-spike-in-successful-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-hour-for-a-user-to-logon.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-hour-for-a-user-to-logon.md index 3985431ade..50de18af10 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-hour-for-a-user-to-logon.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-hour-for-a-user-to-logon.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in at a time of day that is unusu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-linux-host.md index 496674923c..3bf9f38ede 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-windows-host.md index 6353a11ad8..2f94110ead 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-path-activity.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-path-activity.md index 402c697668..89f1455684 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-username.md b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-username.md index ba6f22bbe9..2b43e886ca 100644 --- a/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-username.md +++ b/docs/reference/prebuilt-rules-downloadable-updates/prebuilt-rule-8-7-1-unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/anomalous-process-for-a-linux-population.md b/docs/reference/prebuilt-rules/anomalous-process-for-a-linux-population.md index 91d2032920..215ab046a9 100644 --- a/docs/reference/prebuilt-rules/anomalous-process-for-a-linux-population.md +++ b/docs/reference/prebuilt-rules/anomalous-process-for-a-linux-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple Linux hosts in an entire fleet o **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/anomalous-process-for-a-windows-population.md b/docs/reference/prebuilt-rules/anomalous-process-for-a-windows-population.md index fa313b500c..1a11fdfe3e 100644 --- a/docs/reference/prebuilt-rules/anomalous-process-for-a-windows-population.md +++ b/docs/reference/prebuilt-rules/anomalous-process-for-a-windows-population.md @@ -23,7 +23,7 @@ Searches for rare processes running on multiple hosts in an entire fleet or netw **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/anomalous-windows-process-creation.md b/docs/reference/prebuilt-rules/anomalous-windows-process-creation.md index a2e5d08545..f176bfb9f7 100644 --- a/docs/reference/prebuilt-rules/anomalous-windows-process-creation.md +++ b/docs/reference/prebuilt-rules/anomalous-windows-process-creation.md @@ -23,7 +23,7 @@ Identifies unusual parent-child process relationships that can indicate malware **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/dns-tunneling.md b/docs/reference/prebuilt-rules/dns-tunneling.md index 8fba37edfb..f5985ce4af 100644 --- a/docs/reference/prebuilt-rules/dns-tunneling.md +++ b/docs/reference/prebuilt-rules/dns-tunneling.md @@ -23,7 +23,7 @@ A machine learning job detected unusually large numbers of DNS queries for a sin **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/high-mean-of-process-arguments-in-an-rdp-session.md b/docs/reference/prebuilt-rules/high-mean-of-process-arguments-in-an-rdp-session.md index 6e07f69148..f15eff9913 100644 --- a/docs/reference/prebuilt-rules/high-mean-of-process-arguments-in-an-rdp-session.md +++ b/docs/reference/prebuilt-rules/high-mean-of-process-arguments-in-an-rdp-session.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high number of process arguments i **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/high-mean-of-rdp-session-duration.md b/docs/reference/prebuilt-rules/high-mean-of-rdp-session-duration.md index dc23454e96..748e9b8c73 100644 --- a/docs/reference/prebuilt-rules/high-mean-of-rdp-session-duration.md +++ b/docs/reference/prebuilt-rules/high-mean-of-rdp-session-duration.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high mean of RDP session duration. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/high-variance-in-rdp-session-duration.md b/docs/reference/prebuilt-rules/high-variance-in-rdp-session-duration.md index 374b5cbcf5..5bdf1d8183 100644 --- a/docs/reference/prebuilt-rules/high-variance-in-rdp-session-duration.md +++ b/docs/reference/prebuilt-rules/high-variance-in-rdp-session-duration.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high variance of RDP session durat **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md b/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md index 7f574b7313..bf2eb2e4e2 100644 --- a/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md +++ b/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-predicted-to-be-a-dga-domain.md @@ -26,7 +26,7 @@ A supervised machine learning model has identified a DNS question name that is p **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md b/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md index 2e25835421..d7f391a67d 100644 --- a/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md +++ b/docs/reference/prebuilt-rules/machine-learning-detected-a-dns-request-with-a-high-dga-probability-score.md @@ -26,7 +26,7 @@ A supervised machine learning model has identified a DNS question name with a hi **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md b/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md index 9263211521..0bb54d6c91 100644 --- a/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md +++ b/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-high-malicious-probability-score.md @@ -27,7 +27,7 @@ A supervised machine learning model (ProblemChild) has identified a suspicious W **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md b/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md index db615cc5b6..0bbc1ce6d2 100644 --- a/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md +++ b/docs/reference/prebuilt-rules/machine-learning-detected-a-suspicious-windows-event-with-a-low-malicious-probability-score.md @@ -27,7 +27,7 @@ A supervised machine learning model (ProblemChild) has identified a suspicious W **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md b/docs/reference/prebuilt-rules/machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md index bab84984c9..5d9003d6c7 100644 --- a/docs/reference/prebuilt-rules/machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md +++ b/docs/reference/prebuilt-rules/machine-learning-detected-dga-activity-using-a-known-sunburst-dns-domain.md @@ -26,7 +26,7 @@ A supervised machine learning model has identified a DNS question name that used **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules/network-traffic-to-rare-destination-country.md b/docs/reference/prebuilt-rules/network-traffic-to-rare-destination-country.md index 32ce6dbbc4..a6700266f1 100644 --- a/docs/reference/prebuilt-rules/network-traffic-to-rare-destination-country.md +++ b/docs/reference/prebuilt-rules/network-traffic-to-rare-destination-country.md @@ -23,7 +23,7 @@ A machine learning job detected a rare destination country name in the network l **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-destination-port.md b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-destination-port.md index 3abe8db141..6cd9be32ef 100644 --- a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-destination-port.md +++ b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-destination-port.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular destinatio **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-ip-address.md b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-ip-address.md index 94f50fcafb..553adc3c54 100644 --- a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-ip-address.md +++ b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-ip-address.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular geo-locati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-iso-code.md b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-iso-code.md index 30b422d66e..1dbbc2f7b2 100644 --- a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-iso-code.md +++ b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-iso-code.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular geo-locati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-region.md b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-region.md index 2df55fac3c..cb53b9fe62 100644 --- a/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-region.md +++ b/docs/reference/prebuilt-rules/potential-data-exfiltration-activity-to-an-unusual-region.md @@ -23,7 +23,7 @@ A machine learning job has detected data exfiltration to a particular geo-locati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/potential-dga-activity.md b/docs/reference/prebuilt-rules/potential-dga-activity.md index deffa086f8..f85cdafc1e 100644 --- a/docs/reference/prebuilt-rules/potential-dga-activity.md +++ b/docs/reference/prebuilt-rules/potential-dga-activity.md @@ -23,7 +23,7 @@ A population analysis machine learning job detected potential DGA (domain genera **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/dga](https://docs.elastic.co/en/integrations/dga) * [https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-kibana-integration) diff --git a/docs/reference/prebuilt-rules/rare-aws-error-code.md b/docs/reference/prebuilt-rules/rare-aws-error-code.md index d8de976d05..9c0055537b 100644 --- a/docs/reference/prebuilt-rules/rare-aws-error-code.md +++ b/docs/reference/prebuilt-rules/rare-aws-error-code.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual error in a CloudTrail message. These **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/rare-user-logon.md b/docs/reference/prebuilt-rules/rare-user-logon.md index 4cc9f9e029..b4eb006ebb 100644 --- a/docs/reference/prebuilt-rules/rare-user-logon.md +++ b/docs/reference/prebuilt-rules/rare-user-logon.md @@ -23,7 +23,7 @@ A machine learning job found an unusual user name in the authentication logs. An **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-aws-error-messages.md b/docs/reference/prebuilt-rules/spike-in-aws-error-messages.md index efa5cdeddc..6bb7d67b93 100644 --- a/docs/reference/prebuilt-rules/spike-in-aws-error-messages.md +++ b/docs/reference/prebuilt-rules/spike-in-aws-error-messages.md @@ -23,7 +23,7 @@ A machine learning job detected a significant spike in the rate of a particular **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device-via-airdrop.md b/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device-via-airdrop.md index f26d66bc91..19ac5722f4 100644 --- a/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device-via-airdrop.md +++ b/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device-via-airdrop.md @@ -23,7 +23,7 @@ A machine learning job has detected high bytes of data written to an external de **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device.md b/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device.md index 7d8b8d0352..80f3fa4959 100644 --- a/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device.md +++ b/docs/reference/prebuilt-rules/spike-in-bytes-sent-to-an-external-device.md @@ -23,7 +23,7 @@ A machine learning job has detected high bytes of data written to an external de **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/spike-in-failed-logon-events.md b/docs/reference/prebuilt-rules/spike-in-failed-logon-events.md index a5bb9609be..bd66c236f3 100644 --- a/docs/reference/prebuilt-rules/spike-in-failed-logon-events.md +++ b/docs/reference/prebuilt-rules/spike-in-failed-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in authentication failure **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-firewall-denies.md b/docs/reference/prebuilt-rules/spike-in-firewall-denies.md index 810a51ea7f..fecac43edc 100644 --- a/docs/reference/prebuilt-rules/spike-in-firewall-denies.md +++ b/docs/reference/prebuilt-rules/spike-in-firewall-denies.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic that **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-logon-events.md b/docs/reference/prebuilt-rules/spike-in-logon-events.md index c6a87c9847..0ca5f6b083 100644 --- a/docs/reference/prebuilt-rules/spike-in-logon-events.md +++ b/docs/reference/prebuilt-rules/spike-in-logon-events.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-network-traffic-to-a-country.md b/docs/reference/prebuilt-rules/spike-in-network-traffic-to-a-country.md index 86a10f6b65..efc8c7a60c 100644 --- a/docs/reference/prebuilt-rules/spike-in-network-traffic-to-a-country.md +++ b/docs/reference/prebuilt-rules/spike-in-network-traffic-to-a-country.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network activity to **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-network-traffic.md b/docs/reference/prebuilt-rules/spike-in-network-traffic.md index be4809429f..6bc478a53b 100644 --- a/docs/reference/prebuilt-rules/spike-in-network-traffic.md +++ b/docs/reference/prebuilt-rules/spike-in-network-traffic.md @@ -23,7 +23,7 @@ A machine learning job detected an unusually large spike in network traffic. Suc **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-from-a-source-ip.md b/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-from-a-source-ip.md index 88209a7dc8..f3f08265a9 100644 --- a/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job has detected a high count of destination IPs establishing **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-to-a-destination-ip.md b/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-to-a-destination-ip.md index 572e8e149b..63b6425248 100644 --- a/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-to-a-destination-ip.md +++ b/docs/reference/prebuilt-rules/spike-in-number-of-connections-made-to-a-destination-ip.md @@ -23,7 +23,7 @@ A machine learning job has detected a high count of source IPs establishing an R **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/spike-in-number-of-processes-in-an-rdp-session.md b/docs/reference/prebuilt-rules/spike-in-number-of-processes-in-an-rdp-session.md index f516ec9ea7..170999ca62 100644 --- a/docs/reference/prebuilt-rules/spike-in-number-of-processes-in-an-rdp-session.md +++ b/docs/reference/prebuilt-rules/spike-in-number-of-processes-in-an-rdp-session.md @@ -23,7 +23,7 @@ A machine learning job has detected unusually high number of processes started i **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/spike-in-remote-file-transfers.md b/docs/reference/prebuilt-rules/spike-in-remote-file-transfers.md index 6686220580..4ce80a4622 100644 --- a/docs/reference/prebuilt-rules/spike-in-remote-file-transfers.md +++ b/docs/reference/prebuilt-rules/spike-in-remote-file-transfers.md @@ -23,7 +23,7 @@ A machine learning job has detected an abnormal volume of remote files shared on **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/spike-in-successful-logon-events-from-a-source-ip.md b/docs/reference/prebuilt-rules/spike-in-successful-logon-events-from-a-source-ip.md index 1a8b28811b..4d1d38d552 100644 --- a/docs/reference/prebuilt-rules/spike-in-successful-logon-events-from-a-source-ip.md +++ b/docs/reference/prebuilt-rules/spike-in-successful-logon-events-from-a-source-ip.md @@ -23,7 +23,7 @@ A machine learning job found an unusually large spike in successful authenticati **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity-with-high-confidence.md b/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity-with-high-confidence.md index c1f7b85241..2d44a0cf22 100644 --- a/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity-with-high-confidence.md +++ b/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity-with-high-confidence.md @@ -25,7 +25,7 @@ A statistical model has identified command-and-control (C2) beaconing activity w **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/beaconing](https://docs.elastic.co/en/integrations/beaconing) * [https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic](https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic) diff --git a/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity.md b/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity.md index 01c49e91d9..9be15a05c6 100644 --- a/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity.md +++ b/docs/reference/prebuilt-rules/statistical-model-detected-c2-beaconing-activity.md @@ -25,7 +25,7 @@ A statistical model has identified command-and-control (C2) beaconing activity. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/beaconing](https://docs.elastic.co/en/integrations/beaconing) * [https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic](https://www.elastic.co/security-labs/identifying-beaconing-malware-using-elastic) diff --git a/docs/reference/prebuilt-rules/suspicious-powershell-script.md b/docs/reference/prebuilt-rules/suspicious-powershell-script.md index bb3697a96f..d289342d57 100644 --- a/docs/reference/prebuilt-rules/suspicious-powershell-script.md +++ b/docs/reference/prebuilt-rules/suspicious-powershell-script.md @@ -23,7 +23,7 @@ A machine learning job detected a PowerShell script with unusual data characteri **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) **Tags**: diff --git a/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-host.md b/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-host.md index b0ec0d09bc..9f8a13f182 100644 --- a/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-host.md +++ b/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-host.md @@ -23,7 +23,7 @@ A machine learning job combination has detected a set of one or more suspicious **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-parent-process.md b/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-parent-process.md index 109a26d476..37cdf920fa 100644 --- a/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-parent-process.md +++ b/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-parent-process.md @@ -23,7 +23,7 @@ A machine learning job combination has detected a set of one or more suspicious **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-user.md b/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-user.md index 0654955da1..7fa8511c85 100644 --- a/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-user.md +++ b/docs/reference/prebuilt-rules/suspicious-windows-process-cluster-spawned-by-a-user.md @@ -23,7 +23,7 @@ A machine learning job combination has detected a set of one or more suspicious **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/unusual-aws-command-for-a-user.md b/docs/reference/prebuilt-rules/unusual-aws-command-for-a-user.md index ac1f475e7f..68c0a2415d 100644 --- a/docs/reference/prebuilt-rules/unusual-aws-command-for-a-user.md +++ b/docs/reference/prebuilt-rules/unusual-aws-command-for-a-user.md @@ -23,7 +23,7 @@ A machine learning job detected an AWS API command that, while not inherently su **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-city-for-an-aws-command.md b/docs/reference/prebuilt-rules/unusual-city-for-an-aws-command.md index 8f644276e2..08373e75cb 100644 --- a/docs/reference/prebuilt-rules/unusual-city-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules/unusual-city-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-country-for-an-aws-command.md b/docs/reference/prebuilt-rules/unusual-country-for-an-aws-command.md index 3b909c33ef..05dfe5f969 100644 --- a/docs/reference/prebuilt-rules/unusual-country-for-an-aws-command.md +++ b/docs/reference/prebuilt-rules/unusual-country-for-an-aws-command.md @@ -23,7 +23,7 @@ A machine learning job detected AWS command activity that, while not inherently **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-dns-activity.md b/docs/reference/prebuilt-rules/unusual-dns-activity.md index 16973cc48b..24772e90da 100644 --- a/docs/reference/prebuilt-rules/unusual-dns-activity.md +++ b/docs/reference/prebuilt-rules/unusual-dns-activity.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual DNS query that indicate netwo **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-hour-for-a-user-to-logon.md b/docs/reference/prebuilt-rules/unusual-hour-for-a-user-to-logon.md index ae93641f6a..17060881fa 100644 --- a/docs/reference/prebuilt-rules/unusual-hour-for-a-user-to-logon.md +++ b/docs/reference/prebuilt-rules/unusual-hour-for-a-user-to-logon.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in at a time of day that is unusu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-linux-network-activity.md b/docs/reference/prebuilt-rules/unusual-linux-network-activity.md index 909d1d7fae..91f00455e0 100644 --- a/docs/reference/prebuilt-rules/unusual-linux-network-activity.md +++ b/docs/reference/prebuilt-rules/unusual-linux-network-activity.md @@ -23,7 +23,7 @@ Identifies Linux processes that do not usually use the network but have unexpect **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-linux-network-port-activity.md b/docs/reference/prebuilt-rules/unusual-linux-network-port-activity.md index 0e65b593d7..ab10a3a2df 100644 --- a/docs/reference/prebuilt-rules/unusual-linux-network-port-activity.md +++ b/docs/reference/prebuilt-rules/unusual-linux-network-port-activity.md @@ -23,7 +23,7 @@ Identifies unusual destination port activity that can indicate command-and-contr **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-linux-username.md b/docs/reference/prebuilt-rules/unusual-linux-username.md index 661d1e875a..b99b47c013 100644 --- a/docs/reference/prebuilt-rules/unusual-linux-username.md +++ b/docs/reference/prebuilt-rules/unusual-linux-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-login-activity.md b/docs/reference/prebuilt-rules/unusual-login-activity.md index d5b5f21dd0..6400287747 100644 --- a/docs/reference/prebuilt-rules/unusual-login-activity.md +++ b/docs/reference/prebuilt-rules/unusual-login-activity.md @@ -23,7 +23,7 @@ Identifies an unusually high number of authentication attempts. **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-network-destination-domain-name.md b/docs/reference/prebuilt-rules/unusual-network-destination-domain-name.md index 9d68d5d006..19eddf233a 100644 --- a/docs/reference/prebuilt-rules/unusual-network-destination-domain-name.md +++ b/docs/reference/prebuilt-rules/unusual-network-destination-domain-name.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual network destination domain name. This **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-process-for-a-linux-host.md b/docs/reference/prebuilt-rules/unusual-process-for-a-linux-host.md index 5c7d1b6275..dcbf74239c 100644 --- a/docs/reference/prebuilt-rules/unusual-process-for-a-linux-host.md +++ b/docs/reference/prebuilt-rules/unusual-process-for-a-linux-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-process-for-a-windows-host.md b/docs/reference/prebuilt-rules/unusual-process-for-a-windows-host.md index 3d4bb74a23..017aa7b742 100644 --- a/docs/reference/prebuilt-rules/unusual-process-for-a-windows-host.md +++ b/docs/reference/prebuilt-rules/unusual-process-for-a-windows-host.md @@ -23,7 +23,7 @@ Identifies rare processes that do not usually run on individual hosts, which can **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-host.md b/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-host.md index 9f5acd0393..dd671dbb2e 100644 --- a/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-host.md +++ b/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-host.md @@ -23,7 +23,7 @@ A machine learning job has detected a suspicious Windows process. This process h **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-parent-process.md b/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-parent-process.md index 11ef67afcc..4a785bb17b 100644 --- a/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-parent-process.md +++ b/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-parent-process.md @@ -23,7 +23,7 @@ A machine learning job has detected a suspicious Windows process. This process h **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-user.md b/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-user.md index e1945dbd2a..838b13f42f 100644 --- a/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-user.md +++ b/docs/reference/prebuilt-rules/unusual-process-spawned-by-a-user.md @@ -23,7 +23,7 @@ A machine learning job has detected a suspicious Windows process. This process h **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/problemchild](https://docs.elastic.co/en/integrations/problemchild) * [https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) diff --git a/docs/reference/prebuilt-rules/unusual-process-writing-data-to-an-external-device.md b/docs/reference/prebuilt-rules/unusual-process-writing-data-to-an-external-device.md index d338a5bb09..32dd2d0330 100644 --- a/docs/reference/prebuilt-rules/unusual-process-writing-data-to-an-external-device.md +++ b/docs/reference/prebuilt-rules/unusual-process-writing-data-to-an-external-device.md @@ -23,7 +23,7 @@ A machine learning job has detected a rare process writing data to an external d **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/ded](https://docs.elastic.co/en/integrations/ded) * [https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration](https://www.elastic.co/blog/detect-data-exfiltration-activity-with-kibanas-new-integration) diff --git a/docs/reference/prebuilt-rules/unusual-remote-file-directory.md b/docs/reference/prebuilt-rules/unusual-remote-file-directory.md index 8fd47e3f64..5c119e7898 100644 --- a/docs/reference/prebuilt-rules/unusual-remote-file-directory.md +++ b/docs/reference/prebuilt-rules/unusual-remote-file-directory.md @@ -23,7 +23,7 @@ An anomaly detection job has detected a remote file transfer on an unusual direc **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/unusual-remote-file-extension.md b/docs/reference/prebuilt-rules/unusual-remote-file-extension.md index e0e1d8f005..aa12eb3b74 100644 --- a/docs/reference/prebuilt-rules/unusual-remote-file-extension.md +++ b/docs/reference/prebuilt-rules/unusual-remote-file-extension.md @@ -23,7 +23,7 @@ An anomaly detection job has detected a remote file transfer with a rare extensi **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/unusual-remote-file-size.md b/docs/reference/prebuilt-rules/unusual-remote-file-size.md index 6fbe31968b..7877066d88 100644 --- a/docs/reference/prebuilt-rules/unusual-remote-file-size.md +++ b/docs/reference/prebuilt-rules/unusual-remote-file-size.md @@ -23,7 +23,7 @@ A machine learning job has detected an unusually high file size shared by a remo **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/unusual-source-ip-for-a-user-to-logon-from.md b/docs/reference/prebuilt-rules/unusual-source-ip-for-a-user-to-logon-from.md index e6e435af11..e8c8b325ca 100644 --- a/docs/reference/prebuilt-rules/unusual-source-ip-for-a-user-to-logon-from.md +++ b/docs/reference/prebuilt-rules/unusual-source-ip-for-a-user-to-logon-from.md @@ -23,7 +23,7 @@ A machine learning job detected a user logging in from an IP address that is unu **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-time-or-day-for-an-rdp-session.md b/docs/reference/prebuilt-rules/unusual-time-or-day-for-an-rdp-session.md index 70876efa73..9026a7f693 100644 --- a/docs/reference/prebuilt-rules/unusual-time-or-day-for-an-rdp-session.md +++ b/docs/reference/prebuilt-rules/unusual-time-or-day-for-an-rdp-session.md @@ -23,7 +23,7 @@ A machine learning job has detected an RDP session started at an usual time or w **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) * [https://docs.elastic.co/en/integrations/lmd](https://docs.elastic.co/en/integrations/lmd) * [https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration](https://www.elastic.co/blog/detecting-lateral-movement-activity-a-new-kibana-integration) * [https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security](https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security) diff --git a/docs/reference/prebuilt-rules/unusual-web-request.md b/docs/reference/prebuilt-rules/unusual-web-request.md index 0f0c0f8556..302db62014 100644 --- a/docs/reference/prebuilt-rules/unusual-web-request.md +++ b/docs/reference/prebuilt-rules/unusual-web-request.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual URL that indicates unusual we **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-web-user-agent.md b/docs/reference/prebuilt-rules/unusual-web-user-agent.md index a03a5d17de..ad3c4802e2 100644 --- a/docs/reference/prebuilt-rules/unusual-web-user-agent.md +++ b/docs/reference/prebuilt-rules/unusual-web-user-agent.md @@ -23,7 +23,7 @@ A machine learning job detected a rare and unusual user agent indicating web bro **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-windows-network-activity.md b/docs/reference/prebuilt-rules/unusual-windows-network-activity.md index 542ce8d381..5c87648ed6 100644 --- a/docs/reference/prebuilt-rules/unusual-windows-network-activity.md +++ b/docs/reference/prebuilt-rules/unusual-windows-network-activity.md @@ -23,7 +23,7 @@ Identifies Windows processes that do not usually use the network but have unexpe **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-windows-path-activity.md b/docs/reference/prebuilt-rules/unusual-windows-path-activity.md index ab6dc9693b..25d13f80f6 100644 --- a/docs/reference/prebuilt-rules/unusual-windows-path-activity.md +++ b/docs/reference/prebuilt-rules/unusual-windows-path-activity.md @@ -23,7 +23,7 @@ Identifies processes started from atypical folders in the file system, which mig **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-windows-remote-user.md b/docs/reference/prebuilt-rules/unusual-windows-remote-user.md index 06a687d8e9..63d99b3817 100644 --- a/docs/reference/prebuilt-rules/unusual-windows-remote-user.md +++ b/docs/reference/prebuilt-rules/unusual-windows-remote-user.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual remote desktop protocol (RDP) usernam **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-windows-service.md b/docs/reference/prebuilt-rules/unusual-windows-service.md index 38f062b740..7e29ff95d6 100644 --- a/docs/reference/prebuilt-rules/unusual-windows-service.md +++ b/docs/reference/prebuilt-rules/unusual-windows-service.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual Windows service, This can indicate ex **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-windows-user-privilege-elevation-activity.md b/docs/reference/prebuilt-rules/unusual-windows-user-privilege-elevation-activity.md index 3bd9274d0c..096e1c86b0 100644 --- a/docs/reference/prebuilt-rules/unusual-windows-user-privilege-elevation-activity.md +++ b/docs/reference/prebuilt-rules/unusual-windows-user-privilege-elevation-activity.md @@ -23,7 +23,7 @@ A machine learning job detected an unusual user context switch, using the runas **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: diff --git a/docs/reference/prebuilt-rules/unusual-windows-username.md b/docs/reference/prebuilt-rules/unusual-windows-username.md index e66be5dc0f..8cf3617486 100644 --- a/docs/reference/prebuilt-rules/unusual-windows-username.md +++ b/docs/reference/prebuilt-rules/unusual-windows-username.md @@ -23,7 +23,7 @@ A machine learning job detected activity for a username that is not normally act **References**: -* [/reference/security/prebuilt-jobs.md](/reference/prebuilt-jobs.md) +* [Prebuilt anomaly detection jobs](docs-content://reference/security/prebuilt-anomaly-detection-jobs.md) **Tags**: