Skip to content

Commit 92a97bb

Browse files
sodhikirti07sodhikirti07
committed
Add details for the new security host module to ootb ml jobs doc
1 parent 377a722 commit 92a97bb

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,37 @@ for data that matches the query.
116116
|===
117117
// end::security-cloudtrail-jobs[]
118118

119+
[discrete]
120+
[[security-host-jobs]]
121+
== Security: Host
122+
123+
Anomaly detection jobs for host-based threat hunting and detection.
124+
125+
In the {ml-app} app, these configurations are available only when data exists
126+
that matches the query specified in the
127+
https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/security_host/manifest.json[manifest file].
128+
In the {security-app}, it looks in the {data-source} specified in the
129+
{kibana-ref}/advanced-options.html#securitysolution-defaultindex[`securitySolution:defaultIndex` advanced setting]
130+
for data that matches the query.
131+
132+
// tag::security-host-jobs[]
133+
134+
|===
135+
|Name |Description |Job |Datafeed
136+
137+
|high_count_events_for_a_host_name
138+
|Looks for a sudden spike in host based traffic. This can be due to a range of security issues, such as a compromised system, DDoS attacks, malware infections, privilege escalation, or data exfiltration.
139+
|https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/security_host/ml/high_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
140+
|https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/security_host/ml/datafeed_high_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
141+
142+
|low_count_events_for_a_host_name
143+
|Looks for a sudden drop in host based traffic. This can be due to a range of security issues, such as a compromised system, a failed service, or a network misconfiguration.
144+
|https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/security_host/ml/low_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
145+
|https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/security_host/ml/datafeed_low_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
146+
147+
|===
148+
// end::security-host-jobs[]
149+
119150
[discrete]
120151
[[security-linux-jobs]]
121152
== Security: Linux

0 commit comments

Comments
 (0)