- Machine Learning: other versions:
- What is Elastic Machine Learning?
- Setup and security
- Anomaly detection
- Finding anomalies
- Advanced concepts
- API quick reference
- Examples
- Tutorial: Getting started with anomaly detection
- Generating alerts for anomaly detection jobs
- Aggregating data for faster performance
- Customizing detectors with custom rules
- Detecting anomalous categories of data
- Reverting to a model snapshot
- Detecting anomalous locations in geographic data
- Performing population analysis
- Altering data in your datafeed with runtime fields
- Adding custom URLs to machine learning results
- Handling delayed data
- Mapping anomalies by location
- Exporting and importing machine learning jobs
- Resources
- Data frame analytics
- Natural language processing
Appendix C: Auditbeat anomaly detection configurations
editAppendix C: Auditbeat anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use Auditbeat to audit process activity on your systems. For more details, see the datafeed and job definitions in GitHub.
Auditbeat docker processes
editDetect unusual processes in docker containers from auditd data (ECS).
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
| Name | Description | Job | Datafeed |
|---|---|---|---|
docker_high_count_process_events_ecs |
Detect unusual increases in process execution rates in docker containers (ECS) |
|
|
docker_rare_process_activity_ecs |
Detect rare process executions in docker containers (ECS) |
|
|
Auditbeat host processes
editDetect unusual processes on hosts from auditd data (ECS).
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
| Name | Description | Job | Datafeed |
|---|---|---|---|
hosts_high_count_process_events_ecs |
Detect unusual increases in process execution rates (ECS) |
|
|
hosts_rare_process_activity_ecs |
Detect rare process executions on hosts (ECS) |
|
|