Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes URLs in OOTB security jobs and updates job IDs #2563

Merged
merged 5 commits into from
Oct 16, 2023
Merged

Fixes URLs in OOTB security jobs and updates job IDs #2563

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
85eb973
Fixes OOTB security job links.
szabosteve Oct 13, 2023
eff0abb
Updates job IDs.
szabosteve Oct 13, 2023
ecc40d3
Addresses feedback.
szabosteve Oct 16, 2023
10e5454
Removes experimental.
szabosteve Oct 16, 2023
00a9029
Changes links.
szabosteve Oct 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 58 additions & 58 deletions docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -411,8 +411,8 @@ To download, refer to the https://docs.elastic.co/integrations/dga[documentation

|dga_high_sum_probability
|Detect domain generation algorithm (DGA) activity in your network data.
|https://github.com/elastic/integrations/blob/{branch}/packages/dga/kibana/ml_module/dga-ml.json#L23[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/dga/kibana/ml_module/dga-ml.json#L58[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/dga/kibana/ml_module/dga-ml.json#L23[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/dga/kibana/ml_module/dga-ml.json#L58[image:images/link.svg[A link icon]]

|===

Expand All @@ -429,33 +429,33 @@ To download, refer to the https://docs.elastic.co/integrations/problemchild[docu

|problem_child_rare_process_by_host
|Looks for a process that has been classified as malicious on a host that does not commonly manifest malicious process activity (experimental).
szabosteve marked this conversation as resolved.
Show resolved Hide resolved
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#L29[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#L29[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]

|problem_child_high_sum_by_host
|Looks for a set of one or more malicious child processes on a single host (experimental).
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#L64[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#L64[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]

|problem_child_rare_process_by_user
|Looks for a process that has been classified as malicious where the user context is unusual and does not commonly manifest malicious process activity (experimental).
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#L106[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#L106[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]

|problem_child_rare_process_by_parent
|Looks for rare malicious child processes spawned by a parent process (experimental).
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#L141[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#L141[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]

|problem_child_high_sum_by_user
|Looks for a set of one or more malicious processes, started by the same user (experimental).
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#L177[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#L177[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]

|problem_child_high_sum_by_parent
|Looks for a set of one or more malicious child processes spawned by the same parent process (experimental).
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#L219[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#L219[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/problemchild/kibana/ml_module/problemchild-ml.json#262[image:images/link.svg[A link icon]]

|===

Expand All @@ -470,40 +470,40 @@ To download, refer to the https://docs.elastic.co/integrations/ded[documentation
|===
|Name |Description |Job |Datafeed

|high-sent-bytes-destination-geo-country_iso_code
|ded_high_sent_bytes_destination_geo_country_iso_code
|Detects data exfiltration to an unusual geo-location (by country iso code).
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L44[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L44[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|high-sent-bytes-destination-ip
|ded_high_sent_bytes_destination_ip
|Detects data exfiltration to an unusual geo-location (by IP address).
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L83[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L83[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|high-sent-bytes-destination-port
|ded_high_sent_bytes_destination_port
|Detects data exfiltration to an unusual destination port.
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L119[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L119[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|high-sent-bytes-destination-region_name
|ded_high_sent_bytes_destination_region_name
|Detects data exfiltration to an unusual geo-location (by region name).
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L156[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L156[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|high-bytes-written-to-external-device
|ded_high_bytes_written_to_external_device
|Detects data exfiltration activity by identifying high bytes written to an external device.
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L194[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L194[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|rare-process-writing-to-external-device
|ded_rare_process_writing_to_external_device
|Detects data exfiltration activity by identifying a file write started by a rare process to an external device.
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L231[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L231[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|high-bytes-written-to-external-device-airdrop
|ded_high_bytes_written_to_external_device_airdrop
|Detects data exfiltration activity by identifying high bytes written to an external device via Airdrop.
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L268[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L268[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/ded/kibana/ml_module/ded-ml.json#L304[image:images/link.svg[A link icon]]

|===

Expand All @@ -518,60 +518,60 @@ To download, refer to the https://docs.elastic.co/integrations/lmd[documentation
|===
|Name |Description |Job |Datafeed

|high-count-remote-file-transfer
|lmd_high_count_remote_file_transfer
|Detects unusually high file transfers to a remote host in the network.
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L24[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L24[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-file-size-remote-file-transfer
|lmd_high_file_size_remote_file_transfer
|Detects unusually high size of files shared with a remote host in the network.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L58[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|rare-file-extension-remote-transfer
|lmd_rare_file_extension_remote_transfer
|Detects data exfiltration to an unusual destination port.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L92[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|rare-file-path-remote-transfer
|lmd_rare_file_path_remote_transfer
|Detects unusual folders and directories on which a file is transferred.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L126[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-mean-rdp-session-duration
|lmd_high_mean_rdp_session_duration
|Detects unusually high mean of RDP session duration.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L160[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-var-rdp-session-duration
|lmd_high_var_rdp_session_duration
|Detects unusually high variance in RDP session duration.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L202[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-sum-rdp-number-of-processes
|lmd_high_sum_rdp_number_of_processes
|Detects unusually high number of processes started in a single RDP session.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L244[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|unusual-time-weekday-rdp-session-start
|lmd_unusual_time_weekday_rdp_session_start
|Detects an RDP session started at an usual time or weekday.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L286[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-rdp-distinct-count-source-ip-for-destination
|lmd_high_rdp_distinct_count_source_ip_for_destination
|Detects a high count of source IPs making an RDP connection with a single destination IP.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L326[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-rdp-distinct-count-destination-ip-for-source
|lmd_high_rdp_distinct_count_destination_ip_for_source
|Detects a high count of destination IPs establishing an RDP connection with a single source IP.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L360[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|high-mean-rdp-process-args
|lmd_high_mean_rdp_process_args
|Detects unusually high number of process arguments in an RDP session.
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L394[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/{branch}/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]
|https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json#L436[image:images/link.svg[A link icon]]

|===
// end::security-windows-jobs[]
Expand Down