-
Notifications
You must be signed in to change notification settings - Fork 191
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
93 additions
and
71 deletions.
There are no files selected for viewing
9 changes: 9 additions & 0 deletions
9
docs/advanced-entity-analytics/advanced-behavioral-detections.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
[[advanced-behavioral-detections]] | ||
= Advanced behavioral detections | ||
|
||
Elastic's {ml} capabilities and advanced correlation, scoring, and visualization techniques can help you identify potential behavioral threats that may be associated with security incidents. | ||
|
||
Advanced behavioral detections includes two key capabilities: | ||
|
||
* <<machine-learning, Anomaly detection>> | ||
* <<behavioral-detection-use-cases, Behavioral detection use cases>> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
docs/advanced-entity-analytics/behavioral-detection-use-cases.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
[[behavioral-detection-use-cases]] | ||
= Behavioral detection use cases | ||
|
||
Behavioral detection identifies potential internal and external threats based on user and host activity. It employs a threat-centric approach to flag suspicious activity by analyzing patterns, anomalies, and context enrichment. | ||
|
||
{elastic-sec} builds the behavioral detection feature on its foundational SIEM detection capabilities, leveraging {ml} algorithms to enable proactive threat detection and hunting. | ||
|
||
[float] | ||
[[ml-integrations]] | ||
=== Elastic {integrations} for behavioral detection use cases | ||
|
||
Behavioral detection integrations provide a convenient way to enable behavioral detection capabilities. They streamline the deployment of components that implement behavioral detection, such as data ingestion, transforms, rules, {ml} jobs, and scripts. | ||
|
||
.Requirements | ||
[sidebar] | ||
-- | ||
* Elastic integrations require a https://www.elastic.co/pricing[Platinum subscription] or higher. | ||
* To learn more about the requirements for using {ml} jobs, refer to <<ml-requirements, Machine learning job and rule requirements>>. | ||
-- | ||
|
||
Here's a list of integrations for various behavioral detection use cases: | ||
|
||
* {integrations-docs}/ded[Data Exfiltration Detection] | ||
* {integrations-docs}/dga[Domain Generation Algorithm Detection] | ||
* {integrations-docs}/lmd[Lateral Movement Detection] | ||
* {integrations-docs}/problemchild[Living off the Land Attack Detection] | ||
* {integrations-docs}/beaconing[Network Beaconing Identification] | ||
|
||
To learn more about {ml} jobs enabled by these integrations, refer to the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html[Prebuilt jobs page]. |
13 changes: 13 additions & 0 deletions
13
docs/advanced-entity-analytics/entity-risk-scoring.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
[[entity-risk-scoring]] | ||
= Entity risk scoring | ||
|
||
beta::[] | ||
|
||
Entity risk scoring is an advanced {elastic-sec} analytics feature that helps security analysts detect changes in an entity's risk posture, hunt for new threats, and prioritize incident response. | ||
|
||
Entity risk scoring allows you to monitor risk score changes of hosts and users in your environment. When generating advanced scoring analytics, the risk scoring engine utilizes threats from its end-to-end XDR use cases, such as SIEM, cloud, and endpoint. It leverages the Elastic SIEM detection engine to generate host and user risk scores from the last 30 days. | ||
|
||
It also generates risk scores on a recurring interval, and allows for easy onboarding and management. The engine is built to factor in risks from all {elastic-sec} use cases, and allows you to customize and control how and when risk is calculated. | ||
|
||
Learn how to <<turn-on-risk-engine, turn on the latest risk scoring engine>>. | ||
|
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
[[prebuilt-ml-jobs]] | ||
= Prebuilt job reference | ||
|
||
include::{stack-docs-root}/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc[tag=siem-jobs] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters