From 2e1a7629045a0cddb623b598201c9cd9ab161e70 Mon Sep 17 00:00:00 2001 From: Susan <23287722+susan-shu-c@users.noreply.github.com> Date: Wed, 9 Aug 2023 17:01:43 -0400 Subject: [PATCH] Update ML page with anomaly detection jobs from Elastic integrations (#3648) * ML page - update subsection * Update wording, test linking internal ref * Update broken link * Add url subsection * PR review * Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> * Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Remove subsection in url breaking the build * Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Update capitalization * Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * Capitalization --------- Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> (cherry picked from commit 27cd7fe421cfe1daa34c41d7a06d86a295928ea3) --- .../machine-learning/machine-learning.asciidoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 0374818293..62b9092566 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -66,6 +66,10 @@ Or * Your shipped data is ECS-compliant, and {kib} is configured with the shipped data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*. +Or + +* You install one or more of the Advanced Analytics integrations (refer to the following section). + <> describes all available {ml} jobs and lists which ECS fields are required on your hosts when you are not using {beats} or the {agent} to ship your data. For information on tuning anomaly results to reduce the @@ -76,6 +80,19 @@ prior to the time they are enabled. After jobs are enabled, they continuously analyze incoming data. When jobs are stopped and restarted within the two-week time frame, previously analyzed data is not processed again. +[float] +[[ml-integrations]] +=== Jobs in Advanced Analytics (UEBA) Elastic integrations + +You can also install {ml} jobs using https://docs.elastic.co/integrations[Elastic integrations]. Here are the Advanced Analytics integrations available for Security: + +* https://docs.elastic.co/integrations/ded[Data Exfiltration Detection] +* https://docs.elastic.co/integrations/dga[Domain Generation Algorithm Detection] +* https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] +* https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] + +To learn more about {ml} jobs enabled by these integrations, refer to the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html[Prebuilt jobs page]. + [float] [[view-anomalies]] == View detected anomalies