From 3373e7d874d5c9951a4ddbfceff00a95e203b805 Mon Sep 17 00:00:00 2001 From: susan Date: Thu, 27 Jul 2023 13:05:32 -0400 Subject: [PATCH 01/13] ML page - update subsection --- .../machine-learning/machine-learning.asciidoc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 0374818293..2b3072a181 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -76,6 +76,17 @@ prior to the time they are enabled. After jobs are enabled, they continuously analyze incoming data. When jobs are stopped and restarted within the two-week time frame, previously analyzed data is not processed again. +[float] +[[ml-integrations]] +=== Jobs in advanced analytics (UEBA) Elastic integrations + +{ml} jobs can also be installed via https://docs.elastic.co/integrations[Elastic integrations]. We currently have the following Advanced Analytics integrations for Security: + +* https://docs.elastic.co/integrations/ded[Data Exfiltration Detection] +* https://docs.elastic.co/integrations/dga[Domain Generation Algorithm Detection] +* https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] +* https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] + [float] [[view-anomalies]] == View detected anomalies From 89f3838b5b9f85d88bd62a15d810191a125568e2 Mon Sep 17 00:00:00 2001 From: susan Date: Wed, 2 Aug 2023 10:38:03 -0400 Subject: [PATCH 02/13] Update wording, test linking internal ref --- docs/detections/machine-learning/machine-learning.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 2b3072a181..1ae0bae7d0 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -87,6 +87,8 @@ time frame, previously analyzed data is not processed again. * https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] * https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] +Read more about the {ml} jobs enabled by these Integrations in the include::{ml-dir}/anomaly-detection/ootb-ml-jobs-siem.asciidoc[Prebuilt jobs page]. + [float] [[view-anomalies]] == View detected anomalies From 9edfdef5a55ab5d25651473adcc51fa06d42ee13 Mon Sep 17 00:00:00 2001 From: susan Date: Wed, 2 Aug 2023 10:55:44 -0400 Subject: [PATCH 03/13] Update broken link --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 1ae0bae7d0..7e78512651 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -87,7 +87,7 @@ time frame, previously analyzed data is not processed again. * https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] * https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] -Read more about the {ml} jobs enabled by these Integrations in the include::{ml-dir}/anomaly-detection/ootb-ml-jobs-siem.asciidoc[Prebuilt jobs page]. +Read more about the {ml} jobs enabled by these Integrations in the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html[Prebuilt jobs page]. [float] [[view-anomalies]] From a8cf83d8d1ac595cbe1aa1b1aa0888dc9531eafc Mon Sep 17 00:00:00 2001 From: susan Date: Thu, 3 Aug 2023 10:57:37 -0400 Subject: [PATCH 04/13] Add url subsection --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 7e78512651..784aabcb7d 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -87,7 +87,7 @@ time frame, previously analyzed data is not processed again. * https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] * https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] -Read more about the {ml} jobs enabled by these Integrations in the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html[Prebuilt jobs page]. +Read more about the {ml} jobs enabled by these Integrations in the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html#security-integrations-jobs[Prebuilt jobs page]. [float] [[view-anomalies]] From 16cb5f68e5c0d83900b26708d22c9a89e27c09ef Mon Sep 17 00:00:00 2001 From: susan Date: Thu, 3 Aug 2023 12:57:19 -0400 Subject: [PATCH 05/13] PR review --- docs/detections/machine-learning/machine-learning.asciidoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 784aabcb7d..0948a7354a 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -66,6 +66,10 @@ Or * Your shipped data is ECS-compliant, and {kib} is configured with the shipped data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*. +Or + +* You install one or more of the Advanced Analytics Integrations. (See following section) + <> describes all available {ml} jobs and lists which ECS fields are required on your hosts when you are not using {beats} or the {agent} to ship your data. For information on tuning anomaly results to reduce the @@ -80,7 +84,7 @@ time frame, previously analyzed data is not processed again. [[ml-integrations]] === Jobs in advanced analytics (UEBA) Elastic integrations -{ml} jobs can also be installed via https://docs.elastic.co/integrations[Elastic integrations]. We currently have the following Advanced Analytics integrations for Security: +Machine learning jobs can also be installed via https://docs.elastic.co/integrations[Elastic integrations]. We currently have the following Advanced Analytics integrations for Security: * https://docs.elastic.co/integrations/ded[Data Exfiltration Detection] * https://docs.elastic.co/integrations/dga[Domain Generation Algorithm Detection] From 04f46a76bc0ef41efedbb3cf79f22e0a15b6c321 Mon Sep 17 00:00:00 2001 From: Susan <23287722+susan-shu-c@users.noreply.github.com> Date: Thu, 3 Aug 2023 13:33:01 -0400 Subject: [PATCH 06/13] Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 0948a7354a..c5f9fe33db 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -84,7 +84,7 @@ time frame, previously analyzed data is not processed again. [[ml-integrations]] === Jobs in advanced analytics (UEBA) Elastic integrations -Machine learning jobs can also be installed via https://docs.elastic.co/integrations[Elastic integrations]. We currently have the following Advanced Analytics integrations for Security: +You can also install {ml-cap} jobs using https://docs.elastic.co/integrations[Elastic integrations]. Here are the Advanced Analytics integrations available for Security: * https://docs.elastic.co/integrations/ded[Data Exfiltration Detection] * https://docs.elastic.co/integrations/dga[Domain Generation Algorithm Detection] From 913e031776f28235381c1bc610cb348fce44f293 Mon Sep 17 00:00:00 2001 From: Susan <23287722+susan-shu-c@users.noreply.github.com> Date: Thu, 3 Aug 2023 13:33:17 -0400 Subject: [PATCH 07/13] Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index c5f9fe33db..f8373dcdd5 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -68,7 +68,7 @@ data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*. Or -* You install one or more of the Advanced Analytics Integrations. (See following section) +* You install one or more of the Advanced Analytics Integrations (see following section). <> describes all available {ml} jobs and lists which ECS fields are required on your hosts when you are not using {beats} or the {agent} From dfd14221f953c07cdd33d44b018a777ead8e4ee0 Mon Sep 17 00:00:00 2001 From: Susan <23287722+susan-shu-c@users.noreply.github.com> Date: Thu, 3 Aug 2023 13:33:24 -0400 Subject: [PATCH 08/13] Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index f8373dcdd5..8f2cddd982 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -91,7 +91,7 @@ You can also install {ml-cap} jobs using https://docs.elastic.co/integrations[El * https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] * https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] -Read more about the {ml} jobs enabled by these Integrations in the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html#security-integrations-jobs[Prebuilt jobs page]. +To learn more about {ml} jobs enabled by these integrations, refer to the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html#security-integrations-jobs[Prebuilt jobs page]. [float] [[view-anomalies]] From 0a17a9cc34c1485fac9574bae023d7dba4c20211 Mon Sep 17 00:00:00 2001 From: susan Date: Thu, 3 Aug 2023 15:03:58 -0400 Subject: [PATCH 09/13] Remove subsection in url breaking the build --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 8f2cddd982..f7899927be 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -91,7 +91,7 @@ You can also install {ml-cap} jobs using https://docs.elastic.co/integrations[El * https://docs.elastic.co/integrations/lmd[Lateral Movement Detection] * https://docs.elastic.co/integrations/problemchild[Living off the Land Attack Detection] -To learn more about {ml} jobs enabled by these integrations, refer to the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html#security-integrations-jobs[Prebuilt jobs page]. +To learn more about {ml} jobs enabled by these integrations, refer to the https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html[Prebuilt jobs page]. [float] [[view-anomalies]] From d15d9f4392dd5107920f99207f56c80cbc060e02 Mon Sep 17 00:00:00 2001 From: Susan <23287722+susan-shu-c@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:46:25 -0400 Subject: [PATCH 10/13] Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index f7899927be..dbfbddb4eb 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -84,7 +84,7 @@ time frame, previously analyzed data is not processed again. [[ml-integrations]] === Jobs in advanced analytics (UEBA) Elastic integrations -You can also install {ml-cap} jobs using https://docs.elastic.co/integrations[Elastic integrations]. Here are the Advanced Analytics integrations available for Security: +You can also install {ml} jobs using https://docs.elastic.co/integrations[Elastic integrations]. Here are the Advanced Analytics integrations available for Security: * https://docs.elastic.co/integrations/ded[Data Exfiltration Detection] * https://docs.elastic.co/integrations/dga[Domain Generation Algorithm Detection] From 6c0599fc90c17b9aa0ee81fa792dbc9dcef6c49c Mon Sep 17 00:00:00 2001 From: susan Date: Tue, 8 Aug 2023 15:20:09 -0400 Subject: [PATCH 11/13] Update capitalization --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index dbfbddb4eb..203aac786d 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -68,7 +68,7 @@ data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*. Or -* You install one or more of the Advanced Analytics Integrations (see following section). +* You install one or more of the Advanced Analytics integrations (see following section). <> describes all available {ml} jobs and lists which ECS fields are required on your hosts when you are not using {beats} or the {agent} From fde2357fa4678b1439addc9e0a9b5b4c06fe0040 Mon Sep 17 00:00:00 2001 From: Susan <23287722+susan-shu-c@users.noreply.github.com> Date: Tue, 8 Aug 2023 16:52:34 -0400 Subject: [PATCH 12/13] Update docs/detections/machine-learning/machine-learning.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 203aac786d..30c8db1ae6 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -68,7 +68,7 @@ data's index patterns in *{kib}* -> *{stack-manage-app}* -> *Data Views*. Or -* You install one or more of the Advanced Analytics integrations (see following section). +* You install one or more of the Advanced Analytics integrations (refer to the following section). <> describes all available {ml} jobs and lists which ECS fields are required on your hosts when you are not using {beats} or the {agent} From 0f450b700988d9f82e325672b3a7df943c8736d4 Mon Sep 17 00:00:00 2001 From: susan Date: Wed, 9 Aug 2023 10:33:47 -0400 Subject: [PATCH 13/13] Capitalization --- docs/detections/machine-learning/machine-learning.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/detections/machine-learning/machine-learning.asciidoc b/docs/detections/machine-learning/machine-learning.asciidoc index 30c8db1ae6..62b9092566 100644 --- a/docs/detections/machine-learning/machine-learning.asciidoc +++ b/docs/detections/machine-learning/machine-learning.asciidoc @@ -82,7 +82,7 @@ time frame, previously analyzed data is not processed again. [float] [[ml-integrations]] -=== Jobs in advanced analytics (UEBA) Elastic integrations +=== Jobs in Advanced Analytics (UEBA) Elastic integrations You can also install {ml} jobs using https://docs.elastic.co/integrations[Elastic integrations]. Here are the Advanced Analytics integrations available for Security: