- Machine Learning: other versions:
- What is Elastic Machine Learning?
- Setup and security
- Anomaly detection
- Finding anomalies
- Tutorial: Getting started with anomaly detection
- Advanced concepts
- API quick reference
- How-tos
- Generating alerts for anomaly detection jobs
- Aggregating data for faster performance
- Altering data in your datafeed with runtime fields
- Customizing detectors with custom rules
- Reverting to a model snapshot
- Detecting anomalous locations in geographic data
- Mapping anomalies by location
- Adding custom URLs to machine learning results
- Anomaly detection jobs from visualizations
- Exporting and importing machine learning jobs
- Resources
- Data frame analytics
- Natural language processing
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Appendix C: Auditbeat anomaly detection configurations
editAppendix C: Auditbeat anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use Auditbeat to audit process activity on your systems. For more details, see the datafeed and job definitions in GitHub.
Auditbeat docker processes
editDetect unusual processes in docker containers from auditd data (ECS).
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
| Name | Description | Job | Datafeed |
|---|---|---|---|
docker_high_count_process_events_ecs |
Detect unusual increases in process execution rates in docker containers (ECS) |
|
|
docker_rare_process_activity_ecs |
Detect rare process executions in docker containers (ECS) |
|
|
On this page
Was this helpful?
Thank you for your feedback.