This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
Appendix C: Auditbeat anomaly detection configurations
editAppendix C: Auditbeat anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use Auditbeat to audit process activity on your systems. For more details, see the datafeed and job definitions in GitHub.
Auditbeat docker processes
editDetect unusual processes in docker containers from auditd data (ECS).
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
| Name | Description | Job | Datafeed |
|---|---|---|---|
docker_high_count_process_events_ecs |
Detect unusual increases in process execution rates in docker containers (ECS) |
|
|
docker_rare_process_activity_ecs |
Detect rare process executions in docker containers (ECS) |
|
|
