This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Advanced behavioral detections Anomaly detection »
Elastic Docs Elastic Security Solution [8.16] Advanced Entity Analytics Advanced behavioral detections

Machine learning job and rule requirements

edit

Machine learning job and rule requirements

edit

To run and create machine learning jobs and rules, you need all of these:

  • The appropriate license
  • There must be at least one machine learning node in your cluster
  • The machine_learning_admin user role

Additionally, to configure alert suppression for machine learning rules, your role needs the following index privilege:

  • read permission for the .ml-anomalies-* index

For more information, go to Set up machine learning features.

The machine_learning_admin and machine_learning_user built-in roles give access to the results of all anomaly detection jobs, irrespective of whether the user has access to the source indices. Likewise, a user who has full or read-only access to machine learning features within a given Kibana space can view the results of all anomaly detection jobs that are visible in that space. You must carefully consider who is given these roles and feature privileges; anomaly detection job results may propagate field values that contain sensitive information from the source indices to the results.

« Advanced behavioral detections Anomaly detection »