Behavioral detection use cases

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Behavioral detection identifies potential internal and external threats based on user and host activity. It uses a threat-centric approach to flag suspicious activity by analyzing patterns, anomalies, and context enrichment.

The behavioral detection feature is built on Elastic Security’s foundational SIEM detection capabilities, leveraging machine learning algorithms to enable proactive threat detection and hunting.

Elastic integrations for behavioral detection use cases

edit

Behavioral detection integrations provide a convenient way to enable behavioral detection capabilities. They streamline the deployment of components that implement behavioral detection, such as data ingestion, transforms, rules, machine learning jobs, and scripts.

Requirements

Behavioral detection integrations require the Security Analytics Complete project feature.
To learn more about the requirements for using machine learning jobs, refer to Machine learning job and rule requirements.

Here’s a list of integrations for various behavioral detection use cases:

To learn more about machine learning jobs enabled by these integrations, refer to Prebuilt job reference.

« Optimizing anomaly results Prebuilt ML job reference »