security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding deprecation notes to experimental ML docs (#2393)

Browse Source 
* Adding deprecation notes to host and user risk score documentation

* Adding deprecation notes to experimental ML packages
This commit is contained in:
Apoorva Joshi
2022-11-09 09:42:34 -08:00
committed by GitHub
parent 4997f95300
commit 29cf37eeec
4 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/experimental-machine-learning/DGA.md
+1
View File
@@ -1,3 +1,4 @@
**The setup instructions in this document have been deprecated. Please follow the steps outlined in [this](https://www.elastic.co/security-labs/detect-domain-generation-algorithm-activity-with-new-Kibana-integration) blog to enable DGA detection in your environment.**
# Machine Learning on Domain Generation Algorithm (DGA)
To create and use supervised DGA ML models to enrich data within the stack, check out these Elastic blogs:
docs/experimental-machine-learning/host-risk-score.md
+1
View File
@@ -1,3 +1,4 @@
**The setup instructions in this document have been deprecated. Please follow the steps outlined [here](https://www.elastic.co/guide/en/security/current/host-risk-score.html), to enable Host Risk Score in your environment.**
# Host Risk Score
Host Risk Score is an experimental feature that assigns risk scores to hosts in a given Kibana space. Risk scores are calculated for each host by utilizing transforms on the alerting indices. The transform runs hourly to update the score as new alerts are generated. The Host Risk Score [package](https://github.com/elastic/detection-rules/releases) contains all of the required artifacts for setup. The Host Risk Score feature provides drilldown Lens dashboards and additional Kibana features such as the **Host Risk Score Card** on the Overview page of the Elastic Security app, and the **Host Risk Keyword** on the Alert details flyout for an enhanced experience.
docs/experimental-machine-learning/problem-child.md
+1
View File
@@ -1,3 +1,4 @@
**The setup instructions in this document have been deprecated. Please follow the steps outlined in [this](https://www.elastic.co/security-labs/detecting-living-off-the-land-attacks-with-new-elastic-integration) blog to enable Living off the Land (LotL) detection in your environment.**
# ProblemChild in the Elastic Stack
ProblemChild helps detect anomalous activity in Windows process events by:
docs/experimental-machine-learning/user-risk-score.md
+1
View File
@@ -1,3 +1,4 @@
**The setup instructions in this document have been deprecated. Please follow the steps outlined [here](https://www.elastic.co/guide/en/security/current/user-risk-score.html), to enable User Risk Score in your environment.**
# User Risk Score
The User Risk Score feature highlights risky usernames from within your environment. It utilizes a transform with a scripted metric aggregation to calculate user risk scores based on alerts that were generated within the past three months. The transform runs hourly to update the score as new alerts are generated. Each alert's contribution to the user risk score is based on the alert's risk score (`signal.rule.risk_score`). The risk score is calculated using a weighted sum where rules with higher time-corrected risk scores also have higher weights. Each risk score is normalized to a scale of 0 to 100.