From 7c2abc68d7939debe16bdcead676d2315f0fe666 Mon Sep 17 00:00:00 2001 From: Justin Ibarra Date: Wed, 9 Dec 2020 23:06:35 +0100 Subject: [PATCH] [Docs] Update ML_DGA.md (#707) --- detection_rules/eswrap.py | 5 +++-- docs/ML_DGA.md | 22 ++++++++++++++-------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/detection_rules/eswrap.py b/detection_rules/eswrap.py index 3774b7448..8694519e7 100644 --- a/detection_rules/eswrap.py +++ b/detection_rules/eswrap.py @@ -636,8 +636,9 @@ def setup_dga_model(ctx, model_tag, repo, model_dir, overwrite): click.echo('Ensure that you have updated your packetbeat.yml config file.') click.echo(' - reference: ML_DGA.md #2-update-packetbeat-configuration') - click.echo('To upload rules, run: kibana upload-rule ') - click.echo('To upload ML jobs, run: es experimental upload-ml-job ') + click.echo('Associated rules and jobs can be found under ML-experimental-detections releases in the repo') + click.echo('To upload rules, run: kibana upload-rule ') + click.echo('To upload ML jobs, run: es experimental upload-ml-job ') @es_experimental.command('upload-ml-job') diff --git a/docs/ML_DGA.md b/docs/ML_DGA.md index 4f8555519..655323af3 100644 --- a/docs/ML_DGA.md +++ b/docs/ML_DGA.md @@ -28,22 +28,28 @@ python -m detection_rules es experimental setup-dga-model -h Elasticsearch client: Options: - -u, --elasticsearch-url TEXT + -et, --timeout INTEGER Timeout for elasticsearch client + -ep, --es-password TEXT + -eu, --es-user TEXT --cloud-id TEXT - -u, --user TEXT - -p, --es-password TEXT - -t, --timeout INTEGER Timeout for elasticsearch client + --elasticsearch-url TEXT + + +* experimental commands are use at your own risk and may change without warning * Usage: detection_rules es experimental setup-dga-model [OPTIONS] - Upload DGA model and enrich DNS data. + Upload ML DGA model and dependencies and enrich DNS data. Options: -t, --model-tag TEXT Release tag for model files staged in detection- rules (required to download files) + -r, --repo TEXT GitHub repository hosting the model file releases + (owner/repo) -d, --model-dir DIRECTORY Directory containing local model files --overwrite Overwrite all files if already in the stack -h, --help Show this message and exit. + ``` ### Detailed steps @@ -155,8 +161,8 @@ Job files are checked if they are valid toml and contain the following top level #### Validation All of these checks are automated and can be called with: -`python -m detection-rules dev gh-release validate-ml-dga-asset` - for model bundles -`python -m detection-rules dev gh-release validate-ml-detections-asset` for rule/job bundles +`python -m detection_rules dev gh-release validate-ml-dga-asset` - for model bundles +`python -m detection_rules dev gh-release validate-ml-detections-asset` for rule/job bundles Pay attention to the output to determine any necessary changes. This may not be all inclusive and actual testing on a live stack should always occur even with passing validation before saving to a GitHub release @@ -165,7 +171,7 @@ live stack should always occur even with passing validation before saving to a G Install dependencies with `pip install -r requirements-dev.txt` -A release can be created via the cli using `python -m detection-rules dev gh-release create-ml` +A release can be created via the cli using `python -m detection_rules dev gh-release create-ml` * you can only use a github token * the base directory name and release name must match