security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d4db2ecfecedda763363fa5f46ed5829db709f1
sigma-rules/docs-dev/experimental-machine-learning/experimental-detections.md
T
shashank-elastic b3adc6d3ea Deprecate Experimental ML command (#4669)
2025-05-02 21:01:46 +05:30

1.1 KiB
Raw Blame History

Experimental ML Jobs and Rules

The ingest pipeline enriches process events by adding additional fields, which are used to power several rules. The experimental rules and jobs are staged separately from the model bundles under releases, with the tag ML-experimental-detections-YYYMMDD-N. New releases with this tag may contain either updates to existing rules or new experimental detections.

Note that if a rule is of type = "machine_learning", then it may be dependent on uploading and running a machine learning job first. If this is the case, it will likely be annotated within the note field of the rule.

Uploading rules

Unzip the release bundle and upload these rules individually.

Rules are now stored in ndjson format and can be imported into Kibana via the security app detections page.

Earlier releases stored the rules in toml format. These can be uploaded using the 7.12 branch CLI using the kibana import-rules command

Reference in New Issue View Git Blame Copy Permalink