security-tools/sigma-rules

Files

T

History

shashank-elastic b3adc6d3ea Deprecate Experimental ML command (#4669 )

2025-05-02 21:01:46 +05:30

..

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

beaconing.md

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

DGA.md

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

experimental-detections.md

Deprecate Experimental ML command (#4669 )

2025-05-02 21:01:46 +05:30

host-risk-score.md

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

problem-child.md

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

readme.md

Deprecate Experimental ML command (#4669 )

2025-05-02 21:01:46 +05:30

url-spoof.md

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

user-risk-score.md

chore: use docs-dev instead of docs dir for docs (#4522 )

2025-03-07 14:34:51 +01:00

readme.md

Experimental machine learning

This repo contains some additional information and files to use experimental* machine learning features and detections

Features

Releases

There are separate releases for:

DGA: ML-DGA-*
ProblemChild: ML-ProblemChild-*
Host Risk Score: ML-HostRiskScore-*
URL Spoof: ML-URLSpoof-*
experimental detections: ML-experimental-detections-*

Releases will use the tag ML-TYPE-YYYMMDD-N, which will be needed for uploading the model using the CLI.

What does experimental mean in this context?

Experimental model bundles (models, scripts, and pipelines), rules, and jobs are components which are currently in development and so may not have completed the testing or scrutiny which full production detections are subjected to.

It may also make use of features which are not yet GA and so may be subject to change and are not covered by the support SLA of general release (GA) features. Some of these features may also never make it to GA.