-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ML] Adds siem_cloudtrail Module #71323
[ML] Adds siem_cloudtrail Module #71323
Conversation
Model memory estimates are estimates - because we don't know the real data characteristics for each user environment. Two jobs in this module have a slightly higher risk that they could exceed the memory budget - Note - raising this for visibility - if docs changes are needed, they should be in a separate PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested these against the siem-cloudtrail
snapshot, and LGTM.
I noticed none of the jobs add custom URLs. Are there any drilldowns to e.g. the SIEM app that could be added to help the user get context around the anomalies?
regarding the comment from @sophiec20 - we don't have any mention of memory considerations in the SIEM or Machine Learning docs. |
The fields in the CT events and do not present super well in conventional network / host pages and the primary workflow will be in the detections and timeline pages after these get turned into detection alerts. |
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Test FailuresKibana Pipeline / kibana-xpack-agent / Chrome X-Pack UI Functional Tests.x-pack/test/functional/apps/ml/data_frame_analytics/regression_creation·ts.machine learning data frame analytics regression creation electrical grid stability displays the include fields selectionStandard Out
Stack Trace
Build metrics
History
To update your PR or re-run it, just comment with: |
* adds siem_cloudtrail module * updates logo to logoSecurity Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Summary
Adds the files for a new
siem_cloudtrail
module for use within the SIEM app, containing the job and datafeed configuration files that support the cloudtrail analyses performed by @randomuseridML:
SIEM:
Contains:
@peteharverson I updated the
get_module.ts
test but I was unsure what else needed to get updated. Can you please let me know if there are others that need to be updated?