In machine learning anomaly detection, can I set my own rules for detection?
Example: I want to detect a computer. Normally this computer accesses many different IP addresses, but suddenly one day this computer accesses a completely new IP address compared to the previous addresses. The previous IP it accessed. So for this action, this is abnormal, but I want to set this rule so that machine learning does not identify this as abnormal->normal.
What should I do?
Hello @zi_ninja ,
we have rare detectors that can do what you are interested in. Please refer to the details in the blog post Using Elastic machine learning rare analysis to hunt for the unusual.
If you are interested in canonical outlier detection; please check our documentation on finding outliers.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.