Sorry, I've only been learning about elastics for a few years...And I happen to want to do some research with Wazuh and Elastic...I noticed that there are machine learning features in elastic in data analysis. Is it possible to replace algorithms in machine learning elastic? Not only use but can be used in research development, is this possible?
I know that wazuh can be used to detect existing attacks and even be able to create rules that can be applied to block attackers, on the other hand elastic helps wazuh as a system and user interface, currently elastic has added machine learning features that can be used to improve threat analysis. Now what I really want to do is try to predict attacks on IoT devices that are likely to happen in the future by utilizing machine learning elastics that can study wazuh data, but I plan to use other types of algorithms on machine learning elastics, is it possible to overhauling algorithms from machine learning elastic?
I started checking Wazuh a year and a half ago, at the beginning I was very excited, after all, OSSEC in steroids was looking great, however, as I go deeper and deeper, I started to realize that Wazuh was going to be overcome by the native SIEM functionality by Elastic very soon. I suggest you to do the same, evaluate Wazuh functionality and the complexity of implementation against the native modules in Elastic, and select which one fits your needs better.
Now, about you specific question. What you are trying to accomplish, it's possible, but you have to get very familiar with the "schema" used by Wazuh, so you could select the "features" that ML is going to use for predictions; the algorithms used by Elastic for regression & classification are very standard, but not interchangeable.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.