Sorry, I've only been learning about elastics for a few years...And I happen to want to do some research with Wazuh and Elastic...I noticed that there are machine learning features in elastic in data analysis. Is it possible to replace algorithms in machine learning elastic? Not only use but can be used in research development, is this possible?
Thanks
Welcome to our community! 
I don't believe that this is possible at this stage, no.
So that means we can only directly use ML features in elastic and can't change anything in it?
Correct.
Can you elaborate more on what you are looking for?
I know that wazuh can be used to detect existing attacks and even be able to create rules that can be applied to block attackers, on the other hand elastic helps wazuh as a system and user interface, currently elastic has added machine learning features that can be used to improve threat analysis. Now what I really want to do is try to predict attacks on IoT devices that are likely to happen in the future by utilizing machine learning elastics that can study wazuh data, but I plan to use other types of algorithms on machine learning elastics, is it possible to overhauling algorithms from machine learning elastic?
I started checking Wazuh a year and a half ago, at the beginning I was very excited, after all, OSSEC in steroids was looking great, however, as I go deeper and deeper, I started to realize that Wazuh was going to be overcome by the native SIEM functionality by Elastic very soon. I suggest you to do the same, evaluate Wazuh functionality and the complexity of implementation against the native modules in Elastic, and select which one fits your needs better.
Now, about you specific question. What you are trying to accomplish, it's possible, but you have to get very familiar with the "schema" used by Wazuh, so you could select the "features" that ML is going to use for predictions; the algorithms used by Elastic for regression & classification are very standard, but not interchangeable.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.