Hello!
I'd like to know if there is ability to enable Elastic Security prebuilt rules and ML jobs they require to work properly via API.
I didn't managed to find any info on this, so perhaps this functionality is not available, but maybe any of you guys have any.
Information on the ML jobs for Elastic Security is: Prebuilt job reference | Elastic Security Solution [7.15] | Elastic
It requires you to have a Platinum License (or a trial license)
Not a single word about API in this docs.
The pre-built jobs are basically stored as kibana plugin "models" - you can see them all in this GH repo: kibana/x-pack/plugins/ml/server/models/data_recognizer/modules at 7.15 · elastic/kibana · GitHub
for example: rare destination by country
job: https://github.com/elastic/kibana/blob/7.15/x-pack/plugins/ml/server/models/data_r[…]nizer/modules/security_network/ml/rare_destination_country.json
datafeed: https://github.com/elastic/kibana/blob/7.15/x-pack/plugins/ml/server/models/data_r[…]ules/security_network/ml/datafeed_rare_destination_country.json
In the Kibana UI, once the user clicks on "enable" - Kibana just reads these static files and calls the _ml API with the details and the jobs get created.
You now have all the information on how to call the _ml API to create these jobs.
Wow, that's exactly what I needed!
Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.