Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score triggering on all kinds of normal processes

willemdh · April 25, 2025, 2:38pm

Hello,

I activated "Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score" and "Living off the Land Attack Detection" and followed the procedure.

It seems to be triggering on a lot of my usual / normal processes. For example opening brave and then opening a new tab always triggers a blocklist_label of 1.

Am I doing something wrong or is it normal that this triggers so frequently with a "High Malicious Probability Score"?

I'm using the latest version 2.4.0 in Elastic Security Serveless.

Willem

system · May 23, 2025, 2:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IDS basend on windows logs Elasticsearch	1	434	February 13, 2018
Machine Learning module is triggering alerts when there is no anomaly Elasticsearch elastic-stack-machine-learning	27	2889	July 1, 2019
Alert when there is anomaly in machine learning? Elasticsearch elastic-stack-machine-learning	4	2978	August 11, 2017
Filter machine learning actual values Elasticsearch elastic-stack-machine-learning	2	524	June 12, 2018
ML Unsupervised question SIEM	3	424	February 6, 2023

Machine Learning Detected a Suspicious Windows Event with a High Malicious Probability Score triggering on all kinds of normal processes

Related topics