Hi, as i know es provide ml to detect unusual event, like "Unusual Windows Username" and another exapmle is " Unusual Hour for a User to Logon".
I have question about unusual meaning as belows.
Hello. It is hard to tell based on the question. but we have a couple of blogs that explain the "rare" function in machine learning:
Hope this helps
We have some pre-built jobs that look for rarities in username over a single host:
Auth rare hour for user: Prebuilt job reference | Elastic Security Solution [8.5] | Elastic
Unusual Windows username: Unusual Windows Username | Elastic Security Solution [8.5] | Elastic
However it might depend on your situation specifically about your 100 host event log data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.