ML Unsupervised question

alex_su · January 4, 2023, 9:02am

Hi, as i know es provide ml to detect unusual event, like "Unusual Windows Username" and another exapmle is " Unusual Hour for a User to Logon".

I have question about unusual meaning as belows.

how to build this ml ? like one host one model? or if i have 100 host event log data, we only need one model can handle it?

Sergi_Massaneda_Dona · January 4, 2023, 3:28pm

Hello. It is hard to tell based on the question. but we have a couple of blogs that explain the "rare" function in machine learning:

Hope this helps

shuchang · January 9, 2023, 4:40pm

We have some pre-built jobs that look for rarities in username over a single host:

However it might depend on your situation specifically about your 100 host event log data.

system · February 6, 2023, 4:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dec 4th, 2018: [EN][ML] Rarity Analysis with Machine Learning Advent Calendar elastic-stack-machine-learning	3	2742	December 1, 2019
ML for unusual name detection Elasticsearch elastic-stack-machine-learning	4	475	January 13, 2019
ML - Anomaly fresh data (high score) Elasticsearch elastic-stack-machine-learning	2	384	June 16, 2020
Machine Learning: Rare function not working as expected Elasticsearch elastic-stack-machine-learning	4	1012	August 7, 2017
ML anomaly detection question Kibana elastic-stack-machine-learning	8	621	February 11, 2020