Rules for 'builtin' ML Jobs

Hello,

When we configure rules for 'builtin' jobs, such as 'rare process executions on Linux', where we would skip the result if the process in in a filter list 'whitelist_process_name', will these rules be overwritten when we would update Elasticsearch / Kibana? (Like edits to builtin templates / pipelines would be overwritten)?

The issue now is that we have a lot of anomalies and were hoping to lower noise by using a whitelist for process names.

Grtz

Willem

No, they will not be overwritten, as the rule definitions are stored with the ML job configs themselves. Only if you deleted and/or recreated the jobs would the rules be erased.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.