Siem anomaly detection prebuild jobs

jittinan · December 31, 2019, 7:28am

I am using trial version.I have installed filebeat,auditbeat,winlogbeat agent on target systems. The prebuilt jobs which i can use are

siem-api-rare_process_linux_ecs
siem-api-rare_process_windows_ecs
3.siem-api-suspicious_login_activity_ecs

but from elasticsearch reference I should use all of these https://www.elastic.co/guide/en/siem/guide/7.x/prebuilt-ml-jobs.html

why can I use only these 3 jobs? Does it because license type?

richcollier · January 2, 2020, 4:07pm

No, this isn't because of the license type - rather, the version that you're on. Later versions have more built-in ML jobs. I believe that v7.5 has as many as 23 built-in jobs

system · January 30, 2020, 4:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Prebuilt ML Jobs cant be activated SIEM	11	1321	May 23, 2020
Prebuilt ML jobs fail SIEM elastic-stack-machine-learning	10	643	May 18, 2020
Update prebuilt ML jobs SIEM	2	400	July 12, 2020
Auditbeat compared to Winlogbeat, Metricbeat SIEM	5	1722	September 16, 2020
SIEM, Winlogbeat and Windows Auditing Beats winlogbeat	2	485	July 11, 2020

Siem anomaly detection prebuild jobs

Related topics