Siem anomaly detection prebuild jobs

I am using trial version.I have installed filebeat,auditbeat,winlogbeat agent on target systems. The prebuilt jobs which i can use are

  1. siem-api-rare_process_linux_ecs
  2. siem-api-rare_process_windows_ecs
    3.siem-api-suspicious_login_activity_ecs

but from elasticsearch reference I should use all of these https://www.elastic.co/guide/en/siem/guide/7.x/prebuilt-ml-jobs.html

why can I use only these 3 jobs? Does it because license type?

No, this isn't because of the license type - rather, the version that you're on. Later versions have more built-in ML jobs. I believe that v7.5 has as many as 23 built-in jobs

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.