[SIEM][Detection Engine] Adds test scripts for machine learning featu…

…re (#60835) ## Summary * Adds ad-hoc testing scripts for machine learning feature ## Testing ```ts ./post_rule.sh ./rules/queries/query_with_machine_learning.json ./update_rule.sh ./rules/updates/update_machine_learning.json ./patch_rule.sh ./rules/patches/update_machine_learning.json ```
elastic · Mar 21, 2020 · 1411978 · 1411978
1 parent 0530981
commit 1411978
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/...ugins/siem/server/lib/detection_engine/scripts/rules/patches/update_machine_learning.json b/...ugins/siem/server/lib/detection_engine/scripts/rules/patches/update_machine_learning.json
@@ -0,0 +1,4 @@
+{
+  "rule_id": "machine-learning",
+  "anomaly_threshold": 10
+}
diff --git a/...s/siem/server/lib/detection_engine/scripts/rules/queries/query_with_machine_learning.json b/...s/siem/server/lib/detection_engine/scripts/rules/queries/query_with_machine_learning.json
@@ -0,0 +1,10 @@
+{
+  "name": "Query with a machine learning job",
+  "description": "Query with a machine learning job",
+  "rule_id": "machine-learning",
+  "risk_score": 1,
+  "severity": "high",
+  "type": "machine_learning",
+  "machine_learning_job_id": "linux_anomalous_network_activity_ecs",
+  "anomaly_threshold": 50
+}
diff --git a/...ugins/siem/server/lib/detection_engine/scripts/rules/updates/update_machine_learning.json b/...ugins/siem/server/lib/detection_engine/scripts/rules/updates/update_machine_learning.json
@@ -0,0 +1,10 @@
+{
+  "name": "Query with a machine learning job",
+  "description": "Query with a machine learning job",
+  "rule_id": "machine-learning",
+  "risk_score": 1,
+  "severity": "high",
+  "type": "machine_learning",
+  "machine_learning_job_id": "linux_anomalous_network_activity_ecs",
+  "anomaly_threshold": 100
+}