Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ML] Adding v3 modules for Security_Linux and Security_Windows and Deprecating v1 + v2 #131166

Merged
merged 39 commits into from
May 18, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
a8d2ebb
consolidate Security ML Modules
bfilar Mar 9, 2022
d3d25c6
removal of auditbeat host processes ecs module
bfilar Mar 9, 2022
95b7c8e
removing siem_winlogbeat_auth after consolidating into windows_security
bfilar Mar 10, 2022
dc6aac6
renamed to avoid job collisions
bfilar Mar 18, 2022
2952d2a
Update recognize_module.ts
randomuserid Mar 21, 2022
014896b
test fixes
randomuserid Mar 21, 2022
6017c46
Merge branch 'main' into bfilar-ml-refactor
kibanamachine Mar 21, 2022
c34ae06
Update recognize_module.ts
randomuserid Mar 21, 2022
39ee594
Merge branch 'bfilar-ml-refactor' of https://github.com/elastic/kiban…
randomuserid Mar 21, 2022
5c316a2
Merge branch 'main' into bfilar-ml-refactor
kibanamachine Mar 21, 2022
755b26e
deprecating winlogbeat and auditbeat modules
bfilar Mar 21, 2022
3a16dd1
fixes test post-deprecation of modules
bfilar Mar 21, 2022
b37e0df
fixes typo in test
bfilar Mar 21, 2022
ff9aee5
revert linting changes
bfilar Mar 22, 2022
d4e3cba
revert linting changes pt2
bfilar Mar 22, 2022
b59d8b9
fixing test in setup_module.ts
bfilar Mar 22, 2022
9a6e965
ml module refactor
bfilar Apr 28, 2022
5c97101
Merge branch 'main' into bfilar.ml-refactor-2
kibanamachine May 9, 2022
7f07400
manifest, job, and datafeed cleanup based on PR feedback
bfilar May 10, 2022
f4ad024
Merge branch 'bfilar.ml-refactor-2' of github.com:elastic/kibana into…
bfilar May 10, 2022
c030d46
commenting out security solution tests for ML Modules
bfilar May 11, 2022
781e75a
modified ml module tests and job descriptions
bfilar May 11, 2022
e575765
Merge branch 'main' into bfilar.ml-refactor-2
randomuserid May 11, 2022
cc40cf2
Merge branch 'main' into bfilar.ml-refactor-2
kibanamachine May 11, 2022
b265aa4
Update datafeed_auth_high_count_logon_events_for_a_source_ip.json
randomuserid May 16, 2022
988c7f0
Update datafeed_auth_high_count_logon_events_for_a_source_ip.json
randomuserid May 16, 2022
d918c12
Merge branch 'main' into bfilar.ml-refactor-2
randomuserid May 16, 2022
8f2c27d
descriptions
randomuserid May 16, 2022
c7ec626
tags
randomuserid May 16, 2022
019bb00
tags
randomuserid May 16, 2022
55acc7c
tags
randomuserid May 16, 2022
f579bc7
Merge branch 'main' into bfilar.ml-refactor-2
randomuserid May 16, 2022
9621f03
Merge branch 'main' into bfilar.ml-refactor-2
randomuserid May 17, 2022
c2832fe
linting
randomuserid May 17, 2022
62726d6
Merge branch 'bfilar.ml-refactor-2' of https://github.com/elastic/kib…
randomuserid May 17, 2022
927c270
Update v3_windows_anomalous_script.json
randomuserid May 17, 2022
702e642
Update v3_linux_anomalous_network_activity.json
randomuserid May 17, 2022
4974858
Merge branch 'main' into bfilar.ml-refactor-2
randomuserid May 17, 2022
719d6f1
Update v3_windows_anomalous_script.json
randomuserid May 17, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@
{
"id": "auth_rare_user",
"file": "auth_rare_user.json"
},
{
"id": "suspicious_login_activity",
"file": "suspicious_login_activity.json"
}
],
"datafeeds": [
Expand Down Expand Up @@ -73,6 +77,11 @@
"id": "datafeed-auth_rare_user",
"file": "datafeed_auth_rare_user.json",
"job_id": "auth_rare_user"
},
{
"id": "datafeed-suspicious_login_activity",
"file": "datafeed_suspicious_login_activity.json",
"job_id": "suspicious_login_activity"
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,16 @@
],
"max_empty_searches": 10,
"query": {
"bool": {
"filter": [
{
"term": {
"event.category": "authentication"
}
},
{
"term": {
"event.outcome": "success"
}
"bool": {
"filter": [{"exists": {"field": "source.ip"}}],
"must": [
{"bool": {
"should": [
{"term": {"event.category": "authentication"}},
{"term": {"event.outcome": "success"}}
]
}}
]
}
]
}
}
}
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"icon": "logoSecurity"
}
}
Loading