Appendix G: Nginx anomaly detection configurations

edit

Appendix G: Nginx anomaly detection configurations

edit

These anomaly detection job wizards appear in Kibana if you use the Nginx integration in Fleet or you use Filebeat to ship access logs from your Nginx HTTP servers to Elasticsearch. The jobs assume that you use fields and data types from the Elastic Common Schema (ECS).

Nginx access logs

edit

Find unusual activity in HTTP access logs.

These jobs are available in Kibana only if data exists that matches the query specified in the manifest file.

Name Description Job Datafeed

low_request_rate_nginx

Detect low request rates

A link icon

A link icon

source_ip_request_rate_nginx

Detect unusual source IPs - high request rates

A link icon

A link icon

source_ip_url_count_nginx

Detect unusual source IPs - high distinct count of URLs

A link icon

A link icon

status_code_rate_nginx

Detect unusual status code rates

A link icon

A link icon

visitor_rate_nginx

Detect unusual visitor rates

A link icon

A link icon

Nginx access logs (Filebeat)

edit

These legacy anomaly detection jobs find unusual activity in HTTP access logs. For the latest versions, install the Nginx integration in Fleet; see Nginx access logs.

These jobs exist in Kibana only if data exists that matches the recognizer query specified in the manifest file.

Name Description Job Datafeed

low_request_rate_ecs

Detect low request rates (ECS)

A link icon

A link icon

source_ip_request_rate_ecs

Detect unusual source IPs - high request rates (ECS)

A link icon

A link icon

source_ip_url_count_ecs

Detect unusual source IPs - high distinct count of URLs (ECS)

A link icon

A link icon

status_code_rate_ecs

Detect unusual status code rates (ECS)

A link icon

A link icon

visitor_rate_ecs

Detect unusual visitor rates (ECS)

A link icon

A link icon