Appendix G: Nginx anomaly detection configurations
editAppendix G: Nginx anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use the Nginx integration in Fleet or you use Filebeat to ship access logs from your Nginx HTTP servers to Elasticsearch. The jobs assume that you use fields and data types from the Elastic Common Schema (ECS).
Nginx access logs
editFind unusual activity in HTTP access logs.
These jobs are available in Kibana only if data exists that matches the query specified in the manifest file.
Name | Description | Job | Datafeed |
---|---|---|---|
low_request_rate_nginx |
Detect low request rates |
||
source_ip_request_rate_nginx |
Detect unusual source IPs - high request rates |
||
source_ip_url_count_nginx |
Detect unusual source IPs - high distinct count of URLs |
||
status_code_rate_nginx |
Detect unusual status code rates |
||
visitor_rate_nginx |
Detect unusual visitor rates |
Nginx access logs (Filebeat)
editThese legacy anomaly detection jobs find unusual activity in HTTP access logs. For the latest versions, install the Nginx integration in Fleet; see Nginx access logs.
These jobs exist in Kibana only if data exists that matches the recognizer query specified in the manifest file.
Name | Description | Job | Datafeed |
---|---|---|---|
low_request_rate_ecs |
Detect low request rates (ECS) |
||
source_ip_request_rate_ecs |
Detect unusual source IPs - high request rates (ECS) |
||
source_ip_url_count_ecs |
Detect unusual source IPs - high distinct count of URLs (ECS) |
||
status_code_rate_ecs |
Detect unusual status code rates (ECS) |
||
visitor_rate_ecs |
Detect unusual visitor rates (ECS) |