You are looking at preliminary documentation for a future release. Not what you want? See the current release documentation.
Elastic Docs Machine Learning in the Elastic Stack [master]
« Appendix B: APM anomaly detection configurations Appendix D: Logs anomaly detection configurations »

Appendix C: Auditbeat anomaly detection configurationsedit

These anomaly detection job wizards appear in Kibana if you use Auditbeat to audit process activity on your systems. For more details, see the datafeed and job definitions in GitHub.

Auditbeat docker processesedit

Detect unusual processes in docker containers from auditd data (ECS).

These configurations are only available if data exists that matches the recognizer query specified in the manifest file.

Name Description Job Datafeed

docker_high_count_process_events_ecs

Detect unusual increases in process execution rates in docker containers (ECS)

A link icon

A link icon

docker_rare_process_activity_ecs

Detect rare process executions in docker containers (ECS)

A link icon

A link icon
« Appendix B: APM anomaly detection configurations Appendix D: Logs anomaly detection configurations »