github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[ML] Removes hardcoded datafeed indices for security auth and network modules (#109692)

Browse source
This commit is contained in:
Pete Harverson 2021-08-24 09:22:10 +01:00 committed by GitHub
parent 20529be326
commit e733b6ae0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 20 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

7
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_events.json
View file

@ -1,10 +1,7 @@
{
"job_id": "auth_high_count_logon_events",
"job_id": "JOB_ID",
"indices": [
"auditbeat-*",
"logs-*",
"filebeat-*",
"winlogbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

7
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_events_for_a_source_ip.json
View file

@ -1,10 +1,7 @@
{
"job_id": "auth_high_count_logon_events_for_a_source_ip",
"job_id": "JOB_ID",
"indices": [
"auditbeat-*",
"logs-*",
"filebeat-*",
"winlogbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

7
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_fails.json
View file

@ -1,10 +1,7 @@
{
"job_id": "auth_high_count_logon_fails",
"job_id": "JOB_ID",
"indices": [
"auditbeat-*",
"logs-*",
"filebeat-*",
"winlogbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

7
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_rare_hour_for_a_user.json
View file

@ -1,10 +1,7 @@
{
"job_id": "auth_rare_hour_for_a_user",
"job_id": "JOB_ID",
"indices": [
"auditbeat-*",
"logs-*",
"filebeat-*",
"winlogbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

7
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_rare_source_ip_for_a_user.json
View file

@ -1,10 +1,7 @@
{
"job_id": "auth_rare_source_ip_for_a_user",
"job_id": "JOB_ID",
"indices": [
"auditbeat-*",
"logs-*",
"filebeat-*",
"winlogbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

7
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_rare_user.json
View file

@ -1,10 +1,7 @@
{
"job_id": "auth_rare_user",
"job_id": "JOB_ID",
"indices": [
"auditbeat-*",
"logs-*",
"filebeat-*",
"winlogbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

6
x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_by_destination_country.json
View file

@ -1,9 +1,7 @@
{
"job_id": "high_count_by_destination_country",
"job_id": "JOB_ID",
"indices": [
"logs-*",
"filebeat-*",
"packetbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

6
x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_network_denies.json
View file

@ -1,9 +1,7 @@
{
"job_id": "high_count_network_denies",
"job_id": "JOB_ID",
"indices": [
"logs-*",
"filebeat-*",
"packetbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

6
x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_high_count_network_events.json
View file

@ -1,9 +1,7 @@
{
"job_id": "high_count_network_events",
"job_id": "JOB_ID",
"indices": [
"logs-*",
"filebeat-*",
"packetbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {

6
x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/datafeed_rare_destination_country.json
View file

@ -1,9 +1,7 @@
{
"job_id": "rare_destination_country",
"job_id": "JOB_ID",
"indices": [
"logs-*",
"filebeat-*",
"packetbeat-*"
"INDEX_PATTERN_NAME"
],
"max_empty_searches": 10,
"query": {