github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.6] [ML] Fix datafeed of auth_high_count_logon_events_for_a_source_ip anomaly detection job (#149524) (#149859)

Browse source 
# Backport

This will backport the following commits from `main` to `8.6`:
- [[ML] Fix datafeed of auth_high_count_logon_events_for_a_source_ip
anomaly detection job
(#149524)](https://github.com/elastic/kibana/pull/149524)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kirti
Sodhi","email":"109447885+sodhikirti07@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-01-26T15:31:17Z","message":"[ML]
Fix datafeed of auth_high_count_logon_events_for_a_source_ip anomaly
detection job
(#149524)","sha":"da929fc6671be33fa24e939bc68ef2246b028c87","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix",":ml","Feature:Anomaly
Detection","auto-backport","v8.7.0","v8.6.2"],"number":149524,"url":"https://github.com/elastic/kibana/pull/149524","mergeCommit":{"message":"[ML]
Fix datafeed of auth_high_count_logon_events_for_a_source_ip anomaly
detection job
(#149524)","sha":"da929fc6671be33fa24e939bc68ef2246b028c87"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149524","number":149524,"mergeCommit":{"message":"[ML]
Fix datafeed of auth_high_count_logon_events_for_a_source_ip anomaly
detection job
(#149524)","sha":"da929fc6671be33fa24e939bc68ef2246b028c87"}},{"branch":"8.6","label":"v8.6.2","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Kirti Sodhi <109447885+sodhikirti07@users.noreply.github.com>
This commit is contained in:
Pete Harverson 2023-01-30 18:23:08 +00:00 committed by GitHub
parent d162b07f4c
commit f67a21bccc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

30
x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/datafeed_auth_high_count_logon_events_for_a_source_ip.json
View file

@ -5,16 +5,24 @@
],
"max_empty_searches": 10,
"query": {
"bool": {
"filter": [{"exists": {"field": "source.ip"}}],
"must": [
{"bool": {
"should": [
{"term": {"event.category": "authentication"}},
{"term": {"event.outcome": "success"}}
]
}}
]
"bool": {
"filter": [
{
"exists": {
"field": "source.ip"
}
},
{
"term": {
"event.category": "authentication"
}
},
{
"term": {
"event.outcome": "success"
}
}
]
}
}
}
}