maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[SIEM] Adds Machine Learning section to 'Using the SIEM UI' docs (#42399) (#42521)

Browse source 
## Summary

Adding `Anomaly Detection with Machine Learning` section to docs for new Machine Learning features.

Example generated docs:

![image](https://user-images.githubusercontent.com/2946766/62312719-2a32d780-b44c-11e9-9967-4639eedf05d5.png)




### Checklist

Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.

- [] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~
- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
- [x] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials
- [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~
- [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~

### For maintainers

- [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
- [ ] ~This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
This commit is contained in:
Garrett Spong 2019-08-02 08:50:16 -06:00 committed by GitHub
parent 65258a4ed8
commit ecf3fba931
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
docs/siem/images/ml-ui.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 537 KiB

1
docs/siem/index.asciidoc
View file

@ -50,3 +50,4 @@ SIEM can ingest and normalize events from ECS-compatible data sources.
include::siem-ui.asciidoc[]
include::machine-learning.asciidoc[]

16
docs/siem/machine-learning.asciidoc Normal file
View file

@ -0,0 +1,16 @@
[role="xpack"]
[[machine-learning]]
== Anomaly Detection with Machine Learning
For *https://www.elastic.co/cloud/elasticsearch-service/signup[Free Trial]*
and *https://www.elastic.co/subscriptions[Platinum License]* deployments,
Machine Learning functionality is available throughout the SIEM app. You can
view the details of detected anomalies within the `Anomalies` table widget
shown on the Hosts, Network and associated Details pages, or even narrow to
the specific daterange of an anomaly from the `Max Anomaly Score` details in
the overview of the Host and IP Details pages. Each of these interfaces also
offer the ability to drag and drop details of the anomaly to Timeline, such
as the `Entity` itself, or any of the associated `Influencers`.
[role="screenshot"]
image::siem/images/ml-ui.png[Machine Learning - Max Anomaly Score]