Configurations for Anomaly Detection Kibana plugin
Question
I'm trying to set up the anomaly detection for opendistro elasticsearch. On their official website, they have the documentation that explains how to set it up. https://opendistro.github.io/for-elasticsearch-docs/docs/ad/#get-started-with-anomaly-detection
However, is there any website for configurations that are created and used by others, such as detecting any specific suspicious activities? What to put on data filter, feature and category field in order to detect specific anomaly activities?
1 answers
solution1
0 2021-12-10 19:40:53
Wazuh (as per the Wazuh tag you used in your original post), provides an anomaly and malware detection capability to detect suspicious activity in your systems. The Wazuh agent periodically scans the monitored system to detect hidden processes, files, and ports, as well as known rootkits. When an anomaly is detected an alert is generated and these alerts can be visualized and analyzed with the Wazuh Kibana plugin. You can see an example screen here: https://documentation.wazuh.com/current/proof-of-concept-guide/poc-detect-trojan.html#query-the-alerts
Please check the Wazuh documentation to learn more about Wazuh's intrusion detection capability . And you can always join the Wazuh community .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.