Overview & Installation
danger
This page is currently under construction. the information below is out of date and will be updated soon. To download the Anomaly Detection jobs please refer to the GitHub repository HERE.
For users of Elastic's Machine Learning capabilities ElastiFlow provides Anomaly Detections to automatically identify a variety of performance, availability and security conditions. These can be easily imported into your Elastic Stack deployment via scripts (pre-Elasticsearch 7.15) or an import file (7.15 and later).
Anomaly Detections
The following Machine Learning Anomaly Detectors are provided:
-
Security
- Access
- Activity
- Amplification Attacks
- Generic DDoS Attack (UDP Amplification)
- CHARGEN Amplification Attack
- DNS Amplification Attack
- Kad Amplification Attack
- LDAP Amplification Attack
- mDNS Amplification Attack
- Memcached Amplification Attack
- MSSQL Amplification Attack
- NETBIOS Amplification Attack
- NTP Amplification Attack
- QOTD Amplification Attack
- Quake Amplification Attack
- RADIUS Amplification Attack
- RIP Amplification Attack
- RPC Amplification Attack
- Sentinel SPSS Amplification Attack
- SNMP Amplification Attack
- SSDP Amplification Attack
- Steam Amplification Attack
- TFTP Amplification Attack
- WSD Amplification Attack
- Data Exfiltration
- DNS Exfiltration - coming soon
- Flood Attacks
- Reconnaissance
-
Availability
- Failed TCP Sessions (private)
- Failed TCP Sessions (public)
- Low Server-Side Flows - coming soon
- Low DNS Availability - coming soon
- Low DHCP Availability - coming soon
- Low NTP Availability - coming soon
-
Performance