# Rare Conversation Identifying rare network conversations — interactions between network entities that deviate from usual communication patterns — is essential for maintaining robust network security and operational integrity. In the complex landscape of network interactions, rare conversations can be indicative of various anomalies, ranging from misconfigurations and system malfunctions to cybersecurity threats like data breaches, advanced persistent threats (APTs), or insider attacks. These atypical conversations may involve unusual pairs of source and destination addresses, uncommon protocols, or unexpected data flows. Prompt detection of such rare conversations is key in preempting potential issues, allowing network administrators to investigate and address the root causes before they escalate into more significant problems. ElastiFlow provides a collection of anomaly detection jobs designed to identify rare network conversations encompassing a range of analytics and monitoring strategies focused on discerning and evaluating atypical network interactions. ## Attributes | Attribute | Information | | ------------ | ----------- | | **Analysis** | temporal | ## Downloads | Schema | Perspective | Link | | --------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **CODEX** | **inbound** | [elastiflow\_codex\_netsec\_rare\_conversation\_in](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_activity/netsec_rare_conversation_in.json) | | **CODEX** | **outbound** | [elastiflow\_codex\_netsec\_rare\_conversation\_out](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_activity/netsec_rare_conversation_out.json) | | **CODEX** | **private** | [elastiflow\_codex\_netsec\_rare\_conversation\_priv](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_activity/netsec_rare_conversation_priv.json) | | **ECS** | **inbound** | [elastiflow\_ecs\_netsec\_rare\_conversation\_in](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_activity/netsec_rare_conversation_in.json) | | **ECS** | **outbound** | [elastiflow\_ecs\_netsec\_rare\_conversation\_out](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_activity/netsec_rare_conversation_out.json) | | **ECS** | **private** | [elastiflow\_ecs\_netsec\_rare\_conversation\_priv](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_activity/netsec_rare_conversation_priv.json) | By implementing this collection of anomaly detection jobs, organizations can effectively monitor their network for rare conversations, gaining the ability to swiftly identify and investigate unusual network activities. This proactive approach to network monitoring is crucial in today's digital environment, where the rapid identification and resolution of anomalies can prevent security breaches, ensure network stability, and maintain optimal operational performance. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elastiflow.com/data_platforms/elastic/ml/netsec/netsec_activity/rare_conversation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.