elasticmachine
commented
3 years ago Pinging @elastic/ml-ui (:ml)
Open A-Hall opened 3 years ago
elasticmachine
commented
3 years ago Pinging @elastic/ml-ui (:ml)
lcawl
commented
3 years ago Additional context: Customer was trying to figure out how to enable the pre-built ML rules in the 7.14 security app. They duplicated a rule and changed the ML job to v2_linux_anomalous_network_port_activity_ecs per the documentation in https://www.elastic.co/guide/en/security/current/alerts-ui-monitor.html. When they selected the v2_linux_anomalous_network_port_activity_ecs job they saw this warning:
The selected ML job, v2_linux_anomalous_network_port_activity_ecs, is not currently running. Please set v2_linux_anomalous_network_port_activity_ecs to run via 'ML job settings' before activating this rule.
However, it was unclear where to find "ML job settings".
The guide for managing Kibana alerts talks about machine learning jobs, but never talks about how to manage them. They're not accessed through the traditional Machine learning app in Kibana and have to be managed via a very small and easily overlooked drop down in the upper right corner of the Rules page:
This caused confusion with one of my customers and took me longer than I'd like to admit to find it myself.