[Security Solution][Detections] Format Custom Machine Learning Job Field to Time Format in Alert View #90564
Labels
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Detection Rules
Security Solution rules and Detection Engine
Feature:ML Rule
Security Solution Machine Learning rule type
sec-specialists
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Comments
secops4thewin
added
sec-specialists
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
secops4thewin
added
Feature:Detection Rules
secops4thewin
changed the title
|
This may be the code that performs the function |
spong
added
the
bug
peluja1012
added
Feature:ML Rule
marshallmain
added
enhancement
yctercero
added
Team:Detection Engine
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
Currently in the detections engine, if a custom machine learning job with a detector of
time_of_dayortime_of_weekis triggered, the value of the field is presented as a double.However, Inside of the Machine Learning > Anomaly Detection > Anomaly Explorer function, the correct format is presented. The logic from the Anomaly Explorer should be ported across to Signals
Machine Learning Raw Document
Machine Learning Anomaly Explorer
SIEM UI
Describe a specific use case for the feature:
Unusual time of day and unusual time of the week is common Machine Learning jobs to create when detecting anomalous user behaviour. Humans are not good at converting
doublesto time formats on the fly. This formatting function will help analysts in the future once we adopt more of these time-based machine learning jobs. My expectation is the output would look similar to image in the Anomaly ExplorerThis is dependant on #90344
The text was updated successfully, but these errors were encountered: