You're reading from Machine Learning with the Elastic Stack Gain valuable insights from your data with Elastic Stack's machine learning features

Product type Paperback

Published in May 2021

Publisher Packt

ISBN-13 9781801070034

Length 450 pages

Edition 2nd Edition

Languages

Python

Tools

Elasticsearch

Concepts

Machine Learning

Authors (3):

Camilla Montonen

Rich Collier

Bahaaldine Azarmi

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1 – Getting Started with Machine Learning with Elastic Stack

2. Chapter 1: Machine Learning for IT FREE CHAPTER

3. Chapter 2: Enabling and Operationalization

4. Section 2 – Time Series Analysis – Anomaly Detection and Forecasting

5. Chapter 3: Anomaly Detection

6. Chapter 4: Forecasting

7. Chapter 5: Interpreting Results

8. Chapter 6: Alerting on ML Analysis

9. Chapter 7: AIOps and Root Cause Analysis

10. Chapter 8: Anomaly Detection in Other Elastic Stack Apps

11. Section 3 – Data Frame Analysis

12. Chapter 9: Introducing Data Frame Analytics

13. Chapter 10: Outlier Detection

14. Chapter 11: Classification Analysis

15. Chapter 12: Regression

16. Chapter 13: Inference

17. Other Books You May Enjoy

Appendix: Anomaly Detection Tips

Avoiding the over-engineering of a use case

I once worked with a user where we discussed different use cases for anomaly detection. In particular, this customer was building a hosted security operations center as part of their managed security service provider (MSSP) business, so they were keen to think about use cases in which ML could help.

A high-level theme to their use cases was to look at a user's behavior and find unexpected behavior. One example that was discussed was login activity from unusual/rare locations such as Bob just logged in from Ukraine, but he doesn't normally log in from there.

In the process of thinking the implementation through, there was talk of them having multiple clients, each of which had multiple users. Therefore, they were thinking of ways to split/partition the data so that they could execute rare by country for each and every user of every client.

I asked them to take a step back and said, "Is it worthy of an anomaly if anyone...