Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Machine Learning with the Elastic Stack Expert techniques to integrate machine learning with distributed search and analytics

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781788477543

Length 304 pages

Edition 1st Edition

Tools

Elasticsearch

Concepts

Machine Learning

Authors (2):

Bahaaldine Azarmi

Rich Collier

View More author details

Table of Contents (12) Chapters

Preface

Machine Learning for IT FREE CHAPTER

Installing the Elastic Stack with Machine Learning

Event Change Detection

IT Operational Analytics and Root Cause Analysis

Security Analytics with Elastic Machine Learning

Alerting on ML Analysis

Using Elastic ML Data in Kibana Dashboards

Using Elastic ML with Kibana Canvas

Forecasting

ML Tips and Tricks

Other Books You May Enjoy

Leave a review - let other readers know what you think

Investigation analytics

Preparing the data as we described previously was fundamental to being able to properly analyze the data with Elastic ML and reveal the steps of an attack. In this section, we will go through an investigation scenario of a DNS exfiltration attack and leveraging the anomalies that are detected by using Elastic ML to guide the analyst in the process.

Assessment of compromise

It all starts with an email, as a consequence of abnormal behavior in the IT system. This time, it appears that an Elastic ML node has spotted a potential DNS exfiltration attack. The following screenshot shows that there were unusual activities against a given domain, originating from a server called server_101:

The alert shows...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Rich Collier

Rich Collier is a solutions architect at Elastic. Joining the Elastic team from the Prelert acquisition, Rich has over 20 years' experience as a solutions architect and pre-sales systems engineer for software, hardware, and service-based solutions. Rich's technical specialties include big data analytics, machine learning, anomaly detection, threat detection, security operations, application performance management, web applications, and contact center technologies. Rich is based in Boston, Massachusetts.

See other products by Rich Collier

Bahaaldine Azarmi

Bahaaldine Azarmi, or Baha for short, is the head of solutions architecture in the EMEA South region at Elastic. Prior to this position, Baha co-founded ReachFive, a marketing data platform focused on user behavior and social analytics. He has also worked for a number of different software vendors, including Talend and Oracle, where he held positions as a solutions architect and architect. Prior to Machine Learning with the Elastic Stack, Baha authored books including Learning Kibana 5.0, Scalable Big Data Architecture, and Talend for Big Data. He is based in Paris and holds an MSc in computer science from Polytech'Paris.

See other products by Bahaaldine Azarmi