Skip to content

ML-Beaconing-20211216-1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@ajosh0504 ajosh0504 released this 04 Mar 18:59
· 2278 commits to main since this release
ML-Beaconing-20211216-1
6653acb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

For details, reference: https://github.com/elastic/detection-rules/tree/main/docs/experimental-machine-learning

Tested and compatible with Elastic Stack version 7.16.

Changelog

This is the first release for our experimental Network Beaconing framework. It consists of the following:

  • Scripts, ingest pipelines and transforms to monitor network event data and flag beaconing-like activity
  • dashboards.ndjson contains all the assets required for three dashboards- "Network Beaconing", which is the main dashboard to monitor beaconing activity, "Beaconing Drilldown" to drilldown into relevant event logs and some statistics related to the beaconing activity, and finally, "Hosts Affected Over Time By Process Name" to monitor the reach of beaconing processes across hosts in your environment, in the past two weeks.
Assets 4
Loading