![]() ![]() Event correlation: Searches the defined indices and creates an alert when results match an. ![]() When multiple values meet the threshold, an alert isįor example, if the threshold field is source.ip and its value is 10, anĪlert is generated for every source IP address that appears in at least 10 of When the number of times the specified field’s value is present and meets the threshold duringĪ single execution. Threshold: Searches the defined indices and creates a detections alert Issue an error stating the machine learning job was not running when the rule executed. Run and create alerts if existing anomaly results with scores above the defined threshold
0 Comments
Leave a Reply. |