Update: These recipes are now perhaps irrelevant and outdated given that the Elastic SIEM now has built-in ML detection jobs as described here: https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html and https://github.com/elastic/detection-rules/tree/main/rules/ml

Each subfolder contains information that will allow you to configure, run, and test an example Security Analytics machine learning use case. Security Analytics use cases detect anomalies associated with elementary cyber attack behaviors. Each detected anomaly is assigned a normalized Anomaly Score, and is annotated with values of other fields in the data that have statistical influence on the anomaly, called influencers. Elementary attack behaviors that share common statistical influencers are often related to a common attack progression.