You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Filter lists are used in machine learning detector rules to supply the detector with domain knowledge that can improve the quality of the results. For example, a detector that performs a population analysis looking at bytes sent over IP addresses could benefit from a rule defining a list of IP addresses that the user knows to be 'safe'. Anomalous results for those IP addresses would then not be created.
Work has been done to redesign rules in elastic/elasticsearch#31110. This is a meta issue listing the features that need to be implemented in the UI to configure filter lists for use in the optional scope part of a rule, specifying a list of items as a filter on any of the 'partition', 'by' or 'over' field of the detector.
Display all the configured filter lists under the Settings page
Allow the filter list to be viewed showing
Filter ID
Description
List of items in the filter
Count of detectors using the filter
Allow the user to create a new filter list
Allow the user to edit an existing filter list
Add, edit or delete items
Edit description
Allow the user to delete a filter list if it is not being used by an detectors
Allow the user to search for items in the filter
Check permissions before allowing user to create, edit or delete a filter
Prototype design for the page for viewing and editing a filter list:
The text was updated successfully, but these errors were encountered:
Filter lists are used in machine learning detector rules to supply the detector with domain knowledge that can improve the quality of the results. For example, a detector that performs a population analysis looking at bytes sent over IP addresses could benefit from a rule defining a list of IP addresses that the user knows to be 'safe'. Anomalous results for those IP addresses would then not be created.
Work has been done to redesign rules in elastic/elasticsearch#31110. This is a meta issue listing the features that need to be implemented in the UI to configure filter lists for use in the optional
scope
part of a rule, specifying a list of items as a filter on any of the 'partition', 'by' or 'over' field of the detector.Prototype design for the page for viewing and editing a filter list:
The text was updated successfully, but these errors were encountered: