Add details for the new Security: Host module to OOTB ML jobs doc (#2909)

sodhikirti07 · web-flow · commit 16da3198e620 · 2025-01-28T19:22:23.000-05:00
Add details for the new security host module to ootb ml jobs doc
diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-siem.asciidoc
@@ -116,6 +116,39 @@ for data that matches the query.
 |===
 // end::security-cloudtrail-jobs[]
 
+[discrete]
+[[security-host-jobs]]
+== Security: Host
+
+Anomaly detection jobs for host-based threat hunting and detection.
+
+In the {ml-app} app, these configurations are available only when data exists
+that matches the query specified in the
+https://github.com/elastic/kibana/blob/{branch}/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/manifest.json[manifest file].
+In the {security-app}, it looks in the {data-source} specified in the
+{kibana-ref}/advanced-options.html#securitysolution-defaultindex[`securitySolution:defaultIndex` advanced setting]
+for data that matches the query.
+
+To access the host traffic anomalies dashboard in Kibana, go to: `Security -> Dashboards -> Host Traffic Anomalies`.
+
+// tag::security-host-jobs[]
+
+|===
+|Name |Description |Job |Datafeed
+
+|high_count_events_for_a_host_name
+|Looks for a sudden spike in host based traffic. This can be due to a range of security issues, such as a compromised system, DDoS attacks, malware infections, privilege escalation, or data exfiltration.
+|https://github.com/elastic/kibana/blob/{branch}/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/high_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
+|https://github.com/elastic/kibana/blob/{branch}/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/datafeed_high_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
+
+|low_count_events_for_a_host_name
+|Looks for a sudden drop in host based traffic. This can be due to a range of security issues, such as a compromised system, a failed service, or a network misconfiguration.
+|https://github.com/elastic/kibana/blob/{branch}/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/low_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
+|https://github.com/elastic/kibana/blob/{branch}/x-pack/platform/plugins/shared/ml/server/models/data_recognizer/modules/security_host/ml/datafeed_low_count_events_for_a_host_name.json[image:images/link.svg[A link icon]]
+
+|===
+// end::security-host-jobs[]
+
 [discrete]
 [[security-linux-jobs]]
 == Security: Linux
@@ -548,4 +581,4 @@ The job configurations and datafeeds can be found
 https://github.com/elastic/integrations/blob/main/packages/lmd/kibana/ml_module/lmd-ml.json[here].
 
 // end::security-windows-jobs[]
-// end::siem-jobs[]
+// end::siem-jobs[]
