Anomaly detection alerts

Hello,

I’m using Elasticsearch 7.14 (currently on the Elastic cloud)

I’m new to Search guard, just found it on the web…

I wanted to ask please weather it’s possible to use the Anomalies engine without the security features, or is there a dependency.

also- does it work with ML?

thanks!

Hello @lior-fort

Search Guard plug-in requires xpack.security to be disabled in elasticsearch.yml config file. As far as I’m aware Elasticsearch is deployed as a service in the Elastic cloud. This means you won’t have access to OS-level config files.

Is your aim to use Elastic Cloud or have ELK stack on-premise?

Hi @pablo

I’m interested in on prem solution

Thanks

@lior-fort
Can you elaborate on what Anomalies engine (and ML) you are referring to?

If you are referring to elastic’s offering of Anomalies detection (as part of the ML engine) this would require a subscription with elastic, as this is not covered under free tier.

Regarding Search guard’s ability to work with ML, yes, there is no issue whatsoever, see further info here

I hope I’m not confusing the search guard alerts with something it’s not, but I’m looking for alternative to Elastic ml for anomalies detection

Thanks!

@lior-fort Search guard Alerting provides anomalies detection, however this is different to elastic’s ML anomalies detection, there is a good tutorial here

Regarding using Alerting without security features, which features are you referring to? The TLS on transport level is mandatory. The rest can be disabled and anonymous access used to connect if you so wish

Hope this helps