Skip to content

[LMD] Remove time_of_day detector from ML module #13687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 28, 2025
Merged

[LMD] Remove time_of_day detector from ML module #13687

merged 2 commits into from
Apr 28, 2025

Conversation

@sodhikirti07
Copy link
Contributor

@sodhikirti07 sodhikirti07 commented Apr 25, 2025

Proposed commit message

Remove time_of_day detector from ML module

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

Removed time_of_day detector from the ML module of LMD. The ML job lmd_unusual_time_weekday_rdp_session_start originally used two detectors: time_of_day and time_of_week. However, since these detectors rely on different time formats, they cannot be combined in a single ML job. As a result, the time_of_day detector has been removed.

How to test this PR locally

Tested locally using elastic-package

Related issues

Screenshots
@sodhikirti07 sodhikirti07 added enhancement New feature or request Integration:lmd Lateral Movement Detection labels Apr 25, 2025
@sodhikirti07 sodhikirti07 requested review from a team as code owners April 25, 2025 15:34
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Apr 25, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@elasticmachine
Copy link

elasticmachine commented Apr 25, 2025

💚 Build Succeeded
@andrewkroh andrewkroh added the Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml] label Apr 25, 2025
@elasticmachine
Copy link

elasticmachine commented Apr 25, 2025

Pinging @elastic/sec-applied-ml (Team:Security-Applied ML)
@sodhikirti07 sodhikirti07 merged commit a380c6e into main Apr 28, 2025
7 checks passed
@sodhikirti07 sodhikirti07 deleted the remove-lmd-time-of-day-detector branch April 28, 2025 16:19
peteharverson
peteharverson reviewed Apr 28, 2025
View reviewed changes
packages/lmd/kibana/ml_module/lmd-ml.json
"function": "time_of_week",
"partition_field_name": "source.ip",
"detector_index": 1
"detector_index": 0
Copy link
Contributor

@peteharverson peteharverson Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you consider changing the description of the job itself, to something like Detects an RDP session started at an usual time of the week. now that it only uses the time_of_week detector?
Copy link
Member

@susan-shu-c susan-shu-c Apr 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, @sodhikirti07 let's roll this into the next update?
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Apr 28, 2025

Package lmd - 2.5.0 containing this change is available at https://epr.elastic.co/package/lmd/2.5.0/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request Integration:lmd Lateral Movement Detection Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml]

7 participants

@sodhikirti07 @elasticmachine @peteharverson @jmcarlock @susan-shu-c @andrewkroh