LoFP / legitimate causes such as system maintenance, server shutdowns, or temporary network outages may trigger this alert.

Techniques

Sample rules

Decline in host-based traffic

• source: elastic
• technicques:

Description

A machine learning job has detected a sudden drop in host based traffic. This can be due to a range of security issues, such as a compromised system, a failed service, or a network misconfiguration.

Detection logic