Spike in host-based traffic

Last updated 6 months ago on 2025-02-18

Created 6 months ago on 2025-02-18

About

A machine learning job has detected a sudden spike in host based traffic. This can be due to a range of security issues, such as a compromised system, DDoS attacks, malware infections, privilege escalation, or data exfiltration.

Tags: Use Case: Threat DetectionRule Type: MLRule Type: Machine Learning
Severity: low
Risk Score: 21
False Positive Examples: System updates, scheduled backups, or misconfigured services may trigger this alert.
License: Elastic License v2(opens in a new tab or window)

Definition

Rule Type: Machine Learning
Integration Pack: Prebuilt Security Detection Rules
Related Integrations: endpoint(opens in a new tab or window)
Query

Install detection rules in Elastic Security

Detect Spike in host-based traffic in the Elastic Security detection engine by installing this rule into your Elastic Stack.

To setup this rule, check out the installation guide for Prebuilt Security Detection Rules(opens in a new tab or window).