Skip to content

Update the package documentation to include instructions for customizing transforms and ML jobs#17039

Merged
sodhikirti07 merged 8 commits intomainfrom
update-package-docs
Jan 28, 2026
Merged

Update the package documentation to include instructions for customizing transforms and ML jobs#17039
sodhikirti07 merged 8 commits intomainfrom
update-package-docs

Conversation

@sodhikirti07
Copy link
Copy Markdown
Contributor

@sodhikirti07 sodhikirti07 commented Jan 22, 2026

Proposed commit message

Update the package documentation to include instructions for customizing transforms and ML jobs

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • Bumped versions in manifest.yml, changelog.yml and transform.yml
  • Updated package docs and added screenshots to support instructions

How to test this PR locally

Tested documentation changes using elastic-package

Related issues

Screenshots

@sodhikirti07 sodhikirti07 added enhancement New feature or request Integration:lmd Lateral Movement Detection Integration:beaconing Network Beaconing Identification Integration:ded Data Exfiltration Detection Integration:dga Domain Generation Algorithm Detection Integration:problemchild Living off the Land Attack Detection Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml] Integration:pad Privileged Access Detection labels Jan 22, 2026
@andrewkroh andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jan 22, 2026
jmcarlock
jmcarlock reviewed Jan 23, 2026
View reviewed changes
Comment thread packages/ded/docs/README.md Outdated

## Customize ML jobs for Data Exfiltration Detection

To customize the datafeed query and other settings of the Data Exfiltration Detection ML jobs, follow the steps below.
Copy link
Copy Markdown
Contributor

@jmcarlock jmcarlock Jan 23, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest leaving a note here that this is mainly to use bucket span/custom fields/frequency/delay, like is done for the transform so users don't skip this section

jmcarlock
jmcarlock reviewed Jan 23, 2026
View reviewed changes
Comment thread packages/dga/docs/README.md Outdated

## Customize ML jobs for Domain Generation Algorithm Detection

To customize the datafeed query and other settings of the Domain Generation Algorithm Detection ML jobs, follow the steps below.
Copy link
Copy Markdown
Contributor

@jmcarlock jmcarlock Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment here for custom fields

jmcarlock
jmcarlock reviewed Jan 23, 2026
View reviewed changes
Comment thread packages/lmd/docs/README.md Outdated

## Customize ML jobs for Lateral Movement Detection

To customize the datafeed query and other settings of the Lateral Movement Detection ML jobs, follow the steps below.
Copy link
Copy Markdown
Contributor

@jmcarlock jmcarlock Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here for custom fields

jmcarlock
jmcarlock reviewed Jan 23, 2026
View reviewed changes
Comment thread packages/pad/docs/README.md Outdated

## Customize ML jobs for Privileged Access Detection

To customize the datafeed query and other settings of the Privileged Access Detection ML jobs, follow the steps below.
Copy link
Copy Markdown
Contributor

@jmcarlock jmcarlock Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here for custom fields

jmcarlock
jmcarlock reviewed Jan 23, 2026
View reviewed changes
Comment thread packages/problemchild/docs/README.md Outdated

## Customize ML jobs for Living off the Land Attack Detection

To customize the datafeed query and other settings of the Living off the Land Attack Detection ML jobs, follow the steps below.
Copy link
Copy Markdown
Contributor

@jmcarlock jmcarlock Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here for custom fields

jmcarlock
jmcarlock approved these changes Jan 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jmcarlock jmcarlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Only one small comment

@sodhikirti07 sodhikirti07 marked this pull request as ready for review January 26, 2026 15:18
@sodhikirti07 sodhikirti07 requested review from a team as code owners January 26, 2026 15:18
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jan 26, 2026

Pinging @elastic/sec-applied-ml (Team:Security-Applied ML)

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jan 26, 2026

💚 Build Succeeded

History

@sodhikirti07 sodhikirti07 merged commit 0466828 into main Jan 28, 2026
8 checks passed
@sodhikirti07 sodhikirti07 deleted the update-package-docs branch January 28, 2026 15:22
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jan 28, 2026

Package beaconing - 1.5.1 containing this change is available at https://epr.elastic.co/package/beaconing/1.5.1/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jan 28, 2026

Package ded - 2.4.1 containing this change is available at https://epr.elastic.co/package/ded/2.4.1/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jan 28, 2026

Package dga - 2.3.5 containing this change is available at https://epr.elastic.co/package/dga/2.3.5/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jan 28, 2026

Package lmd - 2.6.1 containing this change is available at https://epr.elastic.co/package/lmd/2.6.1/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jan 28, 2026

Package pad - 1.1.1 containing this change is available at https://epr.elastic.co/package/pad/1.1.1/

@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Jan 28, 2026

Package problemchild - 2.4.5 containing this change is available at https://epr.elastic.co/package/problemchild/2.4.5/

jakubgalecki0 pushed a commit to jakubgalecki0/integrations that referenced this pull request Feb 19, 2026
@sodhikirti07 @jakubgalecki0
Update the package documentation to include instructions for customiz…
6df149c 
…ing transforms and ML jobs (elastic#17039)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmcarlock jmcarlock jmcarlock approved these changes

@susan-shu-c susan-shu-c susan-shu-c approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:beaconing Network Beaconing Identification Integration:ded Data Exfiltration Detection Integration:dga Domain Generation Algorithm Detection Integration:lmd Lateral Movement Detection Integration:pad Privileged Access Detection Integration:problemchild Living off the Land Attack Detection Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sodhikirti07 @elasticmachine @jmcarlock @susan-shu-c @andrewkroh