I'm trying to set up the anomaly detection for opendistro elasticsearch. On their official website, they have the documentation that explains how to set it up. https://opendistro.github.io/for-elasticsearch-docs/docs/ad/#get-started-with-anomaly-detection
However, is there any website for configurations that are created and used by others, such as detecting any specific suspicious activities? What to put on data filter, feature and category field in order to detect specific anomaly activities?
Wazuh (as per the Wazuh tag you used in your original post), provides an anomaly and malware detection capability to detect suspicious activity in your systems. The Wazuh agent periodically scans the monitored system to detect hidden processes, files, and ports, as well as known rootkits. When an anomaly is detected an alert is generated and these alerts can be visualized and analyzed with the Wazuh Kibana plugin. You can see an example screen here: https://documentation.wazuh.com/current/proof-of-concept-guide/poc-detect-trojan.html#query-the-alerts
Please check the Wazuh documentation to learn more about Wazuh's intrusion detection capability. And you can always join the Wazuh community.
