elastic
diff --git a/‎packages/ml_problem_child/changelog.yml‎
Lines changed: 0 additions & 6 deletions b/‎packages/ml_problem_child/changelog.yml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎packages/ml_problem_child/docs/README.md‎
Lines changed: 0 additions & 6 deletions b/‎packages/ml_problem_child/docs/README.md‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎packages/ml_problem_child/img/sample-logo.svg‎
Lines changed: 0 additions & 1 deletion b/‎packages/ml_problem_child/img/sample-logo.svg‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎packages/problem_child/changelog.yml‎
Lines changed: 6 additions & 0 deletions b/‎packages/problem_child/changelog.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎packages/problem_child/docs/README.md‎
Lines changed: 6 additions & 0 deletions b/‎packages/problem_child/docs/README.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎packages/ml_problem_child/elasticsearch/ingest_pipeline/ml_problem_child_inference_pipeline.yml‎ renamed to ‎packages/problem_child/elasticsearch/ingest_pipeline/problem_child_inference_pipeline.yml‎ b/‎packages/ml_problem_child/elasticsearch/ingest_pipeline/ml_problem_child_inference_pipeline.yml‎ renamed to ‎packages/problem_child/elasticsearch/ingest_pipeline/problem_child_inference_pipeline.yml‎
diff --git a/‎packages/ml_problem_child/elasticsearch/ingest_pipeline/ml_problem_child_ingest_pipeline.yml‎ renamed to ‎packages/problem_child/elasticsearch/ingest_pipeline/problem_child_ingest_pipeline.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/ml_problem_child/elasticsearch/ingest_pipeline/ml_problem_child_ingest_pipeline.yml‎ renamed to ‎packages/problem_child/elasticsearch/ingest_pipeline/problem_child_ingest_pipeline.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/ml_problem_child/elasticsearch/ml_model/problemchild_20210526_1.0.json‎ renamed to ‎packages/problem_child/elasticsearch/ml_model/problemchild_20210526_1.0.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/ml_problem_child/elasticsearch/ml_model/problemchild_20210526_1.0.json‎ renamed to ‎packages/problem_child/elasticsearch/ml_model/problemchild_20210526_1.0.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/problem_child/img/icon-machine-learning.svg‎
Lines changed: 4 additions & 0 deletions b/‎packages/problem_child/img/icon-machine-learning.svg‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎packages/ml_problem_child/img/sample-screenshot.png‎ renamed to ‎packages/problem_child/img/sample-screenshot.png‎ b/‎packages/ml_problem_child/img/sample-screenshot.png‎ renamed to ‎packages/problem_child/img/sample-screenshot.png‎
@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+ changes:
+ - description: Initial release of the package
+ type: ml-problem-child
+ link: https://github.com/elastic/integrations/pull/2115
@@ -0,0 +1,6 @@
+# ML ProblemChild
+
+The ProblemChild package contains the [ProblemChild model and associated assets](https://www.elastic.co/blog/problemchild-generate-alerts-to-detect-living-off-the-land-attacks), which are used to detect living off the land (LotL) activity.
+
+To download the assets, click **Settings** > **Install ML ProblemChild assets**.
+
@@ -3,7 +3,7 @@ description: "A pipeline of pipelines for ProblemChild detection"
 processors:
  - pipeline:
  if: ctx.containsKey('event') && ctx['event'].containsKey('kind') && ctx['event'].containsKey('category') && ctx['event']['kind'] == 'event' && ctx['event']['category'].contains('process') && ctx.containsKey('host') && ctx['host'].containsKey('os') && (ctx['host']['os'].containsKey('type') || ctx['host']['os'].containsKey('family') || ctx['host']['os'].containsKey('platform')) && (ctx['host']['os']['type'] == 'windows' || ctx['host']['os']['type'] == 'Windows' || ctx['host']['os']['family'] == 'windows' || ctx['host']['os']['family'] == 'Windows' || ctx['host']['os']['platform'] == 'windows' || ctx['host']['os']['platform'] == 'Windows')
- name: '{{ IngestPipeline "ml_problem_child_inference_pipeline" }}'
+ name: '{{ IngestPipeline "problem_child_inference_pipeline" }}'
 on_failure:
  - set:
  field: error.message