Overview

For customer navigation, we'd like to add a new subcategory to integrations, since having all these packages under Security (which has 175 packages) makes it hard to discover.

Category name: Security > Advanced Analytics (UEBA)

Related packages

• ProblemChild (Living off the Land Detection)
• DGA
• DED (Data Exfiltration Detection)
• LMD (Lateral Movement Detection)

We can make the PRs for these in the integrations repo after this issue/ticket is resolved.

Business & User Value:

• Users need a convenient view of all ML-based advanced detection packs within their space. We are building additional integration packages under this category. The category will significantly reduce user efforts, reduce user error, and aid in feature discovery.
• Elastic security (Entity Analytics Onboarding) workflow will leverage this filtered view in the user journey for discovering these packages. Without a reconciled view, the onboarding workflow will remain incomplete.

Implementation tasks

• Add to package-spec (ref PR)

• Add Advanced Analytics (UEBA) package subcategory under Security category #515

• Add to package-registry (ref PR)

• Add Advanced Analytics (UEBA) package subcategory under Security category package-registry#997

• Add to kibana (ref PR)

• Add Advanced Analytics (UEBA) package subcategory under Security category kibana#155935

• Release new version of package spec (contact @mrodm)
• Release new version of elastic-package (contact @mrodm)
• Release new version of package registry (contact @mrodm)

Mockup:

Related tickets

• Recategorize integrations integrations#5123