[ML] Remove job_type from job definitions in modules 7.17 (#179600)

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_jsbase/ml/abnormal_span_durations_jsbase.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_jsbase/ml/anomalous_error_rate_for_user_agents_jsbase.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_jsbase/ml/decreased_throughput_jsbase.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_jsbase/ml/high_count_by_user_agent_jsbase.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_nodejs/ml/abnormal_span_durations_nodejs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_nodejs/ml/abnormal_trace_durations_nodejs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_nodejs/ml/decreased_throughput_nodejs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/high_mean_transaction_duration.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "apm"
   ],

x-pack/plugins/ml/server/models/data_recognizer/modules/auditbeat_process_docker_ecs/ml/docker_high_count_process_events_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Auditbeat: Detect unusual increases in process execution rates in docker containers (ECS)",
   "groups": ["auditd"],
   "analysis_config": {

x-pack/plugins/ml/server/models/data_recognizer/modules/auditbeat_process_docker_ecs/ml/docker_rare_process_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Auditbeat: Detect rare process executions in docker containers (ECS)",
   "groups": ["auditd"],
   "analysis_config": {

x-pack/plugins/ml/server/models/data_recognizer/modules/auditbeat_process_hosts_ecs/ml/hosts_high_count_process_events_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Auditbeat Hosts: Detect unusual increases in process execution rates (ECS)",
   "groups": ["auditd"],
   "analysis_config": {

x-pack/plugins/ml/server/models/data_recognizer/modules/auditbeat_process_hosts_ecs/ml/hosts_rare_process_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Auditbeat Hosts: Detect rare process executions on hosts (ECS)",
   "groups": ["auditd"],
   "analysis_config": {

x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/ml/log_entry_rate.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Logs UI: Detects anomalies in the log entry ingestion rate",
   "groups": ["logs-ui"],
   "analysis_config": {

x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Logs UI: Detects anomalies in count of log entries by category",
   "groups": [
     "logs-ui"

x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metricbeat CPU: Detect unusual increases in cpu time spent in iowait (ECS)",
   "groups": [
     "metricbeat"

x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metricbeat filesystem: Detect unusual increases in disk utilization (ECS)",
   "groups": [
     "metricbeat"

x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metricbeat outages: Detect unusual decreases in metricbeat documents (ECS)",
   "groups": [
     "metricbeat"

x-pack/plugins/ml/server/models/data_recognizer/modules/metrics_ui_hosts/ml/hosts_memory_usage.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "hosts",
     "metrics"

x-pack/plugins/ml/server/models/data_recognizer/modules/metrics_ui_hosts/ml/hosts_network_in.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metrics: Hosts - Identify unusual spikes in inbound traffic across hosts.",
   "groups": [
     "hosts",

x-pack/plugins/ml/server/models/data_recognizer/modules/metrics_ui_hosts/ml/hosts_network_out.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metrics: Hosts - Identify unusual spikes in outbound traffic across hosts.",
   "groups": [
     "hosts",

x-pack/plugins/ml/server/models/data_recognizer/modules/metrics_ui_k8s/ml/k8s_memory_usage.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "k8s",
     "metrics"

x-pack/plugins/ml/server/models/data_recognizer/modules/metrics_ui_k8s/ml/k8s_network_in.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metrics: Kubernetes - Identify unusual spikes in inbound traffic across Kubernetes pods.",
   "groups": [
     "k8s",

x-pack/plugins/ml/server/models/data_recognizer/modules/metrics_ui_k8s/ml/k8s_network_out.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Metrics: Kubernetes - Identify unusual spikes in outbound traffic across Kubernetes pods.",
   "groups": [
     "k8s",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_high_count_logon_events.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Authentication - looks for an unusually large spike in successful authentication events. This can be due to password spraying, user enumeration or brute force activity.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_high_count_logon_events_for_a_source_ip.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Authentication - looks for an unusually large spike in successful authentication events from a particular source IP address. This can be due to password spraying, user enumeration or brute force activity.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_high_count_logon_fails.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Authentication - looks for an unusually large spike in authentication failure events. This can be due to password spraying, user enumeration or brute force activity and may be a precursor to account takeover or credentialed access.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_rare_hour_for_a_user.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Authentication - looks for a user logging in at a time of day that is unusual for the user. This can be due to credentialed access via a compromised account when the user and the threat actor are in different time zones. In addition, unauthorized user activity often takes place during non-business hours.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_rare_source_ip_for_a_user.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Authentication - looks for a user logging in from an IP address that is unusual for the user. This can be due to credentialed access via a compromised account when the user and the threat actor are in different locations. An unusual source IP address for a username could also be due to lateral movement when a compromised account is used to pivot between hosts.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_auth/ml/auth_rare_user.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Authentication - looks for an unusual user name in the authentication logs. An unusual user name is one way of detecting credentialed access by means of a new or dormant user account. A user account that is normally inactive, because the user has left the organization, which becomes active, may be due to credentialed access using a compromised account password. Threat actors will sometimes also create new users as a means of persisting in a compromised web application.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v2_linux_anomalous_network_port_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Linux -  Looks for unusual destination port activity that could indicate command-and-control, persistence mechanism, or data exfiltration activity.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v2_linux_anomalous_process_all_hosts_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Linux - Looks for processes that are unusual to all Linux hosts. Such unusual processes may indicate unauthorized services, malware, or persistence mechanisms.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v2_linux_anomalous_user_name_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "security",
     "auditbeat",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v2_linux_rare_metadata_process.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Linux - Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v2_linux_rare_metadata_user.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Linux - Looks for anomalous access to the metadata service by an unusual user. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_linux/ml/v2_rare_process_by_host_linux_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Linux - Looks for processes that are unusual to a particular Linux host. Such unusual processes may indicate unauthorized services, malware, or persistence mechanisms.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/high_count_by_destination_country.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Network - looks for an unusually large spike in network activity to one destination country in the network logs. This could be due to unusually large amounts of reconnaissance or enumeration traffic. Data exfiltration activity may also produce such a surge in traffic to a destination country which does not normally appear in network traffic or business work-flows. Malware instances and persistence mechanisms may communicate with command-and-control (C2) infrastructure in their country of origin, which may be an unusual destination country for the source network.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/high_count_network_denies.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Network - looks for an unusually large spike in network traffic that was denied by network ACLs or firewall rules. Such a burst of denied traffic is usually either 1) a misconfigured application or firewall or 2) suspicious or malicious activity. Unsuccessful attempts at network transit, in order to connect to command-and-control (C2), or engage in data exfiltration, may produce a burst of failed connections. This could also be due to unusually large amounts of reconnaissance or enumeration traffic.  Denial-of-service attacks or traffic floods may also produce such a surge in traffic.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/high_count_network_events.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Network - looks for an unusually large spike in network traffic. Such a burst of traffic, if not caused by a surge in business activity, can be due to suspicious or malicious activity. Large-scale data exfiltration may produce a burst of network traffic; this could also be due to unusually large amounts of reconnaissance or enumeration traffic.  Denial-of-service attacks or traffic floods may also produce such a surge in traffic.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_network/ml/rare_destination_country.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Network - looks for an unusual destination country name in the network logs. This can be due to initial access, persistence, command-and-control, or exfiltration activity. For example, when a user clicks on a link in a phishing email or opens a malicious document, a request may be sent to download and run a payload from a server in a country which does not normally appear in network traffic or business work-flows. Malware instances and persistence mechanisms may communicate with command-and-control (C2) infrastructure in their country of origin, which may be an unusual destination country for the source network.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_rare_process_by_host_windows_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Windows - Detects unusually rare processes on Windows hosts.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_anomalous_network_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Windows - Looks for unusual processes using the network which could indicate command-and-control, lateral movement, persistence, or data exfiltration activity.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_anomalous_path_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "security",
     "sysmon",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_anomalous_process_all_hosts_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Windows - Looks for processes that are unusual to all Windows hosts. Such unusual processes may indicate execution of unauthorized services, malware, or persistence mechanisms.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_anomalous_process_creation.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "security",
     "endpoint",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_anomalous_user_name_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Windows - Rare and unusual users that are not normally active may indicate unauthorized changes or activity by an unauthorized user which may be credentialed access or lateral movement.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_rare_metadata_process.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Windows - Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/security_windows/ml/v2_windows_rare_metadata_user.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "This is a new refactored job which works on ECS compatible events across multiple indices. Security: Windows - Looks for anomalous access to the metadata service by an unusual user. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_anomalous_network_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Auditbeat - Looks for unusual processes using the network which could indicate command-and-control, lateral movement, persistence, or data exfiltration activity.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_anomalous_network_port_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Auditbeat - Looks for unusual destination port activity that could indicate command-and-control, persistence mechanism, or data exfiltration activity.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_anomalous_network_service.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "security",
     "auditbeat",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_anomalous_network_url_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "security",
     "auditbeat",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_anomalous_process_all_hosts_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Auditbeat - Looks for processes that are unusual to all Linux hosts. Such unusual processes may indicate unauthorized services, malware, or persistence mechanisms.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_anomalous_user_name_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "groups": [
     "security",
     "auditbeat",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_network_configuration_discovery.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for commands related to system network configuration discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used by a threat actor to engage in system network configuration discovery in order to increase their understanding of connected networks and hosts. This information may be used to shape follow-up behaviors such as lateral movement or additional discovery.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_network_connection_discovery.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for commands related to system network connection discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used by a threat actor to engage in system network connection discovery in order to increase their understanding of connected services and systems. This information may be used to shape follow-up behaviors such as lateral movement or additional discovery.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_rare_kernel_module_arguments.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for unusual kernel modules which are often used for stealth.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_rare_metadata_process.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for anomalous access to the metadata service by an unusual process. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_rare_metadata_user.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for anomalous access to the metadata service by an unusual user. The metadata service may be targeted in order to harvest credentials or user data scripts containing secrets.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_rare_sudo_user.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for sudo activity from an unusual user context.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_rare_user_compiler.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for compiler activity by a user context which does not normally run compilers. This can be ad-hoc software changes or unauthorized software deployment. This can also be due to local privilege elevation via locally run exploits or malware activity.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_system_information_discovery.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for commands related to system information discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used to engage in system information discovery in order to gather detailed information about system configuration and software versions. This may be a precursor to selection of a persistence mechanism or a method of privilege elevation.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_system_process_discovery.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for commands related to system process discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used to engage in system process discovery in order to increase their understanding of software applications running on a target host or network. This may be a precursor to selection of a persistence mechanism or a method of privilege elevation.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/linux_system_user_discovery.json

@@ -1,5 +1,4 @@
 {
-    "job_type": "anomaly_detector",
     "description": "Security: Auditbeat - Looks for commands related to system user or owner discovery from an unusual user context. This can be due to uncommon troubleshooting activity or due to a compromised account. A compromised account may be used to engage in system owner or user discovery in order to identify currently active or primary users of a system. This may be a precursor to additional discovery, credential dumping or privilege elevation activity.",
     "groups": [
       "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/ml/rare_process_by_host_linux_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Auditbeat - Detect unusually rare processes on Linux",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat_auth/ml/suspicious_login_activity_ecs.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Auditbeat - Detect unusually high number of authentication attempts.",
   "groups": [
     "security",

x-pack/plugins/ml/server/models/data_recognizer/modules/siem_cloudtrail/ml/high_distinct_count_error_message.json

@@ -1,5 +1,4 @@
 {
-  "job_type": "anomaly_detector",
   "description": "Security: Cloudtrail - Looks for a spike in the rate of an error message which may simply indicate an impending service failure but these can also be byproducts of attempted or successful persistence, privilege escalation, defense evasion, discovery, lateral movement, or collection activity by a threat actor.",
   "groups": [
     "security",