Auditbeat is a popular Beat that gathers data from the Linux audit framework to monitor processes on Linux systems, providing insights into security-related information, file integrity, and process data. Recently, machine learning job configurations have been introduced for the Auditbeat auditd module, enabling automatic detection of suspicious activities in server kernels or Docker containers. These analyses help identify anomalous user access or errant processes. Users can configure machine learning jobs that analyze rare process activity and high process rates, which are crucial for spotting potentially malicious activities hidden among common processes. The module offers dashboards, visualizations, and saved searches for both on-host and Docker environments, allowing for detailed investigations into identified anomalies, such as rare processes or unusual spikes in process activities, which might indicate security threats like flooding-style attacks.