In the ever-evolving landscape of cybersecurity, having a robust and efficient security information and event management (SIEM) system is crucial. One powerful solution that has gained significant traction is the Elastic® integration with Amazon Security Lake. This integration not only facilitates the collection of security-related log and event data, but also empowers organizations to analyze and understand their security posture comprehensively.

The Elastic InfoSec Threat Detection team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic® systems. Internally, we call ourselves Customer Zero and we strive to always use the newest versions of our products. This blog details how we are building packages of detection rules that work together to create a high fidelity alert for strange user behavior.

Elastic Security 8.11 introduces pipe queries with Elasticsearch Query Language (ES|QL), an Elastic AI Assistant connector for AWS Bedrock, and data integrations for Okta, Microsoft Entra ID, Wiz, and Palo Alto Prisma Cloud. Together, these enhancements deliver vital guidance and context to threat hunters and investigators. Elastic Security 8.11 is available now on Elastic Cloud — the only hosted Elasticsearch® offering to include all of the new features in this latest release.