Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Security Incident and Event Management.

elastic

Building effective threat hunting and detection rules in Elastic Security

Aug 21, 2025 By Kseniia Ignatovych, In Elastic
Learn to create custom detection rules in Elastic Security following real detection use cases. This blog will guide you through creating custom detection rules in Elastic Security, equipping you with best practices for using Elasticsearch Query Language (ES|QL) and Elastic AI Assistant to refine threat detection logic and add crucial context for analysts. You’ll learn how to effectively preview, test, and enhance your rules, ultimately strengthening your security operations.
Read Post

Ep 6: Security haven or horror story: from SIEMs to lakes to lakehouses

Aug 19, 2025 By Sumo Logic, Inc. In Sumo Logic
Between SIEMs, data lakes, and data lakehouses, the buzzwords alone could fill a glossary. In this episode, Adam and David break down the real differences between data lakes and SIEM systems and why effectively managing all that data is crucial for staying visible and secure. They also dive into how AI is shaking up the game and why picking the right tools can mean the difference between being overwhelmed and being in control.
View Video
graylog

Advanced Persistent Threat: What They Are and Why They Matter

Aug 18, 2025 By Jeff Darrington In Graylog
Nearly everyone has had “that cold,” the one where most symptoms have resolved except that lingering cough. The cough can continue for weeks or months, all while you feel mostly well across the board. In cybersecurity, an advanced persistent threat (APT) is your IT environment’s lingering cough, albeit a much more damaging one. An APT stealthily gains initial access to your company’s systems and networks, then hides within them to complete objectives.
Read Post
sumologic

SIEM isn't dead. It's reborn and finally worth using.

Aug 14, 2025 By Christopher Beier In Sumo Logic
The question isn’t whether security information and event management (SIEM) is dead. The real question is whether the traditional model of SIEM still serves today’s defenders. Spoiler alert: it doesn’t. Born from compliance needs and static rules, first-generation SIEMs provided log collection and correlation but not context. They buried analysts in noise and left threat detection slow, brittle, and expensive. But that’s changing.
Read Post
elastic

Elastic joins AWS Zero Trust Accelerator for Government (ZTAG) program

Aug 14, 2025 By Marianna Jonsdottir, In Elastic
Strategic collaboration to advance security information and event management (SIEM) integration specifically tailored for the US federal government's Zero Trust architecture Elastic is proud to be officially recognized as an AWS Zero Trust for Government partner and for onboarding into the AWS Zero Trust Accelerator for Government (ZTAG) program in the US.
Read Post
CrowdStrike

Defending Against SCATTERED SPIDER with Falcon Next-Gen SIEM

Aug 14, 2025 By CrowdStrike Engineering In CrowdStrike
SCATTERED SPIDER is a prolific eCrime adversary that has conducted a range of financially motivated activities beginning in early 2022. Since surfacing, this adversary continues to compromise organizations around the world, deploying ransomware and exfiltrating sensitive files.
Read Post
graylog

Understanding Network Vulnerabilities and Mitigating Their Risks

Aug 13, 2025 By Jeff Darrington In Graylog
Driving along on a dark highway late at night, you feel a jolt and hear a metallic crushing sound as your car hits an unknown object in the road. You nervously continue on your journey, until you see a bright light flashing on your dashboard. Your oil pressure is low because your car has been leaking oil since you hit that unknown object on the highway. Much like an unknown object in the road that leads to a slow leak, a network vulnerability can lead to a devastating data leakage or breach.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.