Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Elastic

Elastic Security 101

Mar 11, 2021 By Elastic In Elastic
Elastic Security empowers analysts to collect data from multiple data source integrations, perform traditional SIEM functions, and take advantage of machine learning-based malware protection on the endpoint. Analysts can filter, group, and visualize data in real-time while performing automated threat detection across various security events and information. In this video, you’ll learn about the components that make up Elastic Security and what those components do to help you protect your data.
View Video

How to configure your Endpoint Integration policy in Elastic Security

Mar 11, 2021 By Elastic In Elastic
Elastic Security offers the ability to open and track security issues using cases. Cases created directly in Elastic Security can be sent to external systems like Atlassian’s Jira, including Jira Service Desk, Jira Core, and Jira Software. In this video, you’ll learn how to connect Elastic Security to the Jira Service Desk.
View Video
elastic

Validating Elastic Common Schema (ECS) fields using Elastic Security detection rules

Mar 11, 2021 By Eric Beahan In Elastic

The Elastic Common Schema (ECS) provides an open, consistent model for structuring your data in the Elastic Stack. By normalizing data to a single common model, you can uniformly examine your data using interactive search, visualizations, and automated analysis. Elastic provides hundreds of integrations that are ECS-compliant out of the box, but ECS also allows you to normalize custom data sources. Normalizing a custom source can be an iterative and sometimes time-intensive process.

Read Post
elastic

Detecting threats in AWS Cloudtrail logs using machine learning

Mar 9, 2021 By Craig Chamberlain In Elastic

Cloud API logs are a significant blind spot for many organizations and often factor into large-scale, publicly announced data breaches. They pose several challenges to security teams: For all of these reasons, cloud API logs are resistant to conventional threat detection and hunting techniques.

Read Post
elastic

Top 5 SIEM trends of 2021 and how Elastic Security solves them

Feb 18, 2021 By Haran Kumar In Elastic

Security information and event management (SIEM) systems are centralized logging platforms that enable security teams to analyze event data in real time for early detection of targeted cyber attacks and data breaches. A SIEM is used as a tool to collect, store, investigate, and report on log data for threat detection, incident response, forensics, and regulatory compliance.

Read Post
elastic

How to build a malware analysis sandbox with Elastic Security

Feb 3, 2021 By Aaron Jewitt In Elastic

As a security analyst on Elastic’s InfoSec team, a common scenario we see is users coming to our team and asking: “Is this file safe to open?” Or one user reports a phishing email with an attachment that they didn’t open, but we see from the logs that 10 other users also received that email but didn’t report it and no alerts went off on their systems.

Read Post
elastic

How to export and import Timelines and templates from Elastic Security

Jan 26, 2021 By Angela Yi-Chun Chuang In Elastic

When performing critical security investigations and threat hunts using Elastic Security, the Timeline feature is always by your side as a workspace for investigations and threat hunting. Drilling down into an event is as simple as dragging and dropping to create the query you need to investigate an alert or event.

Read Post

How to Contribute to Detection Rules in Elastic Security - Version 7.10

Jan 4, 2021 By Elastic In Elastic
Elastic Security has open sourced all our detection rules to work alongside the security community to stop threats at scale and arm every analyst. As part of our belief in the power of open source, Elastic includes prebuilt rules within the Security App to detect threats automatically. In this video, you’ll learn how you can contribute by creating a new rule, adding your new rule to the detection rules repo, and getting credit for it in the Elastic contributor program.
View Video

How to Enable Detection Rules via Elastic Security - Version 7.10

Dec 16, 2020 By Elastic In Elastic
The detection engine brings automated threat detection to the Elastic Stack through the Security app in Kibana. As part of our belief in the power of open-source, Elastic Security has open sourced all our detection rules to work alongside the security community to stop threats at scale and arm every analyst. In this video, you’ll learn more about the detection engine and how to automate the protection of your data.
View Video
Subscribe to Elastic

Copyright © 2024 OpsMatters™. All rights reserved.