Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2020

Elastic Security opens public detection rules repo

At Elastic, we believe in the power of open source and understand the importance of community. By putting the community first, we ensure that we create the best possible product for our users. With Elastic Security, two of our core objectives are to stop threats at scale and arm every analyst. Today, we’re opening up a new GitHub repository, elastic/detection-rules, to work alongside the security community, stopping threats at a greater scale.

Preventing "copy-paste compromises" (ACSC 2020-008) with Elastic Security

The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures (TTPs) used against multiple Australian businesses in a recent campaign by a state-based actor. The campaign — dubbed ‘copy-paste compromises’ because of its heavy use of open source proof of concept exploits — was first reported on the 18th of June 2020, receiving national attention in Australia.

How to use Kibana effectively. Today: Detect possible frauds in your data

Kibana is quite powerful and versatile for visualizing data in Elasticsearch. The Elastic Stack can be used for a variety of use cases. One is the detection of frauds e.g. in Banking transaction like within Softbank Payment Service or bonus point accounts like within Miles and More. Other areas are insurance or tax return data.

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.

Threat Hunting with Elastic APM

Learn how APM lets you monitor the performance of applications deployed anywhere within your network. Now you can use APM data to hunt for threats and injection attacks, too. Elastic provides a common data platform so you can view HTTP data collected with your APM agents in the Elastic SIEM app. It’s seamless monitoring and protection to keep your systems up, running, and secure.