Threat Hunting with the Elastic Stack

Thank you! Enjoy.

Resources

Learn how to put Elastic to work for better threat hunting.

Tackling Cyber with RockNSM

Cyber is a human versus human problem. RockNSM covers your data gaps and delivers information to your humans so they can find the adversary.

Cyber Hunting at Perched with the Elastic Stack

Perched is using Elastic's X-Pack to analyze intrusions as they progress through a campaign and exploring methods to push them back through the kill-chain.

Blog: OmniSOC - High Speed Threat Detection at the Big Ten

OmniSOC relies on the Elastic Stack as its security analytics platform, utilizing Elasticsearch, Kibana, Beats, Logstash and critical features like security, alerting, and machine learning.

Elasticsearch Cybersecurity Webinar Series: Addressing Security Gaps

Search is a powerful solution that helps you identify your weaknesses and proactively minimize risk to your organization. Cybersecurity expert, Kevin Keeney, dives into how to address security gaps.

A Security Analytics Platform for Today

This talk explores how to do it with a homegrown solution that’s fast and scalable so you can increase team impact by having more data faster and gaining back time for threat hunting versus responding to alerts.

Countering Threats with the Elastic Stack at CERDEC/ARL

The CERDEC/ARL CSSP (Cyber Security Service Provider) performs network and system monitoring for DoD entities. We leverage the Elastic Stack to efficiently navigate our data and gain critical insights into activities and trends among the networks we cover.

Threat Hunting with Elastic at SpectorOps: Welcome to HELK

The HELK project offers another approach for advanced cyber-hunting analytics, focusing on the importance of data documentation, quality, and modeling when developing analytics and making sense of disparate data sources inside the contested environment.

Log Monitoring and Anomaly Detection at Scale at ORNL

See how ORNL transitioned from using COTS toolset to a more cost-effective and flexible open source model by employing NiFi, Kafka, and the Elastic Stack.

Machine Learning Deep Dive

See time series forecasting and automatic log data categorization in action firsthand. Elastic machine learning features have grown into a powerful tool that automates notifications for anomalies and simplifies tasks like pre-configuring NGINX log analysis at scale. Learn how to put them to work on your data.

American Ancestors: Scalability & Support Using the Elasticsearch Service

Learn how the team at the New England Historic Genealogical Society have evolved from a very early on-premise Elastic implementation to taking full advantage of Elasticsearch Service.

Elastic Common Schema for Cyber Threat Hunting

The Elastic Common Schema (ECS) defines a common set of fields and field naming guidelines to enable cross-source analysis of diverse data for more effective threat hunting. See how ECS works and get real-world examples of using Elastic Common Schema to hunt threats in real time. This talk was delivered at ElasticGov Summit in April 2019.

Elastic For CDM Defend PDF

CDM goals are to provide capabilities for dynamic monitoring of security controls for network and perimeter components, host, and device components, data at rest and in transit, and user behavior. In today’s ever-changing threat environment, meeting these goals requires advanced cyber analytics that can handle tens of petabytes of structured and unstructured data.