One finds limits by pushing them. –Herbert A. Simon,,,At Elastic, we focus on bringing value to users through fast results that operate at scale and are relevant — speed, scale, and relevance are in our DNA. In Elasticsearch 7.16, we focused on scale, pushing the limits of Elasticsearch to make search even faster, memory less demanding, and clusters more stable. Along the way, we uncovered a range of dimensions on sharding and in the process sped up Elasticsearch to new heights. Historical
,Elasticsearch 7.16 introduced a new enrich policy: range. The range policy allows one to match a number, date, or IP address in incoming documents to a range of the same type in the enrich index. Being able to match against an IP range can be specifically useful in security use cases where the additional metadata can be used to further refine detection rules. As we’ve already added an example to our documentation using IP ranges, we’ll go through an example here using the date_range type.Our fi
,Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis ([1] [2]), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment. These two articles ([1] [2]) are ideal for helping security analysts identify, collect, and
,It began with an earthquake swarm. More than 22,000 seismic events were recorded, at up to 3.5 on the Richter scale, beginning on September 11th, 2021. Just 8 days later, the first eruption on La Palma since 1971, and the largest in recorded history, commenced. For three months, lava ran out of the Cumbre Vieja volcano, pouring into the Atlantic Ocean surrounding the Canary Islands. The eruption destroyed more than 3,000 homes in a torrent of fire and liquid rock and caused untold impact on th