As we’ve shown in a previous blog, search-based detection rules and Elastic’s machine learning-based anomaly detection can be a powerful way to identify rare and unusual activity in cloud API logs. Now, as of Elastic Security 7.13, we’ve introduced a new set of unsupervised machine learning jobs for network data, and accompanying alert rules, several of which look for geographic anomalies. In this blog post, we’ll explore a case study demonstrating how network data can yield important detections
Hiya! Our Elasticsearch team is continually improving our index Lifecycle Management (ILM) feature. When I first joined Elastic Support, I quickly got up to speed via our Automate rollover with ILM tutorial. I noticed after helping multiple users set up ILM that escalations mainly emerge from a handful of configuration issues. In the following sections, I’d like to cover frequent tickets, diagnostic flow, and common error recoveries. All commands shown can be run via Kibana’s Dev Tools. C
One of Rain Hu's favorite moments of the day is her early morning run. "I run six kilometers minimum daily, rain or shine," she says. "I enjoy the time alone because it allows me to have time for self-reflection and self-conversation." The discipline that it takes to maintain a healthy lifestyle is carried throughout her life. As a wife, mother of two young boys, and sales leader, Rain optimizes her time so that she can show up fully and authentically in all aspects of her life. We sat down with
In my previous blog post, I demonstrated how to use Prometheus and Fluentd with the Elastic Stack to monitor Kubernetes. That’s a good option if you’re already using those open source-based monitoring tools in your organization. But, if you’re new to Kubernetes monitoring, or want to take full advantage of Elastic Observability, there is an easier and more comprehensive way. In this blog, we will explore how to monitor Kubernetes the Elastic way: using Filebeat and Metricbeat. Using Filebeat and
Detecting and preventing malicious activity such as botnet attacks is a critical area of focus for threat intel analysts, security operators, and threat hunters. Taking up the Mozi botnet as a case study, this blog post demonstrates how to use open source tools, analytical processes, and the Elastic Stack to perform analysis and enrichment of collected data irrespective of the campaign. This will allow you to take the lessons and processes outlined below to your organization and apply them to yo
Leon Gubbels is a Security Business Developer at ENGIE, an Elastic MSP. Remco Sprooten is the Product Owner for the security team. Together they describe how their team expanded their security-as-a-service offer to address operational technology (OT) as well as traditional IT systems. The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted
As of July 25, 2021, we have launched a brand-new Elastic Support Portal. The new portal experience is fully integrated with Elastic Cloud and builds upon our previous update around login and authentication. For existing subscription users, the flow to get help stays the same — you’ll continue to access support.elastic.co with your Elastic Cloud account. This blog post explains some details around the new portal experience and how it will impact our users. What is changing?We’ve built a ne
We’re pleased to announce you can now run Elastic Cloud on Google Cloud in the Asia Pacific Northeast 3 (Seoul) region. Elastic Cloud gives you the power of enterprise search, observability, and security in the Asia Pacific Northeast 3 (Seoul) region of Google Cloud. Easily search applications, websites, and workplace content platforms for information. Quickly gain deep insights into your environment by monitoring applications and uptime as well as analyzing centralized logs and metrics.
I’m a security analyst at Orange Business Services in Paris, and one of my current projects for the Orange Group is implementing a new SIEM based on the Elastic Stack. In this blog post, I’ll share why we chose Elastic and how we were able to integrate Elastic into our existing SIEM, resulting in faster investigations and saving our engineers’ time. So follow along: Orange Group is a multi-service network operator and digital service provider in 26 countries and serves about 253 million customer
The partnership between Elastic and Alibaba Cloud has expanded our community of users and developers into thousands of commercial users.
This partnership is a leading example of Elastic’s commitment to partnering with companies that users trust with their cloud infrastructure and developing a cloud-native, flexible platform. Other partners include Microsoft Azure, Google Cloud, and AWS.
Now, we are thrilled to be the recipient of Alibaba Cloud’s Walking Together Award. Here, Pankaj Khu