Ten times faster at a fraction of the cost. If you want a headline as to why you should consider adopting Elastic for security and observability, that is it. We often work with our customers to help them establish the business value of Elastic within their organizations. We commissioned Forrester to conduct a Total Economic Impact (TEI) study of our security and observability solutions so our customers have an unbiased view that they can share with their internal stakeholders. The TEI exam
In an earlier blog post, we spoke about building your own ProblemChild framework from scratch in the Elastic Stack to detect living off the land (LOtL) activity. As promised, we have now also released a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get ProblemChild up and running in your environment in a matter of minutes. This blog provides a high-level breakdown of the steps to enrich your Windows process event data using the rel
This quick blog is the first in a two-part series discussing a userland Windows exploit initially disclosed by James Forshaw and Alex Ionescu. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver. Protected process lightWindows 8.1 introduced the concept of Protected Process Light (PPL), which enables specially-signed programs to run in such a way that they are immune from tampering and termination, even by administrative users. The goal is to
We all want to work for a company where we fit in. That’s why Elastic built a Source Code that encourages all to come as they are. In this Pride blog series, we highlight LGBTQIA+ Elasticians who have a unique story — one, perhaps, just as unique as yours. We asked Kiley Davidson, IT Systems Engineer, to talk about her experience and share how Elastic’s culture allowed her to come out at work and thrive as a trans woman. How did you know that Elastic was a safe place for you when you joined in
Creating an entity-centric index that contains only the latest document for each entity can be useful in a number of situations. For example, maybe you're managing an ecommerce site and you want to track the latest order placed by each of your customers. Or maybe you want to run a campaign targeting customers who haven't been active over a certain period. What's the fastest and most efficient way to compile and organize such data? Transforms in Elasticsearch enable you to create and maintain an
In January 2021, we announced that starting with version 7.11, we would be changing the Apache 2.0 portions of Elasticsearch and Kibana source code to be dual licensed under Elastic License and SSPL, at the users’ discretion. As part of that change, we created Elastic License 2.0 (ELv2) as a permissive, fair-code license, which allows free use, redistribution, modification, and derivative works, with only three simple limitations, outlined in our original announcement. We've been
Version 7.13.1 of the Elastic Stack was released today. We recommend you upgrade to this latest version. The 7.13.1 patch contains fixes and small enhancements for the stack. Notable bug fixes are:
Kibana: Some "By value" panels not rendering after upgrade from 7.12.1 to 7.13.0 (#100756) Kibana: "Math" aggregation not working for Table view in TSVB (#100892) Elasticsearch: Fix illegal access on PIT creation for frozen index (#73517) Elasticsearch: Fix snapshot shard data lost issue when an inde
Cerner Corp. is a supplier of healthcare information technology systems, services, and devices. The company, with $5.7 billion in annual revenue, empowers people and communities to engage in their own care. A key aspect of the business is surfacing data to enable their clients to make informed decisions about their healthcare. The 29,000 Cerner employees in 30 countries are on a mission to shape the healthcare of tomorrow. They believe that their influence goes beyond healthcare, and impac
In our last episode, I wrote about some speed improvements to date_histogram and I was beside myself with excitement to see if I could apply the same principles to other aggregations. I've spent most of the past few months playing a small part developing runtime fields but eventually I found time to take a look at the terms aggregation. It's time for terms!With the date_histogram aggregation we got a huge performance boost by rewriting it as a filters aggregation internally. Rewriting terms as
As a quality assurance engineer on the Kibana team at Elastic, Bhavya Raju Mandya makes an effort to see things from a different perspective. “My job is to break things,” says Bhavya. “I like impersonating a cat, being curious, seeing what happens if I knock something off, or moving something or changing the order to figure out what gives. The end goal is to protect and defend the quality of Kibana and that makes me happy.” The value Bhavya places on curiosity and diverse perspectives is a