One finds limits by pushing them. –Herbert A. Simon,,,At Elastic, we focus on bringing value to users through fast results that operate at scale and are relevant — speed, scale, and relevance are in our DNA. In Elasticsearch 7.16, we focused on scale, pushing the limits of Elasticsearch to make search even faster, memory less demanding, and clusters more stable. Along the way, we uncovered a range of dimensions on sharding and in the process sped up Elasticsearch to new heights. Historical
,Elasticsearch 7.16 introduced a new enrich policy: range. The range policy allows one to match a number, date, or IP address in incoming documents to a range of the same type in the enrich index. Being able to match against an IP range can be specifically useful in security use cases where the additional metadata can be used to further refine detection rules. As we’ve already added an example to our documentation using IP ranges, we’ll go through an example here using the date_range type.Our fi
,Elastic Security engineers have documented a less tedious way to find network beaconing from Cobalt Strike. In their full analysis ([1] [2]), Elastic Security team researchers Andrew Pease, Derek Ditch, and Daniel Stepanic walk users through the Elastic fleet policy, how to collect the beacon, beacon configuration, how to analyze its activity, and how you can set it up in your organization’s environment. These two articles ([1] [2]) are ideal for helping security analysts identify, collect, and
,It began with an earthquake swarm. More than 22,000 seismic events were recorded, at up to 3.5 on the Richter scale, beginning on September 11th, 2021. Just 8 days later, the first eruption on La Palma since 1971, and the largest in recorded history, commenced. For three months, lava ran out of the Cumbre Vieja volcano, pouring into the Atlantic Ocean surrounding the Canary Islands. The eruption destroyed more than 3,000 homes in a torrent of fire and liquid rock and caused untold impact on th
,Elastic Security has verified a new destructive malware targeting Ukraine: Operation Bleeding Bear. Over the weekend, Microsoft released details about this multi-stage and destructive malware campaign that the Ukrainian National Cyber Security Coordination Center has been referring to as Operation Bleeding Bear. Elastic users are fully protected from attacks like these through our advanced malware detection and Ransomware Protection capabilities, and the Elastic Security team continues to
,Elastic can now seamlessly ingest data from Microsoft Azure Spring Cloud so DevOps and SREs can monitor their Spring Boot applications to increase operational efficiency and developer productivity. Azure Spring Cloud is a fully managed service for Spring applications that simplifies infrastructure management. A 2021 survey from Microsoft indicated that “end-to-end monitoring” is the second biggest challenge DevOps and IT managers face as they migrate Spring Boot applications to the cloud.