Tedi HeriyantoBuilding effective threat hunting and detection rules in Elastic Security: https://www.elastic.co/blog/elastic-security-building-effective-threat-hunting-detection-rules
The Threat CodexElastic response to blog ‘EDR 0-Day Vulnerability’
#ElasticSecurity
https://www.elastic.co/blog/elastic-response-edr-0-day-vulnerability-blog
#ElasticSecurity
https://www.elastic.co/blog/elastic-response-edr-0-day-vulnerability-blog
Thomas StrömbergI spent too much time banging my head against the wall getting #ElasticSecurity and #Kolide to run well on #immutable #Linux distros like #Fedora #SilverBlue
Here's the first article:
https://unfinished.bike/elastic-agent-on-fedora-silverblue
Linux distro's heading to where macOS today: where the root filesystem is mostly immutable, but not entirely. #ChromeOS arrived there a decade ago, but everyone seems to be moving in the same direction.
Juliet (Ryel), Rollerskating Elf 🏳️⚧️Question for Elasticsearch experts. Well, specifically, Elastic Security experts.
How do you cope with the fact that Elastic Security does not have traditional on-demand/scheduled AV scanning?
Companies often ask questions about AV scans in their vendor "security questionnaires" and I've never seen a good answer that explains why/how next-gen AV/EDR doesn't do "scanning."
What do you tell people? How do you get this past ancient regulatory requirements and/or companies who don't know what "EDR" means?
[Boosts appreciated. 🚀]
[Edit: I guess this is a question for anyone using any "next-gen av" or EDR like #Crowdstrike or #SentinelOne ]
#Cybersecurity #InformationSecurity #Elastic #Elasticsearch #ElasticSecurity #EndpointProtection #EDR
How do you cope with the fact that Elastic Security does not have traditional on-demand/scheduled AV scanning?
Companies often ask questions about AV scans in their vendor "security questionnaires" and I've never seen a good answer that explains why/how next-gen AV/EDR doesn't do "scanning."
What do you tell people? How do you get this past ancient regulatory requirements and/or companies who don't know what "EDR" means?
[Boosts appreciated. 🚀]
[Edit: I guess this is a question for anyone using any "next-gen av" or EDR like #Crowdstrike or #SentinelOne ]
#Cybersecurity #InformationSecurity #Elastic #Elasticsearch #ElasticSecurity #EndpointProtection #EDR
Tanisha L. TurnerAs we close out 2023,
Check ✅️ out my Elastic Advent Calendar entry "How to investigate a Malicious Alert for Threat Hunting in Elastic Security"
Dec 25th, 2023: [EN] How to investigate a Malicious Alert for Threat Hunting in Elastic Security
Introduction When investigating malicious alerts in Elastic Security, it is essential to determine the type of malicious activity that is detected from an alert for response and remediation. There are many methods to perform for malicious alert investigation. The first step in the malicious alert investigation is identification. As the user, you will need to identify the alert and the rule that triggered the alert. Identification of the alert encompasses the following: Type of alert: Malic...
Join me for an Elastic Security Community virtual event. I will be giving a tech talk on my Journey Into Malware Research and Reverse Engineering.
Hope to see you there! 🤩🙌
Date: Thursday, October 19
Time: 8am PST/11am EST
#Elastic #ElasticSecurity #reverseengineering #malwareresearch #securityresearch
#womenincyber #womenincybersecurity
Meetup link:
https://www.meetup.com/elastic-united-states-and-canada-virtual/events/296510147/
Session will be recorded and shared on the YouTube Elastic Community page for those who are unable to attend.
dispatch3CX Breach Was a Double Supply Chain Compromise https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #Marc-EtienneM.Leveille #TradingTechnologies #Ne'er-Do-WellNews #ClearSkySecurity #ALittleSunshine #ElasticSecurity #LatestWarnings #TheComingStorm #ICONICSTEALER #DiamondSleet #KasperskyLab #PeterKalnai #supplychain #kimzetter #microsoft #Mandiant #X_Trader #zeroday #macOS #ESET #ZINC #3CX
ITSEC News3CX Breach Was a Double Supply Chain Compromise - We learned some remarkable new details this week about the recent supply-chain att... https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/ #doublesupplychainbreach #marc-etiennem.leveille #tradingtechnologies #neer-do-wellnews #clearskysecurity #alittlesunshine #elasticsecurity #latestwarnings #thecomingstorm #iconicstealer #diamondsleet #kasperskylab #peterkalnai #supplychain #kimzetter #microsoft #mandiant
My entry for the Elastic Advent Calendar 2022 is now available 🤩:
"How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud"
Happy Holidays everyone! ❄️☃️😊
https://discuss.elastic.co/t/321832
#infosec #elasticsecurity #elastic #cloud #elasticcloud #elasticadventcalendar
Dec 25th, 2022: [EN] How to build a cluster for Elastic Security: Best practices for creating and generating security data in Elastic Cloud
Introduction When building a cluster for Elastic Security in Elastic Cloud, there are different methods to add security data. The easiest method for adding and shipping security data to Elastic Cloud is with using the Elastic Agent Integration. There are a number of factors that need to be considered prior to creation and building a cluster for Elastic Security: ✅ Determine the type of data that is best suited for the use case scenario - Data architecture and design ...
HCS ▋Just added: YAML Config Snippet of JPCERT Lateral Movement Events to Monitor (Windows) https://hannahsuarez.github.io/2021/YAML_Lateral_Movement_Events_to_Monitor/
#security #cybersecurity #infosec #elasticsecurity #blueteam