Operations | Monitoring | ITSM | DevOps | Cloud

July 2021

Troubleshooting Elasticsearch ILM: Common issues and fixes

Hiya! Our Elasticsearch team is continually improving our index Lifecycle Management (ILM) feature. When I first joined Elastic Support, I quickly got up to speed via our Automate rollover with ILM tutorial. I noticed after helping multiple users set up ILM that escalations mainly emerge from a handful of configuration issues. In the following sections, I’d like to cover frequent tickets, diagnostic flow, and common error recoveries. All commands shown can be run via Kibana’s Dev Tools.

Detecting unusual network activity with Elastic Security and machine learning

As we’ve shown in a previous blog, search-based detection rules and Elastic’s machine learning-based anomaly detection can be a powerful way to identify rare and unusual activity in cloud API logs. Now, as of Elastic Security 7.13, we’ve introduced a new set of unsupervised machine learning jobs for network data, and accompanying alert rules, several of which look for geographic anomalies.

Monitoring Kubernetes the Elastic way using Filebeat and Metricbeat

In my previous blog post, I demonstrated how to use Prometheus and Fluentd with the Elastic Stack to monitor Kubernetes. That’s a good option if you’re already using those open source-based monitoring tools in your organization. But, if you’re new to Kubernetes monitoring, or want to take full advantage of Elastic Observability, there is an easier and more comprehensive way. In this blog, we will explore how to monitor Kubernetes the Elastic way: using Filebeat and Metricbeat.

Defending the Internet of Things from hackers and viruses

The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted directly by an outsider. Instead, the attackers infected five of the plant’s partner organizations, hoping that an engineer from one of them would unknowingly introduce the malware to the network via a thumb drive.

Collecting and operationalizing threat data from the Mozi botnet

Detecting and preventing malicious activity such as botnet attacks is a critical area of focus for threat intel analysts, security operators, and threat hunters. Taking up the Mozi botnet as a case study, this blog post demonstrates how to use open source tools, analytical processes, and the Elastic Stack to perform analysis and enrichment of collected data irrespective of the campaign.

How Orange Business Services is building a better SIEM with Elastic

I’m a security analyst at Orange Business Services in Paris, and one of my current projects for the Orange Group is implementing a new SIEM based on the Elastic Stack. In this blog post, I’ll share why we chose Elastic and how we were able to integrate Elastic into our existing SIEM, resulting in faster investigations and saving our engineers’ time. So follow along.

How versatile is the Elastic Stack? Ask Walmart, NASA, or Airbus.

What do an airline, the world’s largest retailer, the French government, Adobe, and NASA’s JPL have in common? They use the Elastic Stack to empower customers, communities, and, even, interplanetary exploration. With the Elastic Stack’s ability to take data from any source and in any format, and then search, analyze, and visualize it in real time, organizations can act quickly to improve customer experience and power critical systems.

How does search solve data problems?

Is enterprise data a benefit or a burden? Think about all of the data your organization generates and consumes in the digital age — from security event logs to application error messages, energy consumption to vendor contracts. There is so much, and all of it is usually stored in silos, making the data difficult to synthesize to provide better services, identify signals proactively, or make stronger business decisions.

Elastic named a Leader in The Forrester Wave: Cognitive Search

We’re thrilled to announce that Elastic has been named a Leader in The Forrester Wave™: Cognitive Search, Q3 2021*, highlighting, in our opinion, our commitment to providing a set of tools that makes it quicker and easier to build great search experiences with Elasticsearch. In addition to receiving the highest score possible in the strategy category, Elastic also received the highest scores possible in the operations and market awareness criteria.

Understanding and Debugging Applications Using the Service Map

Elastic APM is an application performance monitoring system built on the Elastic Stack. Elastic APM makes it easy to pinpoint and fix performance problems quickly. In this video, you will learn what distributed tracing is, how it can be used to better understand your environment, and how service maps give you a quick overview of your architecture.

Practical CPU time performance tuning for security software: Part 2

In a previous blog, we discussed how to monitor, troubleshoot, and fix high %CPU issues. We also revealed a system API that could have an unexpected impact on CPU consumption. In this episode, we’ll discuss another time-related performance aspect that is unique to security software: application startup time. You don’t need to be a developer to benefit from this article.

Elastic Security prevents 100% of REvil ransomware samples

Users of Elastic Security are protected through numerous layers of protections against the REvil ransomware that affected Kaseya VSA and its customers. Elastic Security’s layered protections prevented 100% of the REvil ransomware samples tested before damage and loss could occur to the business. We believe that detections and preventions must be layered, as no single protection works 100% of the time.

Secure your deployments on Elastic Cloud with Azure Private Link

We are pleased to announce the general availability of the Azure Private Link integration with Elastic Cloud. Azure Private Link provides private connectivity between your VNET (Virtual Network) and other Azure resources. Private Link simplifies your cloud network architecture and eliminates data exposure to the public internet by routing your data to private Azure service endpoints.

Elastic Security Recognized in the 2021 Gartner Magic Quadrant for SIEM

We’re excited to share that Elastic Security has been recognized in the 2021 Gartner Magic Quadrant for Security Information and Event Management (SIEM). Elastic Security is the latest Elastic solution to be recognized in a 2021 Gartner Magic Quadrant report, following the 2021 Magic Quadrant for Insight Engines and 2021 Magic Quadrant for Application Performance Monitoring.

Ingesting threat data with the Threat Intel Filebeat module

The ability for security teams to integrate threat data into their operations substantially helps their organization identify potentially malicious endpoint and network events using indicators identified by other threat research teams. In this blog, we’ll cover how to ingest threat data with the Threat Intel Filebeat module. In future blog posts, we'll cover enriching threat data with the Threat ECS fieldset and operationalizing threat data with Elastic Security.