Operations | Monitoring | ITSM | DevOps | Cloud

Elastic Security opens public detection rules repo

At Elastic, we believe in the power of open source and understand the importance of community. By putting the community first, we ensure that we create the best possible product for our users. With Elastic Security, two of our core objectives are to stop threats at scale and arm every analyst. Today, we’re opening up a new GitHub repository, elastic/detection-rules, to work alongside the security community, stopping threats at a greater scale.

Canonical, Elastic, and Google team up to prevent data corruption in Linux

At Elastic we are constantly innovating and releasing new features. As we release new features we are also working to make sure that they are tested, solid, and reliable — and sometimes we do find bugs or other issues. While testing a new feature we discovered a Linux kernel bug affecting SSD disks on certain Linux kernels. In this blog article we cover the story around the investigation and how it involved a great collaboration with two close partners, Google Cloud and Canonical.

Preventing "copy-paste compromises" (ACSC 2020-008) with Elastic Security

The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures (TTPs) used against multiple Australian businesses in a recent campaign by a state-based actor. The campaign — dubbed ‘copy-paste compromises’ because of its heavy use of open source proof of concept exploits — was first reported on the 18th of June 2020, receiving national attention in Australia.

How to use Kibana effectively. Today: Detect possible frauds in your data

Kibana is quite powerful and versatile for visualizing data in Elasticsearch. The Elastic Stack can be used for a variety of use cases. One is the detection of frauds e.g. in Banking transaction like within Softbank Payment Service or bonus point accounts like within Miles and More. Other areas are insurance or tax return data.

Elastic Enterprise Search is now available on Elastic Cloud

We're excited to announce that Elastic Enterprise Search is now available on Elastic Cloud. Simply sign up for a free Elastic Cloud account and you can be up and running in a matter of minutes. The Elastic Enterprise Search solution encompasses both our Workplace Search and App Search products — a comprehensive package of search tools that dramatically simplifies the process of creating enterprise-grade search experiences for consumers, users, and teammates alike.

Why does Elastic Support keeping asking for diagnostic files?

If you’ve worked with Elastic Support, you may have been asked to run the Support Diagnostic tool and provide the output in your support case. This is a common practice, but a lot of you out there may not know why. While the short answer is "it depends", this blog is going to explain why we keep asking for diagnostic files (as well as what’s in them). Simply put, the Support Diagnostic helps Elastic Support understand the state of your cluster.

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.

Kubernetes observability tutorial: Log monitoring and analysis

Kubernetes has emerged the de facto container orchestration technology, and an integral technology in the cloud native movement. Cloud native brings speed, elasticity, and agility to software development, but also increases the complexity — with hundreds of microservices on thousands (or millions) of containers, running in ephemeral and disposable pods. Monitoring such a complex, distributed, transient system is challenging, and at the same time very critical.