Using ML-based anomaly detection, such as the unsupervised ML jobs in the Elastic stack, we can shrink the dwell time for this malware persistence mechanism from 46 days to less than one day, a decrease by a factor of 1100!

In this blog, we walk users through identifying beaconing malware in their environment using our beaconing identification framework.

In this blog, we walk users through identifying beaconing malware in their environment using our beaconing identification framework.

In Elastic Security 7.13, we added a new set of machine learning jobs that spot anomalies in network behavior. In this blog post, we’ll explore a case study demonstrating how network data can yield important detections.

In this blog post, we walk through our release of a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get your ProblemChild framework up and running in your environment in minutes.

In this blog, learn how you can use Elastic machine learning to create your own ProblemChild framework to detect living-off-the-land (LOtL) activity in Windows process event data.

This post takes an in-depth look at detection techniques through cloud API logs analysis — exploring two real-world incidents in order to better understand how threats can slip through conventional detection methods.

In this blog, we announce our first-ever supervised ML and security integration. This offers users a supervised ML solution package to detect domain generation algorithm (DGA) activity in your network data.

In this post, we outline a straightforward approach to detecting threats with Elastic SIEM that doesn't require any specific programming, or analytical knowledge — it's perfect for helping just about any security practitioner stay ahead of attacks.