Articles by Craig Chamberlain


Detecting unusual network activity with Elastic Security and machine learning

In Elastic Security 7.13, we added a new set of machine learning jobs that spot anomalies in network behavior. In this blog post, we’ll explore a case study demonstrating how network data can yield important detections.


ProblemChild: Generate alerts to detect living-off-the-land attacks

In this blog post, we walk through our release of a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get your ProblemChild framework up and running in your environment in minutes.


ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

In this blog, learn how you can use Elastic machine learning to create your own ProblemChild framework to detect living-off-the-land (LOtL) activity in Windows process event data.


Detecting threats in AWS Cloudtrail logs using machine learning

This post takes an in-depth look at detection techniques through cloud API logs analysis — exploring two real-world incidents in order to better understand how threats can slip through conventional detection methods.


Combining supervised and unsupervised machine learning for DGA detection

In this blog, we announce our first-ever supervised ML and security integration. This offers users a supervised ML solution package to detect domain generation algorithm (DGA) activity in your network data.


Generating MITRE ATT&CK® signals in Elastic SIEM: Sysmon data

In this post, we outline a straightforward approach to detecting threats with Elastic SIEM that doesn't require any specific programming, or analytical knowledge — it's perfect for helping just about any security practitioner stay ahead of attacks.