AUTHOR

Articles by Elastic Security Intelligence & Analytics Team

Videos

Going Coast to Coast - Climbing the Pyramid with the Deimos Implant

The Deimos implant was first reported in 2020 and has been in active development; employing advanced analysis countermeasures to frustrate analysis. This post details the campaign TTPs through the malware indicators.

Videos

Detection and response for the actively exploited ProxyShell vulnerabilities

In the last week, Elastic Security has observed the exploitation of Microsoft Exchange vulnerabilities associated with ProxyShell. Review the post to find newly released details about this activity.

Videos

Collecting and operationalizing threat data from the Mozi botnet

The Mozi botnet is an ongoing malware campaign targeting unsecured and vulnerable networking devices. This post will showcase the analyst journey of collecting, analyzing, and operationalizing threat data from the Mozi botnet.

Videos

Ingesting threat data with the Threat Intel Filebeat module

In this blog series, we cover how to use the Elastic Stack to integrate threat data indicators identified by other threat research teams into security operations to identify potentially malicious endpoint and network events.

Videos

Testing your Okta visibility and detection with Dorothy and Elastic Security

Dorothy is a tool for security teams to test their visibility and detection capabilities for their Okta environment. IAM solutions are frequently targeted by adversaries but poorly monitored. Learn how to get started with Dorothy in this post.

Videos

Security operations: Cloud monitoring and detection with Elastic Security

As companies migrate to cloud, so too do opportunist adversaries. That's why our Elastic Security team members have created free detection rules for protecting users' cloud platforms like AWS and Okta. Learn more in this blog post.

Videos

Threat hunting capture the flag with Elastic Security: BSides 2020

In our last Elastic Security capture the flag event, participants hunted for suspicious behavior after a mock network compromise. See how contenders fared in this blog post.

Videos

Detection rules for SIGRed vulnerability

The SIGRed vulnerability impacts all systems leveraging the Windows DNS server service (Windows 2003+). To defend your environment, we recommend implementing the detection logic included in this blog post using technology like Elastic Security.

Videos

Elastic Security opens public detection rules repo

Elastic Security has opened its detection rules repository to the world. We will develop rules in the open alongside the community, and we’re welcoming your community-driven detections. This is an opportunity to share collective security knowledge.