Articles by Justin Ibarra


ProblemChild: Generate alerts to detect living-off-the-land attacks

In this blog post, we walk through our release of a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get your ProblemChild framework up and running in your environment in minutes.


Combining supervised and unsupervised machine learning for DGA detection

In this blog, we announce our first-ever supervised ML and security integration. This offers users a supervised ML solution package to detect domain generation algorithm (DGA) activity in your network data.


Detection rules for SIGRed vulnerability

The SIGRed vulnerability impacts all systems leveraging the Windows DNS server service (Windows 2003+). To defend your environment, we recommend implementing the detection logic included in this blog post using technology like Elastic Security.


Getting started with EQL

EQL is a language to express relationships between events and has the power to normalize your data regardless of data source and not constrained by platform.