Articles by Paul Ewing

Check out the evolution of Elastic Security, free and open, and evaluated by MITRE.

MITRE ATT&CK® round 2 evaluations have been released. Make sense of how each security vendor performed with these easy Kibana dashboards.

We’re excited to announce the new release of more EQL analytics and tooling, including an interactive shell, to make EQL even more usable and powerful.

EQL is a language to express relationships between events and has the power to normalize your data regardless of data source and not constrained by platform.


EQL for the masses

Event Query Language is an extensible, powerful language built in-house at Endgame to express relationships between security-relevant events.

Today, we see digital masquerading used by the most sophisticated as well as less skilled adversaries to hide in the noise while conducting operations.

After adversaries breach a system, they usually consider how they will maintain uninterrupted access through events such as system restarts.