Welcome Perched: Security Training for SIEM, Threat Hunting, and More

Looking for Perched training or consulting? All of the Perched offerings are now delivered by Elastic. Learn more by visiting our Training and Consulting pages.

Today, we are excited to announce that Perched, a training and consulting company focused on security analytics, threat hunting and security operations, has joined forces with Elastic. The Perched team will give Elastic's users training and consulting services for building advanced cybersecurity solutions using the Elastic Stack, including practitioner-level expertise for deploying, managing, and operating Elastic SIEM and Elastic's proposed acquisition of Endgame.

Perched brings to Elastic deep experience in SIEM and threat hunting, network security monitoring, network and host forensics, building threat models against adversary tactics (kill chain, ATT&CK, Diamond) and building cyber operations command centers. The Perched team are long-time users of the Elastic Stack and have been an Elastic partner. With their extensive security experience and their strong Elastic Stack product knowledge, they've also worked closely with our Engineering team to extend the Elastic Common Schema (ECS) for network/endpoint security and malware artifact data; assisted our team with Logstash input/output plugins, Winlogbeat and Filebeat; and for our new Elastic SIEM product, they've provided feature input and use case validation.

"Perched has been a wonderful partner for Elastic delivering customized and practitioner-based security courses for customers in education, government, and other industries," said Aaron Katz, Chief Revenue Officer at Elastic. "As we continue to expand our security efforts with Elastic SIEM and our proposed acquisition of Endgame, the Perched team will provide our customers with a level of security expertise unmatched in the industry."

Several of the Perched team members spearheaded open source projects like RockNSM (, a threat hunting platform using the Elastic Stack, and CAPESstack (, a service hub for incident response, intelligence analysis and hunt operations which also uses the Elastic Stack. Going forward RockNSM and CAPESstack will continue as independent open source projects.

Perched team, welcome to Elastic. We are thrilled to have you join the team!

Now, a few thoughts from two of the four founders:

Andrew "variable" Pease, CEO of Perched:
"The members of Perched have been threat hunting since before "cyber" had a name. In 2013, this led us to a small open source project called Elasticsearch that gave us the ability to index, enrich, and query our data as fast as we could think of questions to ask it. We built the Elastic Stack into all our projects because of its open source roots and search speed, which is pivotal for threat hunting. When we first formed Perched, we knew that we wanted to form a strong partnership with Elastic. With the Elastic and Perched team's joining forces, we will continue to help security practitioners operationalize the Elastic Stack for cyber network defense."

Derek "dcode" Ditch, COO of Perched:
"We've been fanatic Elastic users since 0.90.0. Members of our team have been using Elastic products and tied them into other open source technologies for cybersecurity in small toy applications and super-large, global, cloud-scale applications. What we've done at Perched is to take open source cybersecurity technologies and make them approachable to our customers through education and services. I'm extremely excited about joining the Elastic team because we will be able to help even more people scale their analysis to their data problem using open source technology."