文章作者 Aaron Jewitt

Principal Security Analyst & Elastic Infosec Detections Team Lead, Elastic


Detecting account compromise with UEBA detection packages

Detecting a compromised account is one of the most challenging detections to build. This blog shows one approach we are using internally at Elastic to create detections that alert when multiple new events are seen for a user.


Detection engineering — Maximizing analyst efficiency using Cardinality Threshold rules on your alerts

Using Threshold rules to create alerts on your alerts is a great way to maximize your analyst effectiveness without sacrificing visibility. By using these rules, security analysts spend less time investigating false positives.


如何使用 Elastic 安全构建一个恶意软件分析沙箱

在这篇博文中,我们将演示 Elastic Infosec 团队如何借助整合了 Elastic Endpoint Security 的 Elastic Stack,使用免费软件来构建一个功能齐备的恶意软件分析沙箱。