Threat Hunting with Elastic at SpectorOps: Welcome to HELK

The HELK project offers another approach for advanced cyber-hunting analytics, focusing on the importance of data documentation, quality, and modeling when developing analytics and making sense of disparate data sources inside the contested environment. Using the ELK Stack as a base and integrating it with other technologies such as Apache Spark and Jupyter allows security analysts to create and deploy interactive hunting playbooks while exposing extra advanced capabilities on the top of the ELK Stack.

Roberto Rodriguez

Adversary Detection Researcher, SpectorOps

Roberto Rodriquez is a Senior Threat Hunter at SpecterOps where he specializes in the development of analytics to detect advanced adversaries techniques. His experience performing incident response and threat hunting engagements, in various industries, has encouraged him to help organizations improve their security posture and share his knowledge with the information security community. He is also the author of several open source projects, such as the Threat Hunter Playbook and HELK, to aid the community development of techniques and tooling for hunting campaigns. He currently maintains his blog at https://cyberwardog.blogspot.com.