logo

Auteur

Articles de Aaron Jewitt

Principal Security Analyst & Elastic Infosec Detections Team Lead, Elastic

Videos

Detecting account compromise with UEBA detection packages

Detecting a compromised account is one of the most challenging detections to build. This blog shows one approach we are using internally at Elastic to create detections that alert when multiple new events are seen for a user.

Videos

Detection engineering — Maximizing analyst efficiency using Cardinality Threshold rules on your alerts

Using Threshold rules to create alerts on your alerts is a great way to maximize your analyst effectiveness without sacrificing visibility. By using these rules, security analysts spend less time investigating false positives.

Videos

Comment développer une sandbox d'analyse des malware à l'aide d'Elastic Security

Dans cet article, nous vous expliquons comment l'équipe d'Elastic en charge de la sécurité des informations utilise la Suite Elastic avec Elastic Endpoint Security pour développer une sandbox d'analyse des malware entièrement instrumentée à l'aide