Cyber Hunting at Perched with the Elastic Stack & X-Pack

Perched is using Elastic's X-Pack to analyze intrusions as they progress through a campaign and exploring methods to push them back through the kill-chain.

Andrew Pease

Andrew Pease is the Chief Intelligence Officer at Perched. His team focuses on analyzing strategic, operational, and tactical threats. Furthermore, Andrew also leads intelligence training course for Perched, transitioning traditional intelligence professionals into the cyber domain.

Andrew specializes in the People’s Republic of China’s economic espionage, intelligence, and counter-intelligence programs.

Additionally, Andrew is a member of the Missouri Cyber Team within the Missouri National Guard. His team has developed techniques and methodologies for performing cyber hunting operations within Federal, State, and private industries. The Missouri Cyber Team architected, engineered, and operationalized their own hunting platform known as ROCK ( as well as their standalone operations technology stack, CAPES (