Learn how the Elastic Infosec team created a full inventory of all browser extensions using osquery and Elastic Security with examples on building detections to alert the security team when a known bad browser extension is installed on a workstation.

See how Elastic’s asset inventory has evolved into a critical tool for InfoSec, transforming from a basic inventory to a powerful solution that addresses real-world cybersecurity challenges.

Discover how Elastic's InfoSec team saves thousands of hours per month by using Tines to automate SIEM alert investigations while reducing false positives and detect compromised accounts.

Detecting a compromised account is one of the most challenging detections to build. This blog shows one approach we are using internally at Elastic to create detections that alert when multiple new events are seen for a user.

Using Threshold rules to create alerts on your alerts is a great way to maximize your analyst effectiveness without sacrificing visibility. By using these rules, security analysts spend less time investigating false positives.

Elasticの情報セキュリティチームはElastic StackとElastic Endpoint Security、無料ソフトウェアを使って完全にインストルメンテーションしたマルウェア分析サンドボックスを構築しています。本記事でその手法を詳しく解説します。