On-demand webinar

Elastic Security: Introducing the public repository for detection rules

Hosted by

Paul Ewing
Paul Ewing

Principal Product Manager, Elastic Security

Elastic

Ross Wolf
Ross Wolf

Senior Security Research Engineer

Elastic

Overview

Security must be a team sport — collaborating, sharing, and contributing are critical to success. Working together on a larger scale is the only way to stay ahead; infosec teamwork cannot be limited solely to the organization or even industry level.

Elastic’s free and open philosophy aims to help infosec teams globally via a community-centered approach to solving security problems. True to this approach, we are making a public repository available for the universal collection, collaboration, and implementation of security detection rules.

In this webinar, we’ll introduce the repo and cover what you need to know to make the best use of this valuable new resource, including:

  • A walkthrough of the security detection rules repo and what it contains
  • An intro to Elastic's approach to threat hunting and detection
  • Getting started, dependencies, and usage best practices
  • Guidelines on how to contribute (creating issues, style, and process)
  • Detection engineering (rule metadata, Elastic Common Schema (ECS), and rule validation)

You’ll hear directly from two Elastic Security experts on the philosophy behind crafting detections and translating attacker techniques into effective rules, including ways to ensure efficacy and add resilience against attacker evasions.

Additional Resources:

Register to watch

You'll also receive an email with related content.