Detecting a compromised account is one of the most challenging detections to build. This blog shows one approach we are using internally at Elastic to create detections that alert when multiple new events are seen for a user.

Using Threshold rules to create alerts on your alerts is a great way to maximize your analyst effectiveness without sacrificing visibility. By using these rules, security analysts spend less time investigating false positives.

이 블로그 게시물에서는 Elastic InfoSec 팀이 Elastic Stack과 Elastic 엔드포인트 보안을 사용하여 무료 소프트웨어로 완벽하게 계측된 malware 분석 샌드박스를 구축하는 방법에 대해 설명합니다.