Threat Hunting with Elastic at SpectorOps: Welcome to HELK

The HELK project offers another approach for advanced cyber-hunting analytics, focusing on the importance of data documentation, quality, and modeling when developing analytics and making sense of disparate data sources inside the contested environment. Using the ELK Stack as a base and integrating it with other technologies such as Apache Spark and Jupyter allows security analysts to create and deploy interactive hunting playbooks while exposing extra advanced capabilities on the top of the ELK Stack.