Detecting a compromised account is one of the most challenging detections to build. This blog shows one approach we are using internally at Elastic to create detections that alert when multiple new events are seen for a user.

Using Threshold rules to create alerts on your alerts is a great way to maximize your analyst effectiveness without sacrificing visibility. By using these rules, security analysts spend less time investigating false positives.

Neste post do blog, vamos demonstrar como a equipe de InfoSec da Elastic usa o Elastic Stack com o Elastic Endpoint Security para construir um sandbox de análise de malware totalmente instrumentado usando software gratuito.