Learn how to create a centralised security analytics platform with the speed and scale you need for ad hoc analysis during threat detection and hunting exercises.
In brief, the story is tracking the sequence of events that resulted in a data exfiltration attack using a combination of machine learning, search and analytics. It hunts through windows events, network data, and more to assemble the attack timeline and pinpoint what happened, and how the adversary did it.
Using a variety of interactive techniques from user behavior tracking to network analysis, this demo highlights many features that make the Elastic Stack the security analytics platform of choice for organizations like Slack, USAA and more.
The demo will show how to:
- Resolve incidents faster
- Allowing you to effortlessly collect, store and analyze log data from virtually any Windows Server and Linux source.
- Gain immediate insight
- So you interact with real-time data, to gain deep intelligence gathered from your on-premises and cloud data centers. Map server and application dependencies to discover connections and interactions.
- Transform machine data
- To spot problems fast using pre-built solutions and queries. Address incidents quickly with flexible search, and customized alerts in the portal or from the mobile app.
Also, to speed up your Elasticsearch education, try our Elasticsearch Service, our hosted Elasticsearch offering on Elastic Cloud. Try Hosted Elasticsearch free for 14 days.