With the release of the Elastic Stack 7.6, we saw the addition of a new detection engine to Elastic SIEM. The detection engine creates “signals” — based on built-in or user-created rules — to bring greater threat detection efficiency and effectiveness through automation. Users can create their own custom rules to automatically detect potentially malicious activity in their environment.
In addition to the detection engine, the SIEM app is also integrated with Elastic’s anomaly detection engine, which uses machine learning techniques to spot anomalies in Elasticsearch indices.
In this webinar, we’ll cover how you can combine both detection techniques to bolster your security operations workflow and detection strategy.
- Get an overview of the detection engine and its pre-packaged rules
- Learn how to easily create a new rule of your own
- Discover how to create anomaly detection jobs in the Elastic Stack and combine them with the detection engine
- Want to try it for yourself? Take some of these features for a spin with a free trial of our Elasticsearch Service.
- Elastic Security 7.6 announcement post
- Migrating from Splunk to the Elastic Stack: Data migration
- Hunting for persistence using Elastic Security
- Integrating custom logs with ECS for Elastic SIEM