Enhancing security analyst workflow with the Elastic SIEM detection engine and unsupervised anomaly detection

With the release of the Elastic Stack 7.6, we saw the addition of a new detection engine to Elastic SIEM. The detection engine creates “signals” — based on built-in or user-created rules — to bring greater threat detection efficiency and effectiveness through automation. Users can create their own custom rules to automatically detect potentially malicious activity in their environment.

In addition to the detection engine, the SIEM app is also integrated with Elastic’s anomaly detection engine, which uses machine learning techniques to spot anomalies in Elasticsearch indices.

In this webinar, we’ll cover how you can combine both detection techniques to bolster your security operations workflow and detection strategy.


  • Get an overview of the detection engine and its pre-packaged rules
  • Learn how to easily create a new rule of your own
  • Discover how to create anomaly detection jobs in the Elastic Stack and combine them with the detection engine

Additional Resources:

James Spiteri

Solutions Architect


Haran Kumar

Security Specialist


Register to watch

You'll also receive an email with related content