Using Elasticsearch and the Elastic Stack for Advanced Threat Hunting

Cybersecurity threats have become aggressively sophisticated. The data and speed required to detect targeted attacks has increased dramatically - the signature- and rule-based approaches simply don’t cut it anymore.

The need for a cybersecurity solution that maintains and utilizes data effectively, whilst providing a simple yet powerful interface for security analysts to stop malicious users in their tracks is paramount for any security operation.

This webinar demonstrates the Elastic Stack’s ability to carry out threat hunting activities needed to keep pace with the threats of today and tomorrow, and cover:

  • The state of today’s threat hunting landscape
  • The importance of fast, scalable, and relevant threat intelligence and data enrichment
  • How to integrate various types of threat feeds into Elasticsearch
  • How to use Kibana visualizations for interactive threat hunting
  • The role of machine learning for automated anomaly detection
Register to Watch

Cybersecurity threats have become aggressively sophisticated. The data and speed required to detect targeted attacks has increased dramatically - the signature- and rule-based approaches simply don’t cut it anymore.

The need for a cybersecurity solution that maintains and utilizes data effectively, whilst providing a simple yet powerful interface for security analysts to stop malicious users in their tracks is paramount for any security operation.

This webinar demonstrates the Elastic Stack’s ability to carry out threat hunting activities needed to keep pace with the threats of today and tomorrow, and cover:

  • The state of today’s threat hunting landscape
  • The importance of fast, scalable, and relevant threat intelligence and data enrichment
  • How to integrate various types of threat feeds into Elasticsearch
  • How to use Kibana visualizations for interactive threat hunting
  • The role of machine learning for automated anomaly detection

Samir Bennacer

Samir Bennacer is Senior Solutions Architect specialized in security. He is passionate about technology, and has several years of experience working with SIEM solutions and big data technologies. Samir is a regular  speaker about security solutions including sessions at previous Elastic{ON} events, and other conferences like Devoxx, Voxxed and HP Protect.


James Spiteri

James has been building custom SIEM platforms for security operations centers for the past 5 years, for a variety of different sectors using several different technologies. Having tried and implemented solutions from several different vendors, James ended up favouring the Elastic Stack for its extreme versatility, speed, scalability and integrated machine learning (to name a few). From ingesting, manipulating, correlating and enriching logs from a plethora of different network device vendors, to creating a custom Slack bot to send alerts to SOC analysts, James has been able to do it thanks to the Elastic Stack.