Category
Product Updates
The 2025 State of Detection Engineering at Elastic explores how we create, maintain, and assess our SIEM and EDR rulesets.
Announcing the Elastic Bounty Program for Behavior Rule Protections
Elastic is launching an expansion of its security bounty program, inviting researchers to test its SIEM and EDR rules for evasion and bypass techniques, starting with Windows endpoints. This initiative strengthens collaboration with the security community, ensuring Elastic’s defenses remain robust against evolving threats.
Streamlining Security: Integrating Amazon Bedrock with Elastic
This article will guide you through the process of setting up the Amazon Bedrock integration and enabling Elastic's prebuilt detection rules to streamline your security operations.
Elevate Your Threat Hunting with Elastic
Elastic is releasing a threat hunting package designed to aid defenders with proactive detection queries to identify actor-agnostic intrusions.
Cups Overflow: When your printer spills more than Ink
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.
Elastic releases the Detection Engineering Behavior Maturity Model
Using this maturity model, security teams can make structured, measurable, and iteritive improvements to their detection engineering teams..
Now in beta: New Detection as Code capabilities
Introducing a New Vulnerability Class: False File Immutability
This article introduces a previously-unnamed class of Windows vulnerability that demonstrates the dangers of assumption and describes some unintended security consequences.
500ms to midnight: XZ A.K.A. liblzma backdoor
Elastic Security Labs is releasing an initial analysis of the XZ Utility backdoor, including YARA rules, osquery, and KQL searches to identify potential compromises.
Monitoring Okta threats with Elastic Security
This article guides readers through establishing an Okta threat detection lab, emphasizing the importance of securing SaaS platforms like Okta. It details creating a lab environment with the Elastic Stack, integrating SIEM solutions, and Okta.
Fall 2023 Global Threat Report Outro
This article highlights the essential contributions to the Global Threat Report from the Security Intelligence team, and describes three major phenomena impacting the threat landscape.
Peeling back the curtain with call stacks
In this article, we'll show you how we contextualize rules and events, and how you can leverage call stacks to better understand any alerts you encounter in your environment.
Now available: The LLM safety assessment
Check out the newest report from Elastic Security Labs, which explores how you can protect your organization from LLM threats.
Elastic users protected from SUDDENICON’s supply chain attack
Elastic Security Labs is releasing a triage analysis to assist 3CX customers in the initial detection of SUDDENICON, a potential supply-chain compromise affecting 3CX VOIP softphone users.
Detect Credential Access with Elastic Security
Elastic Endpoint Security provides events that enable defenders with visibility on techniques and procedures which are commonly leveraged to access sensitive files and registry objects.
Vulnerability summary: Follina, CVE-2022-30190
Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.
Elastic’s 2022 Global Threat Report: A roadmap for navigating today’s growing threatscape
Threat intelligence resources like the 2022 Elastic Global Threat Report are critical to helping teams evaluate their organizational visibility, capabilities, and expertise in identifying and preventing cybersecurity threats.
2022 Elastic Global Threat Report Announcement
Discover our latest findings & strategic recommendations to better stay informed of potential directions threat actors may focus on.
2022 Elastic Global Threat Report: Helping security leaders navigate today’s threat landscape
A significant percentage of all cyber threats achieve a degree of success against technical, procedural, and human mitigations. So what is a company to do in the face of such unfavorable odds? Find out in this article.
Analysis of Log4Shell vulnerability & CVE-2021-45046
In this post, we cover next steps the Elastic Security team is taking for users to continue to protect themselves against CVE-2021-44228, or Log4Shell.
Forecast and Recommendations: 2022 Elastic Global Threat Report
With the release of our first Global Threat Report at Elastic, customers, partners, and the security community at large are able to identify many of the focus areas our team has had over the past 12 months.
KNOTWEED Assessment Summary
KNOTWEED deploys the Subzero spyware through the use of 0-day exploits for Adobe Reader and the Windows operating system. Once initial access is gained, it uses different sections of Subzero to maintain persistence and perform actions on the host.
Detecting Exploitation of CVE-2021-44228 (Log4j2) with Elastic Security
This blog post provides a summary of CVE-2021-44228 and provides Elastic Security users with detections to find active exploitation of the vulnerability in their environment. Further updates will be provided to this post as we learn more.
Detection rules for SIGRed vulnerability
The SIGRed vulnerability impacts all systems leveraging the Windows DNS server service (Windows 2003+). To defend your environment, we recommend implementing the detection logic included in this blog post using technology like Elastic Security.
Detecting and responding to Dirty Pipe with Elastic
Elastic Security is releasing detection logic for the Dirty Pipe exploit.
Getting the Most Out of Transformers in Elastic
In this blog, we will briefly talk about how we fine-tuned a transformer model meant for a masked language modeling (MLM) task, to make it suitable for a classification task.
Detection and response for the actively exploited ProxyShell vulnerabilities
In the last week, Elastic Security has observed the exploitation of Microsoft Exchange vulnerabilities associated with ProxyShell. Review the post to find newly released details about this activity.
Elastic Security opens public detection rules repo
Elastic Security has opened its detection rules repository to the world. We will develop rules in the open alongside the community, and we’re welcoming your community-driven detections. This is an opportunity to share collective security knowledge.