Elastic Security Opens Public Detections Rules Repo – James Spiteri – PSW #667 | SC Media
Threat hunting, Threat modeling

Elastic Security Opens Public Detections Rules Repo – James Spiteri – PSW #667

September 18, 2020

Sponsored By

sponsor Visit https://securityweekly.com/elastic for more information!

Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR’s – and by making the repo public we’re inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It’s a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack.

This segment is sponsored by Elastic.

Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Elastic Security Opens Public Detections Rules Repo

None

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Jeff Man Jeff Man - Sr. InfoSec Consultant[/caption] [caption id="attachment_210" align="alignleft" width="120"]Joff Thyer Joff Thyer - Security Analyst[/caption] [caption id="attachment_210" align="alignleft" width="120"]Larry Pesce Larry Pesce - Senior Managing Consultant and Director of Research[/caption] [caption id="attachment_210" align="alignleft" width="120"]Lee Neely Lee Neely - Senior Cyber Analyst [/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadoorian Paul Asadoorian - Founder & CTO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Tyler Robinson Tyler Robinson - Managing Director of Network Operations[/caption]

Guests

[caption id="attachment_210" align="alignleft" width="120"]James Spiteri James Spiteri - Solutions Architect, Cyber Security Specialist Global Solutions Lead [/caption]

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

[audio src="http://traffic.libsyn.com/sw-all/PSW_667_-_James_Spiteri_Elastic-0_converted.mp3"]
prestitial ad