Tag: Elastic

Detecting Network Spikes Identified by WAF for the Elastic Stack Platform
Detecting Network Spikes Identified by WAF for the Elastic Stack Platform

There are a lot of interesting cases that you can find while investigating anomalies in the traffic baselines, for example, in FTP, SSH, or HTTPS. This guide describes how to use the “Imperva WAF – Kibana Dashboard, Watchers and Machine Learning for ELK Stack” Content Pack to detect abnormal spikes of attacks identified by WAF […]

Read More
Elastic for Security Analysts. Part 1: Searching Strings.
Elastic for Security Analysts. Part 1: Searching Strings.

Purpose: With Elastic increasing their foothold in the cybersecurity space through the speed and scalability of their solution, we expect more new Elastic users. These users will approach Elastic armed with an intuition built from experience with other platforms and SIEMs. Often this intuition will be directly challenged after a few searches in Elastic. The […]

Read More
Proactive detection content: CVE-2019-0708 vs ATT&CK, Sigma, Elastic and ArcSight
Proactive detection content: CVE-2019-0708 vs ATT&CK, Sigma, Elastic and ArcSight

I think the most of security community has agreed that CVE-2019-0708 vulnerability is of critical priority to deal with. And while saying “patch your stuff!” feels like the first thing that one should think of, the memories of WannaCry and NotPetya are still fresh in my mind. We know that patching ain’t gonna happen at […]

Read More