Thousands of customers leverage the official Elasticsearch Service (ESS) on top of Elastic Cloud to get the best experience for running Elasticsearch — including all of Elastic’s exclusive products such as Elastic Logs, Elastic APM, Elastic SIEM, and more.

Hey, there. This is part four of the Elastic SIEM for home and small business blog series. If you haven’t read the first, second, and third blogs, you may want to before going any further. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. In the Securing cluster access blog, we secured access to our cluster by restricting privileges for users and Beats.

So you want to install Elastic Cloud Enterprise (you know, the orchestration solution for the Elastic Stack that simplifies and standardizes how you deploy, upgrade, resize, configure, and monitor one to many clusters from a single UI/API) Installing ECE on one host isn’t tough. Installing it on two isn’t much harder. However, when you start dealing with 3, 5, 7, 11, etc., the complexity grows, as does the work involved in operating and maintaining (upgrading!) it all.

Within Elastic, the information security team is tasked with security detection and analytics, among many other activities of a typical information security team. To find abnormal and malicious behavior within our environment we leverage Elastic SIEM for investigations and threat hunting. When we find a pattern of behavior we want to be alerted on during an investigation or hunt we take the request JSON behind our investigation and put in to Watcher for alerting.

How do you match health care practitioners to the right job? When The Postgraduate Medical Council of Victoria (PMCV) had to recruit doctors and nurses for the healthcare match system it administers, they needed an efficient solution that would take into account a high number of complex variables while remaining agile and, most importantly, accurate. At UserCentric, we devised a solution that gives PMCV administrators control over the entire recruiting experience.

Last month, the Elastic Security Protections Team prevented an attempted ransomware attack targeting an organization monitored by one of our customers, an IT Managed Service Provider (MSP). We analyzed the alerts that were generated after an adversary’s process injection attempts were prevented by Elastic Endpoint Security on several endpoints. Adversaries often attempt to inject their malicious code into a running process before encrypting and holding the victim’s data to ransom.

We are pleased to announce the general availability of external collection for Elastic Stack Monitoring. With this announcement comes the ability to monitor Elasticsearch, Kibana, Logstash, APM server, and Beats all via Metricbeat modules. Using external collection, users now have the capability to collect and send monitoring data for their Elastic Stack without having to depend on the health of the monitored services.

We’re excited to announce the general availability of version 7.5 of the Elastic Stack. Along with the introduction of Kibana Lens, a fast and intuitive way to craft visualizations, this release offers significant enhancements to our Observability and Security solutions and Elastic Enterprise Search joins the 7.5 release train. Read on to see the highlights and dive into the detailed release posts for all the details.

We recently launched Elastic Security, combining the threat hunting and analytics tools from Elastic SIEM with the prevention and response features of Elastic Endpoint Security. This combined solution focuses on detecting and flexibly responding to security threats, with machine learning providing core capabilities for real-time protections, detections, and interactive hunting. But why are machine learning tools so important in information security? How is machine learning being applied?