Operations | Monitoring | ITSM | DevOps | Cloud

June 2021

How the Elastic InfoSec team uses Elastic Security

At Elastic, we internally use, test, and provide feedback on all of our products. For example, the Information Security team is helping the Product team build a stronger solution for our customers. The InfoSec team is an extremely valuable resource who acts not only as an extension of Quality Assurance/Testing, but also as a data custodian.

Finding business-critical files is a top challenge for workers - better search is the answer

Even before COVID-19 forced nearly everyone to grapple with virtual work, most organizations had mountains of content scattered across numerous teams and dozens, if not hundreds, of apps. But now new research shows the cost of poor employee experiences for organizations: productivity, confidence, and opportunity.

Monitoring Kubernetes with the Elastic Stack using Prometheus and Fluentd

Kubernetes is an open source container orchestration system for automating computer application deployment, scaling, and management, and seems to have established itself as the de facto standard in this area these days. The shift from monolithic applications to microservices brought by Kubernetes has enabled faster deployment, where dynamic environments become commonplace. But on the other hand, this has made monitoring applications and their underpinning infrastructure more complex.

Practical CPU time performance tuning for security software: Part 1

Software performance issues come in all shapes and sizes. Therefore, performance tuning includes many aspects and subareas, and has to adopt a broad range of methodologies and techniques. Despite all this, time is one of the most critical measurements of software performance. In this multi-part series, I’ll focus on a few of the time-related aspects of software performance — particularly for security software.

Improve search relevance by combining Elasticsearch stemmers and synonyms

In a previous blog, we covered how you can incorporate synonyms into your Elasticsearch-powered application. Here, I build upon that blog and show how you can combine stemmers and multi-word synonyms to take the quality of your search results to the next level.

Easily ingest data to Elastic via Splunk

As organizations migrate to Elastic from incumbent vendors, quickly onboarding log data from their current solution into Elastic is one of the first orders of business. Data onboarding often involves having to adjust ingestion architecture and implement configuration changes across data sources. We want to ensure that users trialing or migrating to Elastic can get data in quickly to start seeing the power of Elastic solutions as quickly as possible.

New in Kibana: How we made it easier to manage visualizations and build dashboards

Our Kibana team has been hard at work implementing and executing on a new Kibana strategic vision to streamline the dashboard creation process and sand down the rough edges of creating visualizations for dashboards. We accomplished our goal and reduced the overall time it takes users to go from a blank slate to a meaningful dashboard that conveys insights about the data.

Why UC Davis chose Elastic to enhance its Security Operations Center

The University of California at Davis is an agriculturally focused university of more than 30,000 students. Founded in 1905, the university performs federally funded research for the U.S. Department of Defense, U.S. Department of Agriculture, and other agencies. It’s also home to an electric power substation, police and fire departments, and even an airport. All of this combined is a digital security challenge for Jeff Rowe, the university’s cybersecurity architect.

Achieving the 8 guiding principles of the DOD's Data Strategy with Elastic

A modified version of this blog post appeared in the June 2021 issue of Signal magazine. Decisions that need to be made in an instant require answers in real time, but existing big data systems are unable to return queries quickly enough for real-time analytics. And with growing data being queried by more connected users than ever before, it’s getting increasingly challenging to maintain fast reaction times.

Get a consistent view of your data over time with the Elasticsearch point-in-time reader

TL;DR: We recommend that you use the new point-in-time functionality in Elasticsearch if you can. The scroll API is no longer recommended for deep pagination (even though it still works). Most data is constantly changing. When querying an index in Elasticsearch, you are essentially searching for data at a given point of time.

How to set up Elastic Cloud: Advice from Elastic Support

I hate reinventing the wheel once I find a good setup. On top of that, I dislike searching for all the links I used to come up with the “ultimate setup” for different services. So, I decided to outline for myself (and for you of course) my default setup when I deploy on Elastic Cloud to set myself up for success and automate insight for the future. Most of my setup steps make monitoring accessible or automate various warnings to myself.

How Elastic is helping Honeywell generate sales from online search

Honeywell is a Fortune 100 company that produces commercial and consumer products. With roots dating to 1906, the multinational conglomerate offers chemicals, industrial manufacturing, engineering services, aerospace systems, and much more. The United States-based company employs 110,000 workers globally, and posts revenue of nearly $37 billion. Honeywell is a key player in 50 industries. It produces everything from N95 masks to automated warehouse solutions and airport security scanners.

What you need to know about Process Ghosting, a new executable image tampering attack

Security teams defending Windows environments often rely on anti-malware products as a first line of defense against malicious executables. Microsoft provides security vendors with the ability to register callbacks that will be invoked upon the creation of processes on the system. Driver developers can call APIs such as PsSetCreateProcessNotifyRoutineEx to receive such events.

Adversary emulation with Prelude Operator and Elastic Security

It’s no secret that organisations are up against skilled, relentless and determined adversaries. Security operations teams need to continuously test their detection capabilities by carrying out adversary emulation plans that are made up of varying tactics, techniques and procedures (TTPs) and track key metrics of their coverage in order to close any existing gaps. There are many tools available for running adversary emulation plans and performing purple team exercises.

How to configure Elastic Cloud on Kubernetes with SAML and hot-warm-cold architecture

Elastic Cloud on Kubernetes (ECK) is an easy way to get the Elastic Stack up and running on top of Kubernetes. That’s because ECK automates the deployment, provisioning, management, and setup of Elasticsearch, Kibana, Beats, and more. As logging and metric data — or time series data — has a predictable lifespan, you can use hot, warm, and cold architecture to easily manage your data over time as it ages and becomes less relevant.

How South Dakota Bureau of Information and Telecommunications deploys Elastic to secure endpoints

The South Dakota Bureau of Information and Telecommunications (BIT) provides quality customer services and partnerships to ensure South Dakota’s IT organization is responsive, reliable, and well-aligned to support the state government’s business needs. The BIT believes that “People should be online, not waiting in line.” The bureau’s goals for the state's 885,000 residents include.

ProblemChild: Generate alerts to detect living-off-the-land attacks

In an earlier blog post, we spoke about building your own ProblemChild framework from scratch in the Elastic Stack to detect living off the land (LOtL) activity. As promised, we have now also released a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get ProblemChild up and running in your environment in a matter of minutes.

Total Economic Impact study: Elastic delivers 10X performance with up to 75% cost savings

Ten times faster at a fraction of the cost. If you want a headline as to why you should consider adopting Elastic for security and observability, that is it. We often work with our customers to help them establish the business value of Elastic within their organizations. We commissioned Forrester to conduct a Total Economic Impact (TEI) study of our security and observability solutions so our customers have an unbiased view that they can share with their internal stakeholders.

How to tune search relevance in Elastic App Search

When users run queries against your search engine, they’re interested in the most relevant documents. Elastic App Search makes it easy to further tune the search experience to optimize for your own needs. In this short video, we’ll show how documents are ranked and how you can change this ranking using intuitive, real-time relevance tuning.

Anomaly Detection on Observability Data using Machine Learning

Machine learning helps detect undesired behaviors in your observability data. This makes it easier to spot performance degradation in your applications, services, or instances. In this video, you'll learn how to automate anomaly detections using machine learning on your observability data.

How to use transforms to track your most recent customer orders

Creating an entity-centric index that contains only the latest document for each entity can be useful in a number of situations. For example, maybe you're managing an ecommerce site and you want to track the latest order placed by each of your customers. Or maybe you want to run a campaign targeting customers who haven't been active over a certain period. What's the fastest and most efficient way to compile and organize such data?

Elastic License Update

In January 2021, we announced that starting with version 7.11, we would be changing the Apache 2.0 portions of Elasticsearch and Kibana source code to be dual licensed under Elastic License and SSPL, at the users’ discretion. As part of that change, we created Elastic License 2.0 (ELv2) as a permissive, fair-code license, which allows free use, redistribution, modification, and derivative works, with only three simple limitations, outlined in our original announcement.

New in Elasticsearch 7.13: Even faster aggregations

In our last episode, I wrote about some speed improvements to date_histogram and I was beside myself with excitement to see if I could apply the same principles to other aggregations. I've spent most of the past few months playing a small part developing runtime fields but eventually I found time to take a look at the terms aggregation.

Cerner depends on Elastic machine learning for a healthy infrastructure

Cerner Corp. is a supplier of healthcare information technology systems, services, and devices. The company, with $5.7 billion in annual revenue, empowers people and communities to engage in their own care. A key aspect of the business is surfacing data to enable their clients to make informed decisions about their healthcare. The 29,000 Cerner employees in 30 countries are on a mission to shape the healthcare of tomorrow.