SIEM vs. IDS: What is the Difference?

The main difference between a security information and event management (SIEM) solution and an intrusion detection system (IDS) is that SIEM tools allow users to take preventive actions against cyberattacks while IDS only detects and reports events. Security information and event management (SIEM) is an approach to cybersecurity combining: Note: the acronym SIEM is pronounced "sim" with a silent e.


Getting started with adding a new security data source in your Elastic SIEM: Part 1

What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

A Journey of Elastic SIEM: Getting Started through Threat Analysis Part 1

Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three-part meetup series we will take you on a journey from zero to hero, getting started with the Elastic SIEM to becoming a threat hunter.

5 Important Points of SIEM Evaluation Checklist

Over the past couple of years, the Security Information and Event Management (SIEM) solution has been recognized as an effective tool in the Security Operation Center (SOC) of organizations. Whether it comes to managing the multiple tools or meeting the compliance standards, SIEM has always been playing its crucial role. However, since there is a multitude of SIEM solutions available in the IT market today, selecting the right one is an extremely important but difficult task for enterprises.

Integration and Shipping Okta Logs to Cloud SIEM

Company security usually depends on your ability to come up with a diverse set of passwords and then manage them. Remembering all of them is considered a tad too difficult for most mere mortals, so a number of password storage apps have emerged. But they too have to be secured, and ultimately results in inefficient access and flawed security. Single-sign on (SSO) is still preferred, but to make it effective, companies like Okta have to secure integration across a number of apps.


Generating MITRE ATT&CK signals in Elastic SIEM: Sysmon data

Many mature security teams look to the MITRE ATT&CK® matrix to help improve their understanding of attacker tactics, techniques, and procedures (TTPs) and to better understand their own capabilities relative to these common adversarial approaches. With the release of Elastic Security 7.6, Elastic SIEM saw 92 detection rules for threat hunting and security analytics aligned to ATT&CK.


Elastic SIEM is free and open for security analysts everywhere

Security teams must protect attack surfaces that are becoming bigger and more distributed due to the growth of remote work, cloud infrastructure, and other dynamics. These teams understand that meeting this challenge at scale requires the successful incorporation of the appropriate technology into their security operations program.