Operations | Monitoring | ITSM | DevOps | Cloud

Threat Hunting

chaossearch

How to Plan a Threat Hunt: Using Log Analytics to Manage Data in Depth

Apr 22, 2021 By Thomas Hazel In ChaosSearch
Security analysts have long been challenged to keep up with growing volumes of increasingly sophisticated cyberattacks, but their struggles have recently grown more acute. Only 46% of security operations leaders are satisfied with their team’s ability to detect threats, and 82% of decision-makers report that their responses to threats are mostly or completely reactive — a shortcoming they’d like to overcome.
Read Post
graylog

Threat Hunting with Threat Intelligence

Apr 6, 2021 By Jeff Darrington In Graylog

With more people working from home, the threat landscape continues to change. Things change daily, and cybersecurity staff needs to change with them to protect information. Threat hunting techniques for an evolving landscape need to tie risk together with log data. Within your environment, there are a few things that you can do to prepare for effective threat hunting. Although none of these is a silver bullet, they can get you better prepared to investigate an alert.

Read Post
splunk

Threat Hunting With ML: Another Reason to SMLE

Feb 17, 2021 By John Reed In Splunk

Security is an essential part of any modern IT foundation, whether in smaller shops or at enterprise-scale. It used to be sufficient to implement rules-based software to defend against malicious actors, but those malicious actors are not standing still. Just as every aspect of IT has become more sophisticated, attackers have continued to innovate as well. Building more and more rules-based software to detect security events means you are always one step behind in an unsustainable fight.

Read Post
sumologic

How Clorox leverages Cloud SIEM across security operations, threat hunting, and IT Ops

Jan 5, 2021 By Sumo Logic In Sumo Logic
During Sumo Logic’s Illuminate user conference, Heath Hendrickson, senior security architect at the Clorox company, and Gary Conner, senior threat protection lead, presented how they are leveraging Sumo Logic across security operations, threat hunting, IT operations, and more.
Read Post
elastic

Investigative analysis of disjointed data in Elasticsearch with the Siren Platform

Oct 6, 2020 By Dr. Giovanni Tummarello In Elastic

At Siren, we build a platform used for “investigative intelligence” in Law Enforcement, Intelligence, and Financial Fraud. Investigative intelligence is a specialisation of data analytics that serves the needs of those that are typically hunting for bad actors. Such investigations are the primary focus of law enforcement and intelligence, but are also critical to uncovering financial crime activities and for threat hunting in cybersecurity.

Read Post
elastic

Gaining holistic visibility with Elastic Security

Oct 5, 2020 By Jae Lee In Elastic

Let’s talk visibility for a moment. Security visibility is a data-at-scale problem. Searching, analyzing, and processing across all your relevant data at speed is critical to the success of your team’s ability to stop threats at scale. Elastic Security can help you drive holistic visibility for your security team, and operationalize that visibility to solve SIEM use cases, strengthen your threat hunting practice with machine learning and automated detection, and more.

Read Post
elastic

Threat hunting capture the flag with Elastic Security: BSides 2020

Aug 13, 2020 By David French In Elastic

Last month, members of the Elastic Security team hosted a threat hunting capture the flag (CTF) event at BSides SATX. We provided the community with an environment to learn and practice threat hunting with our team, and cultivated new relationships with attendees. By sharing information with security practitioners, we can help prepare them to defend their organization’s data from attack through knowledge transfer.

Read Post

Journey of Elastic SIEM Getting Started to Investigating Threats: Part 2

Jun 23, 2020 By Elastic In Elastic
Calling all security enthusiasts! Many of us are now facing similar challenges working from home. Introduced in 7.2, Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. In this three part meetup series we will take you on a journey from zero to hero - getting started with the Elastic SIEM to beginner threat hunting.
View Video

Threat Hunting with Elastic APM

Jun 16, 2020 By Elastic In Elastic
Learn how APM lets you monitor the performance of applications deployed anywhere within your network. Now you can use APM data to hunt for threats and injection attacks, too. Elastic provides a common data platform so you can view HTTP data collected with your APM agents in the Elastic SIEM app. It’s seamless monitoring and protection to keep your systems up, running, and secure.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.