Automating the install of Elastic Cloud Enterprise on AWS with Ansible

So you want to install Elastic Cloud Enterprise (you know, the orchestration solution for the Elastic Stack that simplifies and standardizes how you deploy, upgrade, resize, configure, and monitor one to many clusters from a single UI/API) Installing ECE on one host isn’t tough. Installing it on two isn’t much harder. However, when you start dealing with 3, 5, 7, 11, etc., the complexity grows, as does the work involved in operating and maintaining (upgrading!) it all.


Storing and enriching alerts for information security with Elasticsearch

Within Elastic, the information security team is tasked with security detection and analytics, among many other activities of a typical information security team. To find abnormal and malicious behavior within our environment we leverage Elastic SIEM for investigations and threat hunting. When we find a pattern of behavior we want to be alerted on during an investigation or hunt we take the request JSON behind our investigation and put in to Watcher for alerting.


UserCentric: Redefining online recruiting for doctors and nurses

How do you match health care practitioners to the right job? When The Postgraduate Medical Council of Victoria (PMCV) had to recruit doctors and nurses for the healthcare match system it administers, they needed an efficient solution that would take into account a high number of complex variables while remaining agile and, most importantly, accurate. At UserCentric, we devised a solution that gives PMCV administrators control over the entire recruiting experience.


Ransomware, interrupted: Sodinokibi and the supply chain

Last month, the Elastic Security Protections Team prevented an attempted ransomware attack targeting an organization monitored by one of our customers, an IT Managed Service Provider (MSP). We analyzed the alerts that were generated after an adversary’s process injection attempts were prevented by Elastic Endpoint Security on several endpoints. Adversaries often attempt to inject their malicious code into a running process before encrypting and holding the victim’s data to ransom.


External collection for Elastic Stack Monitoring is now available via Metricbeat

We are pleased to announce the general availability of external collection for Elastic Stack Monitoring. With this announcement comes the ability to monitor Elasticsearch, Kibana, Logstash, APM server, and Beats all via Metricbeat modules. Using external collection, users now have the capability to collect and send monitoring data for their Elastic Stack without having to depend on the health of the monitored services.


Elastic Stack 7.5.0 released

We’re excited to announce the general availability of version 7.5 of the Elastic Stack. Along with the introduction of Kibana Lens, a fast and intuitive way to craft visualizations, this release offers significant enhancements to our Observability and Security solutions and Elastic Enterprise Search joins the 7.5 release train. Read on to see the highlights and dive into the detailed release posts for all the details.

Kibana Lens Overview: An easy, intuitive way to visualize Elasticsearch data

Introducing Kibana Lens, a new simple and intuitive way for everyone to visualize their data inside of Kibana. With a new drag and drop interface, one-click data exploration features, and the power to provide visualization suggestions, Lens is the fastest way to uncover insights in your Elasticsearch data.

Machine learning for cybersecurity: only as effective as your implementation

We recently launched Elastic Security, combining the threat hunting and analytics tools from Elastic SIEM with the prevention and response features of Elastic Endpoint Security. This combined solution focuses on detecting and flexibly responding to security threats, with machine learning providing core capabilities for real-time protections, detections, and interactive hunting. But why are machine learning tools so important in information security? How is machine learning being applied?


Dear Search Guard users #2, including Amazon Elasticsearch Service and Open Distro, and others

Back on September 4th, we filed a lawsuit against floragunn GmbH, the makers of Search Guard, a security plugin for Elasticsearch and Kibana, for a multi-year pattern of copying our proprietary code. After filing the claim, we have continued to investigate floragunn’s actions. Today, we have updated our lawsuit in two important ways. First, we have identified additional copying by floragunn with respect to the separate, proprietary code base for our Kibana product.


Why Nine Publishing rebuilt their infrastructure using search solutions

What does the revamped, modern technology stack of a 185-year-old Australian news corporation look like? In an industry that faces serious competition from anyone with a WordPress site and something to say, Nine Publishing, producer of Australia’s three largest news sites, sought to preserve a competitive edge by understanding how to enrich the experiences of their readers and journalists, while simultaneously identifying pain points and spotting problems before they happen.