macOS vs. Windows - What kernels tell you about security events: Part 2

This post continues this two-part blog series on further understanding the differences between macOS and Windows on the system level for effective endpoint security analysis. In Part 1, we covered process events. Here in Part 2, we’ll discuss file and network events. As with Part 1, my hope is to help cybersecurity professionals expand and enrich their experiences on a less familiar platform, ultimately helping them to be better prepared to face differences from past experiences.


Elastic Workplace Search on Elastic Cloud: Enabling greater flexibility and speed

We recently announced that Elastic Enterprise Search — our combined solution of search products — is now available to deploy as a single solution on Elastic Cloud. While Elastic App Search has been available on Elastic Cloud since early 2020, this is a new and exciting deployment option for Elastic Workplace Search.


Enabling DevSecOps with the Elastic Stack

Software development and delivery is an ever-changing landscape. Writing software was once an art form all its own, where you could write and deploy machine code with singleness of purpose and no concern for things like connecting to other computers. But as the world and the variety of systems that software supports became more complex, so did the ecosystem supporting software development.


Machine learning in cybersecurity: Detecting DGA activity in network data

In Part 1 of this blog series, we took a look at how we could use Elastic Stack machine learning to train a supervised classification model to detect malicious domains. In this second part, we will see how we can use the model we trained to enrich network data with classifications at ingest time. This will be useful for anyone who wants to detect potential DGA activity in their packetbeat data.


Kubernetes observability tutorial: Metrics collection and analysis

This post is the second in our Kubernetes observability tutorial series, where we explore how you can monitor all aspects of your applications running in Kubernetes, including: We’ll cover using Elastic Observability to ingest and analyze container metrics in Kibana using the Metrics app and out-of-the-box dashboards.


Elasticsearch sniffing best practices: What, when, why, how

Elasticsearch powers search experiences for so many tools and apps used today, from operational analytics dashboards to maps showing the closest restaurants with patios so you can get out of the house. And in all of those implementations, the connection between application and cluster is made via an Elasticsearch client. Optimizing the connection between the client and the Elasticsearch cluster is extremely important for the end user’s experience.


macOS vs. Windows - What kernels tell you about security events: Part 1

How would you compare the Windows and macOS operating systems? In what ways are they similar? Why do they each take different approaches to solving the same problem? For the last 19 years I've developed security software for Windows. Recently, I’ve started implementing similar features on macOS. Since then, people have asked me questions like this. The more experience I gained on these two operating systems, the more I realized they’re very different.

Logstash and Maxmind - Not Just for GEOIP Anymore

The Logstash MaxMind filter enriches documents with GeoIP information from the open-source MaxMind database. But did you know that you can customize this filter to enrich documents with all kinds of other IP-related data? MaxMind uses its own database, which enables very fast searching based on IP address. Our experience is that this is the very best way to retrieve any type of IP-based information and store it upon ingestion without impacting performance.