Elastic’s public detection rules enhance defenses against phishing and spoofing in Microsoft 365, particularly concerning Direct Send abuse. This feature allows unauthenticated email sending, posing risks. Elastic’s flexible detection engine facilitates the creation of rules to identify such threats, aligning with MITRE ATT&CK for comprehensive security monitoring and response strategies.
Category Archives: Elastic
Deploying the Elastic Stack in an Air-Gapped environment – Part 4 (Optional)
This post details the setup of Logstash for managing Elastic Agents through Fleet. It covers installation, certificate generation for secure communication, and configuring Fleet outputs. Additionally, it highlights scenarios where Logstash enhances data processing, routing, and control before reaching Elasticsearch, emphasizing its flexibility for Elastic Stack deployments.
Deploying the Elastic Stack in an Air-Gapped environment – Part 3
The post outlines the setup of the Elastic Stack’s Fleet in an air-gapped environment, detailing steps to load the Elastic Package Registry (EPR) and configure Kibana. It includes instructions for setting up an HTTP server for agent binaries, adding a Fleet Server, and setting up encryption. The conclusion hints at future topics.
Deploying the Elastic Stack in an Air-Gapped environment – Part 2
This post provides a detailed guide on installing Elasticsearch and Kibana in an air-gapped environment. It includes steps for installing, configuring system services, generating enrollment tokens, and optional TLS setup. The process culminates with connecting to Kibana via a browser and preparing for the next phase of setup.
Deploying the Elastic Stack in an Air-Gapped environment – Part 1
This blog series instructs on installing the Elastic Stack—Elasticsearch, Logstash, Kibana, and Fleet agents—in air-gapped environments for enhanced security. The guide outlines prerequisites, lab setup, and necessary packages, emphasizing the importance of proper file transfer and organization. Future posts will detail Elasticsearch and Kibana installation processes.
Detecting GitHub-Based Backdoored Malware Repositories with Elastic
A Sophos investigation revealed over 140 GitHub repositories distributing backdoored malware disguised as game cheats and hacking tools, targeting inexperienced cybercriminals. Threat actors used automation for legitimacy, raising concerns about open-source exploitation. Elastic Security’s strategies, including detection rules, help safeguard against such malicious activities within developer environments.
GEKO Part 3: Gitlab + Elasticsearch + Kibana!
This content introduces the integration of Elasticsearch and Kibana in the GEKO stack, supporting Detection as Code. Steps include starting these services, managing detection rules through GitLab, and visualizing data. The guide emphasizes automation, validation, and creating dashboards for security management, encapsulating a modern approach to security engineering.
GEKO Part 2: Gitlab + Elasticsearch + Kibana!
GEKO integrates GitLab, Elasticsearch, and Kibana to enhance detection rule management through a framework called Detection as Code (DaC). After setting up GitLab using Docker, users can register a GitLab Runner to manage tasks efficiently. The project emphasizes automation, version control, and enhanced visibility for scalable systems.
Running an Elasticsearch cluster using Docker Compose (Linux).
In this blog I will be installing Elasticsearch on Linux using Docker Compose. Unlike the previous Docker blog, Docker compose will streamline the setup process by defining and managing multi-container Docker applications, ensuring your Elasticsearch instance is up and running quickly and efficiently. I am using an Ubuntu 24.04 LTS Virtual Machine within VMware forContinue reading “Running an Elasticsearch cluster using Docker Compose (Linux).”
An introduction to Elasticsearch Query Language (ES|QL) – Part 2
This blog post discusses advanced ES|QL features that enhance querying efficiency, including histogram data aggregation, the WHERE command for precise filtering, field type conversions for accurate data handling, and managing multivalued fields. Examples illustrate these concepts, emphasizing their application for effective data insights in Elasticsearch.
You must be logged in to post a comment.