Operations | Monitoring | ITSM | DevOps | Cloud

Elastic

Mac system extensions for threat detection: Part 2

In the previous post, we covered some of the frameworks accessible by kernel extensions that provide information about file system, process, and network events. These frameworks included the Mandatory Access Control Framework, the KAuth framework, and the IP/socket filter frameworks. In this post, we will go into the various tips and tricks that can be used in order to obtain even more information regarding system events.

Embracing offensive tooling: Building detections against Koadic using EQL

This year at BSidesDFW, my local security conference, I highlighted a continuing trend of adversaries using open source offensive tools. The talk reviewed one of these post-exploitation frameworks named Koadic and walked through different ways defenders can build behavioral detections through the use of Event Query Language (EQL).

Control the phase transition timings in ILM using the origination date

As part of Elasticsearch 7.5.0, we introduced a couple of ways to control the index age math that’s used by index lifecycle management (ILM) for phase timings calculations using the origination_date index lifecycle settings. This means you can now tell Elasticsearch how old your data is, which is pretty handy if you’re indexing data that’s older than today-days-old.

A tour of Go concurrency patterns via the new Heartbeat scheduler

Curious about how to write more idiomatic concurrent code in Go? It’s not always easy or intuitive, even if you’ve done lots of concurrent programming in other languages. I’ve been lucky to have worked in a well-written code base, and had the expert advice of Beats core area lead Steffen Siering along the way. In this post I’ll walk you through how we implemented a new scheduler for Heartbeat that is part of our upcoming 7.6.0 release.

How KeyBank used the Elastic Stack to build an enterprise monitoring solution

KeyBank is one of the largest banks in the United States. And as the bank has grown, so has their end-to-end monitoring system. With more than 1,100 branches and 1,400 ATMs stretching across 15 states, KeyBank’s infrastructure had evolved into a “Noah’s Ark of design,” says Mick Miller, Senior Product Manager, Cloud Native at KeyBank. In other words, they had two of everything, resulting in 21 different data islands.

Mac system extensions for threat detection: Part 1

When it comes to having visibility and detecting threats on macOS, one of the best sources of information for file system events, process events, and network events is the kernel. MacOS kernel extensions provide the ability to receive data about these events in real time with great detail. This is good for providing quick visibility into detecting anomalies and identifying possible threats.

Elastic Advent Calendar, 2019: the full recap!

Wow, it's finally here! After 25 fantastic articles we've reached the end of the 2019 Elastic Advent series. We've covered Elasticsearch and Python, Auditbeat, ECS, data transform, jvm options, anomaly detector models, Maps, SSL configuration, Smart query cancellation, data transforms, SLM, the new enrich processor, App Search, and so much more. In the topics we've spoken in German, Greek, English, French, Finish, Spanish and Swedish.

How to display data as a percentage in Kibana visualizations

Using percentages when performing data analytics is an essential approach to effective numeric comparison, especially when the data in question demonstrates drastically different sample sizes or totals. Percentages allow for a quick and accurate understanding of how much data sums have changed across a dimensional category like a range of time, geographic regions, product lines, etc.