Sign up to save your podcasts
Or
Share Elastic Security Opens Public Detections Rules Repo - James Spiteri - PSW #667
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Elastic Security Opens Public Detections Rules Repo - James Spiteri - PSW #667
Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR's - and by making the repo public we're inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It's a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack.
This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw667
View all episodes
By Security Weekly Productions
5
22 ratings
Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR's - and by making the repo public we're inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It's a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack.
This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/psw667
More shows like Paul's Security Weekly (Video)
View all
Security Now (Audio)
1,966 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
Security Now (Video)
148 Listeners
Windows Weekly (Video)
79 Listeners
CyberWire Daily
1,015 Listeners
Enterprise Security Weekly (Video)
3 Listeners
Security Weekly News (Video)
5 Listeners
Paul's Security Weekly (Audio)
16 Listeners
Darknet Diaries
7,853 Listeners
First Ring Daily
51 Listeners
CISO Series Podcast
187 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
90 Listeners
Defense in Depth
78 Listeners
Cyber Security Headlines
117 Listeners