Elastic Security Opens Public Detections Rules Repo - James Spiteri - PSW #667 - podcast episode cover

Elastic Security Opens Public Detections Rules Repo - James Spiteri - PSW #667

Paul's Security Weekly (Video)
Sep 18, 202056 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR's - and by making the repo public we're inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It's a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack.

 

This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw667

For the best experience, listen in Metacast app for iOS or Android