Author
Mika Ayenson, PhD
Articles
Elevate Your Threat Hunting with Elastic
Elastic is releasing a threat hunting package designed to aid defenders with proactive detection queries to identify actor-agnostic intrusions.
Cups Overflow: When your printer spills more than Ink
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.
Elastic releases the Detection Engineering Behavior Maturity Model
Using this maturity model, security teams can make structured, measurable, and iteritive improvements to their detection engineering teams..
Now in beta: New Detection as Code capabilities
Elastic Advances LLM Security with Standardized Fields and Integrations
Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.
Embedding Security in LLM Workflows: Elastic's Proactive Approach
Dive into Elastic's exploration of embedding security directly within Large Language Models (LLMs). Discover our strategies for detecting and mitigating several of the top OWASP vulnerabilities in LLM applications, ensuring safer and more secure AI-driven applications.
500ms to midnight: XZ / liblzma backdoor
Elastic Security Labs is releasing an initial analysis of the XZ Utility backdoor, including YARA rules, osquery, and KQL searches to identify potential compromises.
Streamlining ES|QL Query and Rule Validation: Integrating with GitHub CI
ES|QL is Elastic's new piped query language. Taking full advantage of this new feature, Elastic Security Labs walks through how to run validation of ES|QL rules for the Detection Engine.
Accelerating Elastic detection tradecraft with LLMs
Learn more about how Elastic Security Labs has been focused on accelerating our detection engineering workflows by tapping into more generative AI capabilities.
Exploring the Future of Security with ChatGPT
Recently, OpenAI announced APIs for engineers to integrate ChatGPT and Whisper models into their apps and products. For some time, engineers could use the REST API calls for older models and otherwise use the ChatGPT interface through their website.
Handy Elastic Tools for the Enthusiastic Detection Engineer
Tools like the EQLPlaygound, RTAs, and detection-rules CLI are great resources for getting started with EQL, threat hunting, and detection engineering respectively.