Elastic Stack / UEBA

A Elastic Stack with Speed, scalability, and analytical power. The solution provides an interactive workspace for analysts to triage events and perform initial investigations. Security teams use its interactive timeline to gather and store evidence, pin and annotate key data, and forward findings to ticketing and SOAR platforms.

Collect at scale

Hints of a threat can come from anywhere, including places you weren’t expecting. Centralize data from across your environment. Store petabytes of data and keep it searchable for years.

Ask your data questions of all kinds

Query structured, semi-structured, and unstructured data. Perform ad-hoc searches across your enterprise and get results in seconds, all made possible by ingestion-time indexing

Alerting

An alerting system should provide context, enable correlation, and improve awareness — for both people and machines. Elastic watchers help detect changes in your data If you can query it in Elasticsearch, you can alert on it.

Threat hunting with Machine Learning

Anomaly based Threat hunting

Go beyond rule-based alerting, surface unusual events with machine learning based anomaly detection. Equip Security analysts with evidence-based hypotheses. Find the threats you expected and the ones you didn’t.

The SIEM app ships with prebuilt Machine Learning Jobs for detecting anomalies and Threat hunting.

Behaviour Analytics

Some threats can only be identified when looking at the behaviour of an entity or a chain of events, they can be considered anomalous when:

• Their behaviour changes over time, relative to their own previous behaviour

• Their behaviour is different from other entities in a specified population.