Elastic Stack / UEBA
A Elastic Stack with Speed, scalability, and analytical power. The solution provides an interactive workspace for analysts to triage events and perform initial investigations. Security teams use its interactive timeline to gather and store evidence, pin and annotate key data, and forward findings to ticketing and SOAR platforms.
Collect at scale
Hints of a threat can come from anywhere, including places you weren’t expecting. Centralize data from across your environment. Store petabytes of data and keep it searchable for years.
Ask your data questions of all kinds
Query structured, semi-structured, and unstructured data. Perform ad-hoc searches across your enterprise and get results in seconds, all made possible by ingestion-time indexing
An alerting system should provide context, enable correlation, and improve awareness — for both people and machines. Elastic watchers help detect changes in your data If you can query it in Elasticsearch, you can alert on it.
Threat hunting with Machine Learning
Anomaly based Threat hunting
Go beyond rule-based alerting, surface unusual events with machine learning based anomaly detection. Equip Security analysts with evidence-based hypotheses. Find the threats you expected and the ones you didn’t.
The SIEM app ships with prebuilt Machine Learning Jobs for detecting anomalies and Threat hunting.
Some threats can only be identified when looking at the behaviour of an entity or a chain of events, they can be considered anomalous when:
Their behaviour changes over time, relative to their own previous behaviour
Their behaviour is different from other entities in a specified population.