The 2025 State of Detection Engineering at Elastic explores how we create, maintain, and assess our SIEM and EDR rulesets. Today, Elastic Security Labs is releasing the 2025 State of Detection Engineering at Elastic! This brand new report is the first of its kind — we’re pulling back the curtain on our Detection Engineering practices, going beyond the traditional survey-style … [Read more...] about Elastic Security Labs provides an under-the-hood look at its detection engineering processes
Elastic
Announcing general availability of Elastic Cloud Serverless on Google Cloud
Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions — without managing infrastructure. Today, we are excited to announce the general availability of Elastic Cloud Serverless on Google Cloud — now available in the Iowa (us-central1) region. Elastic Cloud Serverless provides the fastest way to start and scale … [Read more...] about Announcing general availability of Elastic Cloud Serverless on Google Cloud
Exfiltration over C2 channel | Elastic Blog
The digital battlefield is constantly evolving, and adversaries are always looking for ways to smuggle sensitive data out of an organization’s environment undetected. MITRE ATT&CK® T1041 - Exfiltration Over Command and Control (C2) Channel is a technique where attackers use their already established communication channels to stealthily exfiltrate data. Rather than raising … [Read more...] about Exfiltration over C2 channel | Elastic Blog
Elastic Security simplifies customization of prebuilt SIEM detection rules
Customizing and updating prebuilt SIEM detection rules just got easier, improving precision, enabling broader coverage, and saving time.Customizing and updating prebuilt detection rules is now easier than ever with Elastic Security. We’ve streamlined detection engineering workflows and enabled greater use case coverage with out-of-the-box SIEM detection rules.Elastic Security … [Read more...] about Elastic Security simplifies customization of prebuilt SIEM detection rules
Hunting with Elastic Security: Unmasking concealed artifacts with Elastic Stack insights
Attackers thrive in the shadows, using MITRE ATT&CK® T1564 - Hide Artifacts to cloak their presence with hidden files, concealed processes, and manipulated registry keys. These stealth tactics allow adversaries to evade detection, persist undetected, and escalate their access — all while quietly exfiltrating data or disrupting operations.Imagine files, processes, and even … [Read more...] about Hunting with Elastic Security: Unmasking concealed artifacts with Elastic Stack insights
Elastic and Tines partner to orchestrate and automate team workflows
Automate your security and observability workflows with Tines Workflow Automation, now available directly from ElasticElastic and Tines are unveiling an integrated product offering to transform the crucial work of security and observability teams. We’re excited to introduce Tines Workflow Automation, available directly through Elastic. This seamless package extends Elastic with … [Read more...] about Elastic and Tines partner to orchestrate and automate team workflows
Hunting with Elastic Security: Detecting credential dumping with ES|QL
In the shadowy depths of your network, whispers grow louder — something isn’t right. Adversaries are on the prowl, targeting the very keys to your kingdom: your credentials. T1003 - OS Credential Dumping is their weapon of choice to steal password hashes and sensitive authentication materials. They quietly harvest secrets to impersonate users, escalate privileges, and move … [Read more...] about Hunting with Elastic Security: Detecting credential dumping with ES|QL
Announcing the technical preview of Elastic Cloud Serverless on Google Cloud
Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions — without managing infrastructure. Today, we are excited to announce the technical preview of Elastic Cloud Serverless on Google Cloud — now available in the Iowa (us-central1) region. Elastic Cloud Serverless provides the fastest way to start and scale … [Read more...] about Announcing the technical preview of Elastic Cloud Serverless on Google Cloud
Elastic Security Achieves AV-Comparatives Enterprise Award 2024
Awarded for outstanding protection, performance, and minimal false positives.Elastic Security has earned AV-Comparatives’ 2024 Approved Product Award in the Enterprise Main-Test Series. The honor reflects its outstanding malware defense, optimal system performance, and minimal false positives. Excelling across protection, performance, and false-positive benchmarks, Elastic … [Read more...] about Elastic Security Achieves AV-Comparatives Enterprise Award 2024
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been … [Read more...] about Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution