Blog Entries

30. 08. 2024 Daniel Degasperi Blue Team, SEC4U

A Concrete Example of ES|QL and SOC Detection Rules

The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detection rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is an SQL-like query language developed by Elastic specifically for querying time series and event data stored…

Read More
24. 05. 2024 Daniel Degasperi Blue Team, SEC4U

How To Detect a Chromium Browser Stealer With Elastic

In this blog, I’ll propose and describe a solution for detecting potential infostealers targeting Chromium-based browsers, taking a cue from the research exposed by Google’s Chrome Security Team (Detecting browser data theft using Windows Event Logs). Obviously a solution using Elastic 🙂 ! What is an Infostealer (in a nutshell) ? In the realm of…

Read More

Search by technology

Contact

Contact us
Serviceportal

Archive