The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detetion rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is a SQL-like query language developed by Elastic specifically for querying time series and event data stored…
Read MoreIn this article, we’re going to explore an example of the process used to perform the initial steps of creating ad hoc detection rules based on specific events that mark the world of cyber security. Specifically, starting from a real case, we’ll see the study and analysis carried out to create a rule to monitor…
Read MoreOn May 12th, the CSIRT (Computer Security Incident Response Team – Italia) published a list of the CVEs most exploited by threat actors. The list also contains an indication of the TTPs used by these attackers. The objective of this article is to make information available relating to detection rules that are already available within…
Read More