A concrete example of ES|QL and SOC detection rules
The purpose of this article is to show a real-life case study of the integration of the new Elastic ES|QL language within the detetion rules used by the SOC to detect cyber threats. Overview ES|QL (Elasticsearch Query Language) is a SQL-like query language developed by Elastic specifically for querying time series and event data stored…
Read More