People-power is a constant challenge. Reliance on purely manual efforts for rule definition and management are going to put you behind the attacker. Out of the box analytics as well as the ability to define custom analytics are crucial as data becomes more prevalent.
A lot of the time is spent by analysts investigating alerts, identifying the true/false positives, scope the alert and then drive a full response. Automation is key to making it all possible, to scaling the analysts.
0
dagar
0
timmar
0
minuter
0
sekunder
In this demo, Elastic Sr. Security specialist, Marvin Ngoma, will show:
– Easy onboarding of data into Elastic Security
– Prebuilt detection rules mapped to the MITRE ATT&CK framework
– Investigative workflows using timeline and visualizations
– Investigation documentation using cases
– Response actions and options available on Elastic Security”
