SEMplicity Services now available on AWS Marketplace here.

Resources, events, news

The Elastic machine learning tree

Elastic has so many machine learning capabilities, it's easy to lose the big picture. This talk presents an overall taxonomy of machine learning capabilities, both supervised and unsupervised, with common use cases for each drawn from security, observability and search. Supervised vs unsupervised, regression vs. inference, anomalies vs. outliers...all your favorite ML buzzwords will be here, contextualized and illustrated with real-life examples. Along the way, we'll review some basic stats, such as confidence intervals and regressions, so we can understand the foundational concepts and algorithms which underlie these exciting and broadly-applicable capabilities.

Elastic Breaking Changes Helper

Are you tired of reading countless lines of Breaking Changes documentation? Look no further than the elastic-breaking-changes python package!

How to use CAT commands in Kibana Dev Tools

Learn what _cat commands are in Kibana Dev Tools and why they are useful for any kind of Elasticsearch user to know

Vector Search 101 | Import Machine Learning Models to Elasticsearch

In this video, we will explain the basics of what you need to know about vector search, a new way to search using Elasticsearch. We will also go over an example of how to import models from hugging face to Elasticsearch as well as how to add inferences from machine learning models to documents within Elasticsearch

Legacy SIEM Modernization

Legacy SIEM and Log Management platforms are in many ways victims of their own successes. Providing tamper-evident security log storage and real-time event correlation is what they were built to do. But back when they were invented, nobody could foresee today's explosive volume of log records, the massive expansion of the threat landscape or the great promise of event detection using machine learning. That is why many legacy solutions are struggling.

This presentation reviews the history of SIEM and Log Management, presents a model for understanding modern SIEM functionality and outlines an Elastic-based solution that meets today's needs. It also shows how the model easily and flexibly scales for tomorrow's challenges. If you are exploring the modernization of your SIEM/Log Management platform, this 45-minute presentation is for you.

From the trenches: what does it really take to scale up a large Elastic security log deployment?

Elasticsearch for enterprise security log storage and management is a hot topic today. Specular gains in performance, functionality and cost are ready for harvest. But what exactly does it take to create a large Ela stic log storage infrastructure?

This talk will present war stories related to at 150,000 events per second (EPS) Elastic log storage implementation with two-month retention built at a large commercial client. We take you through sizing, design, staffing and cost; discuss architecture, storage density and ingestion: and share our gotchas and lessons learned. We also touch on evidentiary-quality log storage for compliance. Curious about what it would take for Elastic to hold your security logs? This 55-minute video shows you the way.

LogStash and MaxMind

The LogStash MaxMind filter enriches documents with GeoIP information from the open source MaxMind database. But you can also customize this filter to enrich documents with all kinds of other IP-related data.

MaxMind uses its own database, which enables very fast searching based on IP address. We’ve found that this is the very best way to retrieve any type of IP-based information and store it upon ingestion without impacting performance.

In this 38-minute video, we demonstrate how to create customized instances of the MaxMind database and associated LogStash filters to enrich documents with all all kinds of other information, such as internal network descriptors, individual internal endpoints and threat intel on external IPs.