Elastic Security: Introducing the public repository for detection rules

Paul Ewing

Senior Product Manager

Elastic

Ross Wolf

Senior Security Research Engineer

Elastic

Security must be a team sport — collaborating, sharing, and contributing are critical to success. Working together on a larger scale is the only way to stay ahead; infosec teamwork cannot be limited solely to the organization or even industry level.

Elastic’s free and open philosophy aims to help infosec teams globally via a community-centered approach to solving security problems. True to this approach, we are making a public repository available for the universal collection, collaboration, and implementation of security detection rules.

In this webinar, we’ll introduce the repo and cover what you need to know to make the best use of this valuable new resource, including:

• A walkthrough of the security detection rules repo and what it contains
• An intro to Elastic's approach to threat hunting and detection
• Getting started, dependencies, and usage best practices
• Guidelines on how to contribute (creating issues, style, and process)
• Detection engineering (rule metadata, Elastic Common Schema (ECS), and rule validation)

You’ll hear directly from two Elastic Security experts on the philosophy behind crafting detections and translating attacker techniques into effective rules, including ways to ensure efficacy and add resilience against attacker evasions.

Additional Resources:

• Webinar slides
• Try Elastic Security for yourself with the free and open Elastic SIEM
• Visit the Elastic Security detection rules public repository