I need to build some rather complex rules, but I'm just getting started with KQL. I haven't found any in-depth comprehensive tuts out there on event correlation. Everything is always brief and basic. Anyone know of any good resource?
Thanks for chiming in!
You can use EQL EQL syntax reference | Elasticsearch Guide [8.5] | Elastic for event mapping. Take a look at these links:
Thank you! That was really helpful!
Fyi https://www.elastic.co/en/security-labs/handy-elastic-tools-for-the-enthusiastic-detection-engineer
gives me a 404
Guessing you mean
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.