Elastic Security Integrations Roundup: Q1 2026
Elastic Security Labs announces nine new integrations for Elastic Security spanning cloud security, endpoint visibility, email threat detection, identity and...
Elastic Security Labs
20 articles
Prioritizing Alerts Triage with Higher-Order Detection Rules
Scaling SOC efficiency through multi-signal correlation and higher-order detection patterns.
How we caught the Axios supply chain attack
Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.
Hooked on Linux: Rootkit Detection Engineering
In this second part of a two-part series, we explore Linux rootkit detection engineering, focusing on the limitations of static detection reliance, and the i...
Elastic releases detections for the Axios supply chain compromise
Hunting and detection rules for the Elastic-discovered Axios supply chain compromise.
Inside the Axios supply chain compromise - one RAT to rule them all
Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT
Fake Installers to Monero: A Multi-Tool Mining Operation
Elastic Security Labs dissects a long-running operation deploying RATs, cryptominers, and CPA fraud through fake installer lures, tracking its evolution acro...
Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework
Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain pers...
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Elastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a...
Investigating from the Endpoint Across Your Environment with Elastic Security XDR
This article highlights how Elastic Security XDR unifies endpoint protection with multi-domain security analytics to help analysts trace and contain multi-st...
Security Automation with Elastic Workflows: From Alert to Response
A practical guide to building intelligent, automated security playbooks with Elastic Workflows.
Streamlining the Security Analyst Experience
Alert Triage, Investigation, and Response with Elastic's Agentic Security Operations Platform.
Supercharge Your SOC
Detection Engineering in the Era of AI Agents - The New Frontier.
Linux & Cloud Detection Engineering - TeamPCP Container Attack Scenario
This publication provides a real-world walkthrough of TeamPCP's multi-stage container compromise, demonstrating how Elastic's D4C surfaces runtime signals ac...
Linux & Cloud Detection Engineering - Getting Started with Defend for Containers (D4C)
This technical resource provides a comprehensive walkthrough of Elastic’s Defend for Containers (D4C) integration, covering Kubernetes-based deployment, the ...
From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect
SILENTCONNECT is a multi-stage loader that leverages VBScript, in-memory PowerShell execution, and PEB masquerading to silently deploy the ScreenConnect RMM ...
Get started with Elastic Security from your AI agent
Go from zero to a fully populated Elastic Security environment without leaving your IDE, using open source Agent Skills.
Managing Elastic Security Detection Rules with Terraform
Learn to define and deploy Elastic Security detection rules and exceptions using the Elastic Stack Terraform Provider vs detection-rules repository DaC capab...
Patch diff to SYSTEM
Leveraging LLMs and patch diffing, this research details a Use-After-Free vulnerability in Windows DWM, demonstrating a reliable exploit that achieves escala...
Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft
In this first part of a two-part series, we explore Linux rootkit taxonomy, trace their evolution from userland shared object hijacking and kernel-space load...