Elastic Security MCP App: Interactive security operations inside your AI Tools
Elastic Security is the first security vendor to ship an interactive UI in AI tools. Triage alerts, hunt threats, correlate attack chains, and open cases, al...
Elastic Security Labs
20 articles
Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wild
This research analyzes the Linux kernel privilege escalation vulnerabilities Copy Fail and DirtyFrag, which exploit subtle page cache corruption bugs to crea...
Detecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare Response
This article shows how a customized Elastic Security ES|QL detection rule can identify web server probing and fuzzing activity in Traefik logs and automatica...
TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook
REF3076 uses a trojanized Logitech installer to deploy TCLBANKER, a Brazilian banking trojan with environment-gated payloads, WPF fraud overlays, and self-pr...
Elastic Workflows GA: automation where your security data already lives
Elastic Workflows is generally available in 9.4, bringing production-ready security automation with deeper case management integration, human-in-the-loop sup...
Know who to watch before the incident finds you
Elastic Security v9.
AI-generated hunting leads: The hunt starts before you ask the question
Introducing AI-generated hunting leads, proactive, environment-aware threat hypotheses powered by Elastic Entity analytics and integrated AI reasoning.
Your UEBA is lying to you: Why entity record quality decides everything
Most entity analytics systems are confidently wrong. They track users who do not exist, generate risk scores built on noise, and call it behavioral analytics.
From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Security
Elastic Security now lets analysts describe a threat behavior in plain language and receive a complete, validated Elasticsearch ES|QL detection rule in retur...
Elastic Conversational Entity Analytics: threat hunting in a single conversation
Conversational Entity Analytics delivers Entity Analytics features as rich inline attachments and Canvas previews into Agent Builder, so you don’t have to le...
One agent, the right skills: Elastic Security 9.4 brings domain expertise on demand to every SOC workflow
Elastic Security 9.4 introduces skills, modular AI capabilities that teach the Elastic AI Agent how to detect, investigate, and hunt like a specialist.
DFIR: From alert to root cause using Osquery without leaving Elastic Security
Learn how to perform distributed, real-time Digital Forensics and Incident Response (DFIR) using Osquery and Elastic to investigate threats at scale without ...
CI/CD pipeline abuse: the problem no one is watching
How we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure D...
Monitoring Claude Code/Cowork at scale with OTel in Elastic
How Elastic's InfoSec team built a monitoring pipeline for Claude Code and Claude Cowork using their native OTel export capabilities and Elastic's OTel inges...
The Cost of Understanding: LLM-Driven Reverse Engineering vs Iterative LLM Obfuscation
Elastic Security Labs explores the ongoing arms race between LLM-driven reverse engineering and obfuscation.
Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT
Elastic Security Labs uncovers a novel social engineering campaign that abuses the popular note-taking application, Obsidian's legitimate community plugin ec...
Elastic on Defence Cyber Marvel 2026: A Technical overview from the Exercise Floor
An overview of the Elastic Security and AI infrastructure deployed to support the UK Ministry of Defence's flagship cyber exercise, Defence Cyber Marvel 2026.
Elastic Security Integrations Roundup: Q1 2026
Elastic Security Labs announces nine new integrations for Elastic Security spanning cloud security, endpoint visibility, email threat detection, identity and...
Prioritizing Alerts Triage with Higher-Order Detection Rules
Scaling SOC efficiency through multi-signal correlation and higher-order detection patterns.
How we caught the Axios supply chain attack
Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.