Manage your Elastic security stack as code with the Elastic Stack Terraform provider
From detection rules to AI connectors - the latest Terraform provider releases bring security, observability, and ML capabilities to your infrastructure-as-c...
Elastic Security Labs
9 articles
Why 2026 is the Year to Upgrade to an Agentic AI SOC
Agentic AI SOCs differ from copilot-only models by autonomously prioritizing attacks over alerts, executing closed-loop containment, and providing traceable ...
Make The Most of Network Firewall Logs with Elastic Security
Make the most of your firewall logs. In Part 1 of our series, learn how to ingest and parse logs from any firewall with Elastic Agent and use the Network Pag...
Beyond Behaviors: AI-Augmented Detection Engineering with ES|QL COMPLETION
Learn how Elastic's ES|QL COMPLETION command brings LLM reasoning directly into detection rules, enabling detection engineers to build intelligent alert tria...
The Immutable Illusion: Pwning Your Kernel with Cloud Files
Threat actors can abuse a class of vulnerabilities to bypass security restrictions and break trust chains.
MIMICRAT: ClickFix Campaign Delivers Custom RAT via Compromised Legitimate Websites
Elastic Security Labs uncovered a ClickFix campaign using compromised legitimate sites to deliver a five-stage chain ending in MIMICRAT, a custom native C RA...
Speeding APT Attack Confirmation with Attack Discovery, Workflows, and Agent Builder
This article walks through how Elastic Security's Attack Discovery, combined with Workflows and Agent Builder, can automatically detect, correlate, and confi...
BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign
In November 2025, Elastic Security Labs observed an intrusion affecting a multinational organization based in Southeast Asia. During the analysis of this act...
SolarWinds Web Help Desk Exploitation - February 2026
Elastic Security detection and prevention capabilities for the recently-disclosed SolarWinds Web Help Desk vulnerabilities.