Learn to create custom detection rules in Elastic Security. We cover best practices for using ES|QL and Elastic AI Assistant for threat detection to add vital context. Discover how to preview, test, and enhance rules to improve security operations.

Learn about the prebuilt rule editing capabilities that allow you to get even more value from out-of-the-box SIEM detection rules.

Elastic Security 8.18 and 9.0 bring Automatic Migration for detection rules, a Lookup Join function for ES|QL, several AI feature enhancements, and more!

Elastic Security 8.16 delivers simplified and seamless data onboarding with agentless integrations, vendor-agnostic cloud security workflows for contextualized threat investigation, and custom knowledge base support for Elastic AI Assistant.

This blog provides a comprehensive overview of the detection capabilities available in Elastic Security. Learn about the latest features and get useful tips and tricks for your detection practice!

Detections as Code (DaC) is transforming security rule management. Learn about Elastic's latest enhancements in the detection-rules repo, how to leverage it for custom rule management, and our comprehensive guide for adopting DaC.

Elastic Security 8.13 unveils an enhanced benchmark rules page, simplifying navigation and decision-making with enable/disable controls. Automate endpoint actions, such as process termination, to accelerate incident response and threat mitigations.

Elastic Security 8.10 brings richer alert contextualization, generative AI in GA, a MITRE ATT&CK® coverage page, and cloud security posture management (CSPM) for GCP.

See the new features available now in Elastic Security 8.9, including advanced analytics, streamlined workflows, new dashboards, AI assistants, and so much more!