Security must be a team sport — collaborating, sharing, and contributing are critical to success. Working together on a larger scale is the only way to stay ahead; infosec teamwork cannot be limited solely to the organization or even industry level.
Elastic's free and open philosophy aims to help infosec teams globally via a community-centered approach to solving security problems. True to this approach, we are making a public repository available for the universal collection, collaboration, and implementation of security detection rules.
In this workshop, we'll introduce the repo and cover what you need to know to make the best use of this valuable new resource, including:
A walkthrough of the security detection rules repo and what it contains
An intro to Elastic's approach to threat hunting and detection
Getting started, dependencies, and usage best practices
Guidelines on how to contribute (creating issues, style, and process)
Detection engineering (rule metadata, Elastic Common Schema (ECS), and rule validation)