Integrating detection-based rules and machine learning capabilities to drive operational efficiency in the SOC
Automation via machine learning can help your SOC staff handle the endless crush of alerts. However, without the right data sources and analytic capabilities, you risk further straining workloads with additional noise and complexity.
Corelight & Elastic Security, both rooted in open source, together go above and beyond to maximize operational efficiency. The integrated solution combines high-fidelity alerts and data from Suricata and Zeek along with the Elastic (ELK) Stack to help you identify anomalies, streamline root cause analysis, and reduce false positives.
Join us for a webinar on how the combined solution can:
- Identify anomalies in network traffic using ML and detection rules
- Find threats in encrypted traffic without decryption
- Perform faster investigations using linked UIDs for faster pivoting
- Show change over time by enriching IOC data at time of ingestion
- Improve response times by integrating with Slack to push alerts
Matteo Rebeshini, Principal Solution Architect, Elastic
Matteo Rebeschini is a Security Specialist at Elastic, based out of Boulder, Colorado. Matteo helps Elastic customers architect solutions based on Elastic SIEM and Endpoint Security to protect their data and assets from attack. Matteo has 20+ years of experience in the cybersecurity industry covering various roles, from software engineering to technical product management and more recently
James Schweitzer, East and Federal SE Director, Corelight
James Schweitzer is the East and Federal SE Director at Corelight. Previously, he worked at The MITRE Corporation in the security center for over a decade supporting multiple US Government agencies. James is a graduate of Virginia Tech and The George Washington University.