This was a cool demo I’m transitioning into cyber mainly soc analysis role I’ve heard about the elastic siem, I’m in the process of building a soc environment using the ELK stack

Great demonstration of an entire IR scenario using Elastic Security. Thank you.

Thanks for the video, there are a lot of workflow things you use I had never realized possible. Great to watch professional work! I don't know where to give you feedback, but one thing that is really a weakness at the moment is the out of the box baselining. seeing alerts on Linux for logrotate rotating logs of a common application, or on windows there's component hijacking alerts for adobe cloud, other alerts for ms defender doing its updates... It always makes your brain scream "are they even testing?". you need a larger lab running baselines and pre-tune those. do it for free as a quality measure or make a cheap subscription for that so you can have 100000s of people paying for it, totally fine, but bring it to a state that is "deliverable". Still watching, really really great content! Done, very, very much enjoyed it!

Awesom!

Thanks James love the work as always.

Can I know, what version of elasticsearch is used for this demo? I use 8.2.0, but there is no menu 'Detection & Respond'.

Nice demonstration, James! Are any of the features you used in this demonstration behind any paywalls?

does elastic IR have a built in dashboard for MTTD - MTTC?

Could you share the other useful links for beginners?