Cyborg Security has partnered with Elastic to provide contextual threat intelligence and “in-tool” Threat Hunt & Detection Packages via Elastic’s Security Signal Detection Rules and Timelines.
Cyborg Security is a pioneer in threat hunting and intelligence, empowering defenders and enabling organizations to transform their Threat hunting capability. Cyborg Security’s portal provides contextualized use cases, Threat Hunt & Detection Packages, and a focused Threat Intelligence feed. The portal makes it easy to deploy tailored content queries mapped to your unique SIEM, or Data Lake environments, and are ready-to-run utilizing Cyborg’s Automatic Mapping Process.
Cyborg Security is comprised of advanced threat hunters, threat intelligence specialists, incident response and digital forensics analysts and security engineers. Cyborg Security’s core goal is to provide advanced threat hunting use cases, content, and intelligence. Cyborg supplements the time consuming and difficult tasks of creating, testing, vetting, and developing advanced use cases and threat hunting content while delivering feature complete Threat Hunt and Detection Packages.
Elastic Security allows for the analysis, investigation and visualization of host and network-based security events and logs. The detection engine, built into Elastic Security, is capable of managing automatic searches using detection rules, exceptions, and machine learning jobs. Elastic Security Timelines gives analyst a workspace to investigate the alerted Detection Signals and events as well as provides predefined queries to help with the threat hunting process.
Cyborg Security, recognizing the benefit and advanced capabilities of Elastic Security, set out to create Threat Hunt & Detection Packages centered around Elastic Signal Detections and Timelines. Cyborg Security’s HUNTER Platform allows organizations to search, discover, research, and deploy Elastic Signal Detection content mapped to their unique environment. Cyborg’s Elastic Signal content contains the threat hunt or detection query, the severity and risk score based on the associated use case, MITRE ATT&CK mapping, Cyborg’s tags and taxonomies, and predefined run schedule based on the hunt or detection methodology. The Cyborg Elastic Threat Hunt & Detection Packages also include a fully contextualized investigation guide, allowing analyst to hunt and respond “in-tool”. All of the same contextualization and information found in the Cyborg HUNTER Platform is available, as well as links back to HUNTER based on the deployed use case. There are also links directly to any associated threat intelligence indicators of comprise, allowing analysts to quickly pivot against the deployed content.
As Elastic continues to develop their Security Platform, Cyborg Security is excited to contribute to their upcoming projects and releases as well as deliver advanced threat hunting capabilities to the Elastic customers. Read more on how Cyborg creates threat hunting content in our blog, How Cyborg Creates Threat Hunting Content.