Corelight, the provider of the most powerful network traffic analysis (NTA) solutions for cybersecurity, reinforced its support for the Elastic Common Schema (ECS), a specification that provides a consistent and customizable way to structure log data from a variety of diverse sources in Elasticsearch. Using Corelight ECS Mapping streamlines the implementation of automated analysis methods on Zeek logs, including machine learning-based anomaly detection and alerting.
“Corelight was one of the first Elastic partners to test ECS when it was launched in 2019. Our support for ECS underscores a mutual focus on providing customers with a standardized approach on how to collect, ingest and understand their data,” said Allen Male, director of strategic alliances and partnerships for Corelight. “These efforts help customers make use of enhanced capabilities that reduce their security risk without additional analyst effort.”
Marketing Analytics firm AppsFlyer secures $210 Million in Series D Funding
ECS facilitates the unified analysis of data from diverse sources so that content such as dashboards and machine learning jobs can be applied more broadly, searches can be crafted and shared more efficiently, and field names can be recalled by analysts more easily.
“The Elastic Common Schema provides a shared language for our community of users to understand their data, collaborate to develop resources across the Elastic Stack, and more quickly drill down to identify a potential attacker or determine the root cause of an operational issue,” said Mike Paquette, director of product, Elastic SIEM. “Mapping to ECS makes it easier for users to visualize, search, drill down, and pivot through their Zeek log data, and enables easy sharing of analysis content amongst the Zeek user community.”
Twitter to Pull Out Audience Insights Tab from its Analytics
ECS streamlines the development of analytics content. Instead of creating new searches and dashboards each time an organization adds a data source with a new format, users can continue leveraging ECS-aware searches and dashboards. ECS also makes it far easier for organizations to directly adopt analytics content from other parties that use ECS, whether Elastic, a partner or an open-source project.
