The 2022 ATT&CK Evaluations for Managed Services Call for Participation is now open. Click here to learn how to participate.
Home  >  Enterprise  >  Participants  >  Elastic  > Carbanak+FIN7 Configuration


Elastic Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE Engenuity comments are included in italics.


Product Versions

  • Elastic v7.9.2 (was publicly released on Sep 24, 2020)
  • Product Description

    Elastic Security Solution Brief

    elastic.co/security Elastic Security builds on the power of the Elastic Stack to deliver prebuilt capabilities that help security teams to evolve even faster. The solution enables a unified, out-of-the-box approach to SIEM, security analytics, and advanced threat detection, prevention, and response — with the inherent benefits of speed, scale, and relevance Elasticsearch is known for.

    Prevent, detect, respond

    Why do organizations rely on Elastic Security to stay ahead of adversaries? Speed, scalability, and a free and open approach to security that is powered in part by contributions from the Elastic community. Validated by industry experts, Elastic Security helps prevent damage, reduces dwell times, and increases team efficiencies.

    Eliminate blind spots

    Elastic makes searching, visualizing, and analyzing across all your data simple and instantly actionable. Protect your organization through global visibility and immediate insights, real-world-validated detections, and an interface built for accelerated analysis and response. Resource-based pricing allows for uninhibited data ingestion and storage, supported by a universe of API integrations with preferred technologies.

    Stop threats at scale

    With the Elastic Security detection engine, automate threat detection and identify priority issues before damage occurs. Leverage integrated machine learning capabilities to improve accuracy at scale across the entire organization. Align to MITRE ATT&CK® and hunt for threats quickly and methodically.

    Arm every analyst

    Elastic Security’s intuitive visualizations make it easy to determine root cause across host, network, cloud, user — any data source. Analysts can easily customize workflows and investigative drill downs while leveraging built-in case management and integrations with operations platforms to collaborate more efficiently.

    Free and Open

    Elastic Security provides free and open security features to equip SOC teams to prevent, detect and respond to threats at scale. Users can get started - or even build an entire solution - at no cost. Our code is housed in public repositories with a commitment to an open development process and transparent and direct engagement with our community. For example, in the /elastic/detection-rules GitHub repository, you can find rules written for Elastic Security, with coverage for many MITRE ATT&CK techniques.

    A free and open model ensures that our community and customers can innovate, evolve, and optimize the solution for their unique environment. For more information about our corporate philosophy on the importance of an open approach to developing and delivering security capabilities, please visit: https://www.elastic.co/campaigns/security-only-from-elastic.

    Try Elastic Security

    Want to check out Elastic Security for yourself? Try an extended 30-day free trial on Elasticsearch Service at ela.st/elastic-security , or spin up your own open source deployment with no time or size restriction.

    Product Configuration

    Elastic software capabilities used in this round of testing consisted of out-of-the-box capabilities found in the free and open Standard license tier (except for Machine Learning, which is available in the Platinum tier).

    The previous two MITRE evaluations were conducted using Elastic Endgame, which was our former EPP/EDR offering gained through the acquisition of Endgame. Elastic Security is our current unified security solution for SIEM, security analytics, and advanced threat detection, prevention and response.

    • Elastic (v7.9.2)
    • Endpoint Security (v7.9.2)
      • Default policy, detect-only (per testing criteria)
    • winlogbeat (v7.9.2)
      • PowerShell module
      • Sysmon module
    • metricbeat (v7.9.2)
    • packetbeat(v7.9.2)