The document presents an overview of the Elastic Security Community, highlighting its initiatives, the importance of community involvement, and opportunities for contributions. It emphasizes the development of security tools and resources, including detection rules and the Elastic Common Schema (ECS), while providing information on future offerings and associated forward-looking statements. Participants are encouraged to engage through various platforms to enhance their skills, network, and contribute to security-related projects.

1. 1
Get Involved with
the Elastic Security
Community
Cami Lewis, Security Lead - Community, Elastic
Paul Ewing, Sr. Product Manager, Elastic

2. 2
This presentation and the accompanying oral presentation contain forward-looking statements, including statements
concerning plans for future offerings; the expected strength, performance or benefits of our offerings; and our future
operations and expected performance. These forward-looking statements are subject to the safe harbor provisions
under the Private Securities Litigation Reform Act of 1995. Our expectations and beliefs in light of currently
available information regarding these matters may not materialize. Actual outcomes and results may differ materially
from those contemplated by these forward-looking statements due to uncertainties, risks, and changes in
circumstances, including, but not limited to those related to: the impact of the COVID-19 pandemic on our business
and our customers and partners; our ability to continue to deliver and improve our offerings and successfully
develop new offerings, including security-related product offerings and SaaS offerings; customer acceptance and
purchase of our existing offerings and new offerings, including the expansion and adoption of our SaaS offerings;
our ability to realize value from investments in the business, including R&D investments; our ability to maintain and
expand our user and customer base; our international expansion strategy; our ability to successfully execute our
go-to-market strategy and expand in our existing markets and into new markets, and our ability to forecast customer
retention and expansion; and general market, political, economic and business conditions.
Additional risks and uncertainties that could cause actual outcomes and results to differ materially are included in
our filings with the Securities and Exchange Commission (the “SEC”), including our Annual Report on Form 10-K for
the most recent fiscal year, our quarterly report on Form 10-Q for the most recent fiscal quarter, and any
subsequent reports filed with the SEC. SEC filings are available on the Investor Relations section of Elastic’s
website at ir.elastic.co and the SEC’s website at www.sec.gov.
Any features or functions of services or products referenced in this presentation, or in any presentations, press
releases or public statements, which are not currently available or not currently available as a general availability
release, may not be delivered on time or at all. The development, release, and timing of any features or functionality
described for our products remains at our sole discretion. Customers who purchase our products and services
should make the purchase decisions based upon services and product features and functions that are currently
available.
All statements are made only as of the date of the presentation, and Elastic assumes no obligation to, and does not
currently intend to, update any forward-looking statements or statements relating to features or functions of services
or products, except as required by law.
Forward-Looking Statements

3. 3
Help me, Help you.
 Jerry Maguire

4. 4
Who is the Elastic
Security Community?

5. 5
● Security
orchestration,
automation,
response
● Security incident
response
● General ticket &
case management
These are just some of our partners and community members. The presence of a vendor logo doesn’t imply a business relationship with Elastic.
Elastic community – scale your security program
Kibana
Elasticsearch
● Host sources
● Network sources
● Cloud platforms &
applications
● User activity sources
● SIEMs & centralized
security data stores
● Internal context
● External context
● Consulting
● Education & training
Solutions
Integrators,
Value-added
Resellers,
MSPs & MSSPs
LogstashBeatsAgent

6. Security Community Initiatives
• User Groups and Meetups
– community.elastic.co
• Conferences and events
• Community Slack
• Community YouTube channel
• Elastic Discuss Forum
– discuss.elastic.co
• Programs (students, startups, etc.)
• Community Driven Protections
• Detection Rules Repo
• ECS A common schema for security
• EQL A common language for security

7. Connect with the Elastic Community
~500,000 members globally!

8. Elastic User Groups - meetups@elastic.co
Why get involved?
• Word of mouth marketing
• Employee development
• Networking / recruiting
• Present your use case:
share and gain knowledge
• Get experience speaking:
build your resume
• Become a leader in the
Community
• Industry experience
• Industry connections
Host Speak Co-Organize

9. Virtual Meetups
community.elastic.co

10. Elastic Contributor Program
elastic.co/community/contributor
We're excited to announce the global launch of
the Elastic Contributor Program, which recognizes
the hard work of our awesome contributors!
Start contributing rules, code, tutorials, etc. today
to earn yourself a spot on the leaderboard and the
chance to win free training, Elastic swag, bragging
rights, and more.
Elastic Contributor Program

11. Elastic Contributor Program
Contribution Types
● Event Organization
● Presentations
● Written Content
● Video Tutorials
● Translations
● Code
● Contribution Validation
Contributions made between February 1, 2020 and January 31, 2021 are eligible for submission.

12. ● Access to Elastic Cloud
● Free Training/Support (on demand
courses)
● Student focused presentations and
workshops
● Connect and network with the
community
*Learn more: Visit the “Students” tab on the
Community page or reach out directly to
students_highered@elastic.co
Elastic for Students and Educators
Get started today!
Scan here to activate your free
30 days of Elastic Cloud!

14. Join the Elastic
Community on
Slack
ela.st/slack
#security-siem
#endpoint-security
#jobs

15. discuss.elastic.co
94k total users!

16. Connect with the
Elastic Community
Elastic
meetups
https://ela.st/
amervirtual
Elastic Community
Slack Workspace
https://ela.st/slack
YouTube
Channel
https://ela.st/com
munity-youtube

17. 17
Sharing is caring.
 Salvation Army

18. 18
Security through
Obscurity Openness
A Call to Action Deep Dive!

19. 19
Safe Harbor Statement
This presentation includes forward-looking statements that are
subject to risks and uncertainties. Actual results may differ
materially as a result of various risk factors included in the reports
on the Forms 10K, 10Q, and 8K, and in other filings we make with
the SEC from time to time. Elastic undertakes no obligation to
update any of these forward-looking statements.

20. 20
2010 Today
We need
search...duh.
We need to
normalize data.
We need
more search!
We need
to hunt.
We need
packaged SIEM.
We need to
ingest more.
We need
to visualize.
We need
more data.
We need threat
prevention.
We heard you...

21. 21
Detection Rules Repo
A Call to Action Deep Dive!

22. 22
• Speed and scale of
Elasticsearch to detect
known and unknown threats
• Easily automate threat
detection using queries,
machine learning, thresholds,
correlations, and more!
• Free protections;
built in the open
Detection
Engine
It’s as simple as search.

23. 23
Repo at a Glance github.com/elastic/detection-rules
Community & Collaboration
• A dev-first mentality for
malicious behavior detection
The Rules
• A place to engage on rules for
all users of Elastic Security
Contribution Guides
• Creating issues, submitting
PRs, our philosophy, and more!
Developer Tools
• Interactive CLI to create rules
• Syntax validation, ECS
schemas, metadata
checker, etc.

24. 24
Free Rules. Built in the Open
attack.mitre.org

25. Our Approach to Detection Engineering
github.com/elastic/detection-rules/.../PHILOSOPHY.md
• Shaped by our collective real-world experience
• Focus on behaviors more than custom tools
• Write logic independent from the data source
• Detect true positives while avoiding false positives
Watch the webinar...
“Introducing the
Public Repository for
Detection Rules.”

26. 26
detection-rules

27. 27
detection-rules

28. 28
detection-rules

29. 29
detection-rules/rules/

30. 30
Contributing to Rules
A Call to Action Deep Dive!

31. 31
CONTRIBUTING.md
The latest
information is
always in the repo

32. Contributing to the Repository
CONTIBUTING.md
• Create a GitHub issue first
• Create a rule
– Fork and clone the repository
– Use the CLI to create a rule
– Run local tests to validate syntax and logic
– Finally submit a pull request

33. Create a Github Issue First
CONTIBUTING.md
• Forces us to discuss early in the process
– Learn from each other and share ideas
• Choose from our existing templates
• Include licenses and links for external rules
• Improves productivity for pull requests
– Less back-and-forth and more merging!

34. 34
Elastic Common
Schema (ECS
A Call to Action Deep Dive!

35. Using Elastic Common Schema (ECS
github.com/elastic/ecs
• Defines a common set of field names and types
• Enumerates categorization fields and values to bin similar events
together
• Designed to be extensible and grow with our needs
• ECS is adopted throughout the Elastic Stack
The importance of
normalizing your
security data

36. Write Logic Independent of Data Sources
github.com/elastic/ecs
✖ Specific to each source ✔ With standard ECS field
src:10.42.42.42 or
client_ip:10.42.42.42 or
apache2.access.remote_ip:
10.42.42.42 or
context.user.ip:10.42.42.42
source.ip:10.42.42.42

37. 37
Data Integration
A Call to Action Deep Dive!

38. Screenshot of integrations tiles (breadth)
Show the data boarding GIF (ease)
Final dashboard (value)
Unified Data Collection
Single Agent
100s of integrations
Go from data to dashboard in minutes
Central ingest management
Monitor and manage all your agents, at scale,
from a single place
Across observability and security
Collect events across data sources to enable
both use cases
Breaking silos
between SecOps
and DevOps

39. 39
The Rule Types You
Asked For
A Call to Action Deep Dive!

40. Why EQL?
Simple and Concise.
• More than a single event.
EQL allows you to match
a sequence of events of
various types.
• Intuitive. EQL looks like
other query languages to
help reduce learning
curve.
• Designed for security.
EQL was built for threat
hunters and behavior
detection by correlating
various events.
• Schemaless. But we
recommend ECS Elastic
Common Schema) 😀

41. Try free on Cloud:
elastic.co/cloud
Take a quick spin:
demo.elastic.co
Connect on Slack:
ela.st/slack
1 2 3
Join the Elastic community

42. Thank You!
Reach out:
meetups@elastic.co
conferences@elastic.co
contributors@elastic.co
students_highered@elastic.co
community@elastic.co