Session

AI-Optimized Alert Triage for Elastic Security

We introduce an AI-optimized alert triage application on top of Elastic Security. It automatically enriches and correlates alerts across rules of Elastic Security’s detection engine to assess the overall risk of every entity (e.g., host, user) in the environment, and prioritizes alerts accordingly. The triaged alerts are displayed within Elastic Security’s UI. The automation minimizes the need for manual correlation during alert investigation, which can significantly improve the productivity of security analysts. The application employs graph analytics and machine learning techniques, and dynamically incorporates analysts’ feedback to provide comprehensive alert risk assessment. Consequently, it reduces the amount of alert false-positives and the human effort on system tuning, enabling security analysts to focus their attention on alerts that may indicate real critical threats.

Jie Lu

Co-founder and VP of Research at L9 Analytics

Hawthorne, New York, United States

View Speaker Profile