Skip to content

Elastic Security Research

The Elastic Security Research team pairs research on emerging threats with analysis of strategic, operational, and tactical adversary objectives.

The team produces public-facing content, in the way of summary blogs, detailed releases, and artifacts; articulating both adversary campaign activities and threat detection steps that can be leveraged to frustrate adversary goals.

The team publishes a variety of content:

  • Analysis of malware signatures, behavior protections, and detection rules assessed against real-world malware and adversary techniques;
  • Whitepapers focused on vulnerabilities, exploits, and other research relevant to the security community at-large; and
  • Tools created to aid in the collection and analysis of threat data

Research priorities are chosen through open-source research vehicles, inputs from high-confidence third parties, and data collected from Elastic’s evolving telemetry.


Topic Description
Intelligence Analysis Long-form threat research and analysis focused on campaigns and specific intrusions.
Malware Analysis Malware research, analysis, and reverse engineering.
Whitepapers Whitepapers around the topic of protections, defensive countermeasures, and security operations.
Tools Tools created and released by the Elastic Security Research team to aid in data collection, parsing, and analysis.


threat-notification //@// Elastic Community Slack

Last update: January 31, 2022
Created: January 19, 2022