Amsterdam user group | Security Meetup

Join us for a meetup on November 6th in our Elastic office in Amsterdam, where we will be joined by Marvin Ngoma (Elastic), Kseniia Ignatovych (Elastic) and Sergey Polzunov (BlackStork.io)! Doors open at 17.45 and the presentations begin at 18.00. Food, refreshments, and networking to follow. We wrap up around 20.45.

Address: Elastic's office, Keizersgracht 281, 1016 ED Amsterdam

Agenda:
17.45 Doors open
18.00 Maturing Your Detection Engineering Practices with Elastic Security
18.45 Automating Detection Authoring with Gen AI: Tips n’ tricks
19.30 Automating SOC Reporting from Elastic Security with Fabric
20:00 Networking, food with drinks
20:45 Wrap up

Talks:
Maturing Your Detection Engineering Practices with Elastic Security
A mature detection engineering program is art, science, and meticulous work. From prebuilt rules to coverage analysis to detections as code and more, this talk will cover the detection capabilities of Elastic Security and what role they play in leveling up the detection engineering practice maturity. We will conclude with Detections as code capabilities demo!

Speaker: Kseniia Ignatovych (Senior Product Manager, Security Core - Security Content @Elastic)

Automating Detection Authoring with Gen AI: Tips n’ tricks
Writing high-fidelity detections is often a complex, time-consuming, and expertise-driven task. This talk explores how generative AI and large language models (LLMs) can streamline detection authoring workflows, building on insights from Kseniia’s session. We’ll share practical tips on embedding Gen AI into detection processes and address important caveats around accuracy and adoption challenges. The talk will also include a demo of how these workflows can be built on Elastic security, using the Elastic AI assistant for security.

Speaker: Marvin Ngoma (Security Solutions Architect @Elastic)

Automating SOC Reporting from Elastic Security with Fabric
This talk will cover how to build effective SOC reporting from Elastic Security data using Fabric, an open-source tool for automating cybersecurity reports. We’ll walk through creating a SOC Weekly Activity Overview report, from defining data sources with Elastic Security to selecting operational metrics and building a report template. We’ll discuss various metrics like SLAs, False Positives rate, Estate Coverage, analytical load, etc. The session will give attendees practical knowledge and tools for generating effective operational reports from Elastic Security data.

Speaker: Sergey Polzunov (Software engineer @BlackStork.io)

Bio:
Sergey Polzunov is a software engineer with more than 15 years of experience, focused for the last 10 years on building solutions for cyber security. Sergey was a core developer of a threat intelligence platform, participated in designing STIX2 / TAXII2 standards, released the open-source STIX2 graphing library Stixview, and developed multiple tools for threat detection, digital forensics, and security telemetry processing. Currently, at [BlackStork.io](http://blackstork.io/), Sergey is working on Fabric, an open-source tool designed to automate cybersecurity reporting.