Elasticsearch Query Language (ES|QL) | Stockholm meetup

Join us on Thursday, August 29th for a new meetup with the Elastic Stockholm User Group!

We'll meet each other at Lexicon: doors open at 17.30 and we'll serve pizza and drinks. Presentations begin at 18.45. We wrap up at 20.30.

Address: Lexicon, World Trade Center, Klarabergsviadukten 70, Stockholm
If the door is locked, look for the small black unit next to it, press "Ring" and then number 073 516 55 51 and wait until the door opens

Agenda:
17.30 Doors open
17.45 Welcome, pizza and drinks
18.45 Talk #1 Elasticsearch Query Language (ES|QL)
19.30 Talk #2 Operationalizing ES|QL for security use cases
20:15 Q&A
20.30 Wrap up

Talks:
Elasticsearch Query Language (ES|QL)
Elasticsearch and Kibana added a new query language: ES|QL — coming with a new endpoint (_query) and a brand new syntax. It let's you refine your results one step at a time and adds new features like data enrichment and processing right in your query. And you can use it across the Elastic Stack — from the Elasticsearch API to Discover and Alerting in Kibana. But the biggest change is behind the scene: Using a new compute engine that was built with performance in mind.
Join us for a quick overview and look at syntax and internals.

Speaker: Anna-Maria Modee (Sr. Solutions Architect, Elastic)

Operationalizing ES|QL for security use cases
This talk will focus on how you can make use of ES|QL in the Elastic security solution. Particularly, we will focus on how you can use ES|QL to:

1. Create detection rules
2. Execute investigations via timeline
3. Threat hunt for indicators of compromise

The talk will also include a demo of how you can use the Elastic AI assistant to generate ES|QL queries for example security use cases.

Speaker: Marvin Ngoma (Sr. Security Architect, Elastic)