AI Skills for Elasticsearch

Creates operational dashboards for Grafana and SigNoz, focusing on answering key operator questions for effective monitoring.

Specializes in designing scalable database architectures, technology selection, and schema modeling for optimal data management.

Specializes in building production-ready monitoring and logging systems, implementing observability strategies, and managing incident response workflows.

Provides expert guidance on cloud database administration, focusing on automation, reliability, and modern operational practices.

Provides expert troubleshooting for DevOps incidents, focusing on rapid response, advanced debugging, and modern observability techniques.

Master Django 5.x with async views and DRF to build scalable web applications with best practices in architecture and deployment.

Identifies error patterns and anomalies in logs and codebases, providing actionable insights for root cause analysis and prevention.

Expertly masters Java 21+ features and Spring Boot 3.x for building scalable enterprise applications with modern JVM optimizations.

Configures Suricata IDS/IPS for real-time network monitoring and threat detection with advanced logging and integration capabilities.

Monitors paste sites for leaked credentials and sensitive data, enabling early breach detection and incident response.

Identifies anomalous authentication patterns using UEBA analytics and machine learning to enhance security and detect account compromises.

Detects Kerberos Golden Ticket forgery by analyzing Windows Event ID 4769 for security incidents and threat hunting in Active Directory environments.

Detects and prevents API enumeration attacks, including BOLA and IDOR, by monitoring access patterns and authorization failures.

Implements User and Entity Behavior Analytics using Elasticsearch/OpenSearch to detect insider threats through behavioral baselines and anomaly scores.

Enables proactive threat hunting in Elastic Security SIEM using KQL/EQL to identify threats that evade automated detection.

Enables systematic alert triage in Elastic Security SIEM for effective classification and investigation of security alerts.

Automates IOC enrichment using OpenCTI, integrating multiple threat intelligence sources for enhanced cybersecurity insights.

Deploys MISP for aggregating and correlating threat intelligence feeds, enhancing cybersecurity through automated SIEM integration.

Facilitates the deployment and integration of a Threat Intelligence Platform for effective threat data collection and analysis.

Detects Kerberos Pass-the-Ticket attacks by analyzing Windows Event IDs for anomalous ticket usage patterns in Splunk and Elastic SIEM.