Open security is the foundation of what we do here at Elastic Security Labs, and there’s no better way to demonstrate that than by sharing information that other companies may consider proprietary information.

Detection capabilities make organizations stronger and more robust — and the threat landscape has deemed behavioral threat detections a necessity. Despite this, many security tool vendors refuse to reveal how they create and audit their prebuilt protections, leaving security teams unsure of how they can tailor these protections for themselves.

Here at Elastic, we don’t believe in the phrase, “Just trust me.”

We’re bringing you the newest publication from Elastic Security Labs: The 2025 State of Detection Engineering at Elastic! This report provides an in-depth look at how the Elastic Security Labs team maintains and assesses the Elastic Security rulesets, including:

• How to create robust rules that are informed by real-world threat analysis
• Detection engineering capabilities that the team has built directly into Elastic Security
• Rule assessment metrics, including both operational performance and broader company strategies
• The use of threat intelligence reports like the Elastic Global Threat Report to plan for and assess changes in the threat landscape