{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,3]],"date-time":"2025-09-03T09:59:44Z","timestamp":1756893584084,"version":"3.40.4"},"reference-count":30,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Scientific Research Deanship of the University of Ha\u2019il, Saudi Arabia","award":["RG-24 044"],"award-info":[{"award-number":["RG-24 044"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3556184","type":"journal-article","created":{"date-parts":[[2025,3,31]],"date-time":"2025-03-31T23:45:26Z","timestamp":1743464726000},"page":"62341-62352","source":"Crossref","is-referenced-by-count":1,"title":["Threat Hunting the Shadows: Detecting Adversary Lateral Movement With Elasticsearch"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0906-3513","authenticated-orcid":false,"given":"Naif","family":"Alsharabi","sequence":"first","affiliation":[{"name":"College of Computer Science and Engineering, University of Ha’il, Hail, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7361-0465","authenticated-orcid":false,"given":"Akashdeep","family":"Bhardwaj","sequence":"additional","affiliation":[{"name":"Centre for Cybersecurity, School of Computer Science, UPES, Dehradun, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4472-1841","authenticated-orcid":false,"given":"Talal","family":"Sarheed Alshammari","sequence":"additional","affiliation":[{"name":"College of Computer Science and Engineering, University of Ha’il, Hail, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8891-6421","authenticated-orcid":false,"given":"Shoayee","family":"Alotaibi","sequence":"additional","affiliation":[{"name":"College of Computer Science and Engineering, University of Ha’il, Hail, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dhahi","family":"Alshammari","sequence":"additional","affiliation":[{"name":"College of Computer Science and Engineering, University of Ha’il, Hail, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amr","family":"Jadi","sequence":"additional","affiliation":[{"name":"College of Computer Science and Engineering, University of Ha’il, Hail, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"volume-title":"What is Lateral Movement in Cybersecurity? | Wiz","year":"2023","key":"ref1"},{"volume-title":"What is Privilege Escalation\u2014Definition, Types, Examples | Proofpoint U.S.","year":"2023","key":"ref2"},{"volume-title":"Abusing Active Directory: Down the Rabbit Hole We Go","year":"2024","key":"ref3"},{"volume-title":"What is an Advanced Persistent Threat (APT)? Definition From SearchSecurity","year":"2021","author":"Rosencrance","key":"ref4"},{"volume-title":"What is an Attack Surface? (and How to Reduce it) | Okta","year":"2024","key":"ref5"},{"volume-title":"Understanding Indicators of Compromise (IR108) | CISA","year":"2023","key":"ref6"},{"volume-title":"Quickly Get Started With Elastic","year":"2024","key":"ref7"},{"volume-title":"What is Query Language? | A Comprehensive Query Language Guide","year":"2024","key":"ref8"},{"volume-title":"Elasticsearch Query Editor | Grafana Cloud Documentation","year":"2024","key":"ref9"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3402744"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/mnet.2024.3389734"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2023.3326975"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/trustcom60117.2023.00165"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ipec57296.2023.00074"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/incit60207.2023.10412895"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ITNAC59571.2023.10368559"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ACA57612.2023.10346959"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/CSNet59123.2023.10339769"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/CNS59707.2023.10288665"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3322427"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2022.3231406"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC-DSS-SmartCity-DependSys53884.2021.00076"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SIN54109.2021.9699232"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3069105"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1002\/9781119560302.ch12"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICNC47757.2020.9049748"},{"volume-title":"SIEM & Security Analytics | Elastic Security for SIEM","year":"2024","key":"ref27"},{"volume-title":"Ubuntu PC Operating System | Ubuntu","year":"2020","key":"ref28"},{"volume-title":"Create an Elasticsearch Query Rule | Kibana Guide [8.14] | Elastic","year":"2024","key":"ref29"},{"volume-title":"Making Elasticsearch and Lucene the Best Vector Database: Up to 8\u00d7 Faster and 32\u00d7 Efficient","year":"2024","author":"Sharipova","key":"ref30"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/10945781.pdf?arnumber=10945781","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,15]],"date-time":"2025-04-15T05:16:35Z","timestamp":1744694195000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10945781\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":30,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3556184","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}