Attackers often use the MITRE ATT&CK T1564 - Hide Artifacts technique to conceal their activities within systems, utilizing hidden files, concealed processes, and manipulated registry keys to evade detection and persist undetected. This technique encompasses various sub-techniques such as hidden files and directories, the creation of hidden users, the use of NTFS alternate data streams, and executing malicious code in virtual instances, all aimed at avoiding triggering alerts and extending the attackers' dwell time in an environment. To counteract these tactics, monitoring a wide range of data sources is crucial for uncovering such stealthy techniques, and Elastic Security provides tools to detect these hidden threats through integrations that enhance the visibility of files, processes, registry keys, user accounts, email communications, and network traffic. Queries using Elastic Stack ES|QL are employed to identify suspicious activities, such as monitoring file attributes, registry modifications, and email rules, to reveal hidden artifacts that adversaries use to evade detection. By understanding and detecting T1564 activities, organizations can fortify their defenses, mitigate risks to confidentiality, integrity, and availability, and maintain a robust security posture by ensuring continuous vigilance against evolving threats.