Quick navigation

Elastic

Elastic Siem

Security analytics at the speed of Elasticsearch

Website

Main categories

Security Operations & Incident Response

Sub categories

SIEM Solution

SIEM

Deployment modus

On-premise

Cloud

Value Proposition

Problem

Solution

Everything you love about the Elastic Stack — geared toward security information and event management (SIEM). Leverage the speed, scale, and relevance of Elastic SIEM to drive your security operations and threat hunting. With pre-built Beats integrations, quickly ingest data from anywhere: network infrastructure, endpoint agents, or any source you like, really. And if you don’t see the integration you need, collaborate with the Elastic community to find or build it. That’s open source for the win.

Features

Collect Linux audit framework data with Auditbeat to monitor system and file integrity details. Ship to Elasticsearch for analysis in the SIEM app.
Investigate attempted logins and related activity with authentication data gathered by Auditbeat and the Filebeat system modules
See what’s happening over the wire with DNS data gathered by Packetbeat: user access patterns, domain activity, query trends, and more.
stablish a broad view of your environment by analyzing flow data — collected and parsed by the Filebeat NetFlow module.
With the Elastic Common Schema (ECS), you can centrally analyze information like logs, flows, and contextual data from across your environment — no matter how disparate your data sources.

The Elastic SIEM app is an interactive workspace for security teams to triage events and perform initial investigations. Monitor for threats, gather evidence on a timeline, pin and annotate relevant events, and forward potential incidents to ticketing and SOAR platforms.
iew data on interactive dashboards and maps. Perform graph-based relationship analysis. Search across information of all kinds. Do it all with the technology fast enough for the sharpest analysts.
Explore unknown threats exposed through machine learning-based anomaly detection. Equip threat hunters with evidence-based hypotheses. Uncover threats you expected — and those you didn't — with our ever-expanding set of pre-built ML jobs.
Automate threat detection with correlation-based alerts. Implement Elastic and community correlation rules and adjust them to fit the needs of your environment. If you can query it in Elasticsearch, you can alert on it.
If you're looking to ship data from endpoints to Elastic SIEM, why not protect them as well? We've made it easy to do just that with Elastic Endpoint Security, a single autonomous agent that both prevents attacks and forwards events and alerts for centralized analysis