Elastic Security system requirements
editElastic Security system requirements
editElastic Security is an inbuilt part of Kibana. To use Elastic Security, you only need an Elastic Stack deployment (an Elasticsearch cluster and Kibana). For information on installing the Elastic Stack, see Getting started with the Elastic Stack.
The Support Matrix page lists officially supported operating systems, platforms, and browsers on which Elasticsearch, Kibana, Beats, and Elastic Endpoint have been tested.
Skip installing Elasticsearch and Kibana locally and try a cloud deployment, available on Azure, AWS, and GCP. You can try it out for free.
Kibana space and index privileges
editTo use Elastic Security, you must have at least:
-
Readprivilege for theSecurityfeature in the Kibana space (see Spaces). -
Readandview_index_metadataprivileges for all Elastic Security indices, such asfilebeat-*,packetbeat-*,logs-*, andendgame-*indices.
Configure advanced settings describes how to modify Elastic Security indices.
For more information about index privileges, see Elasticsearch security privileges.
Feature-specific requirements
editThere are some additional requirements for specific features:
License requirements
editAll features are available as part of the free Basic plan except:
Elastic Stack subscriptions lists the required subscription plans for all features.
Advanced configuration and UI options
editConfigure advanced settings describes how to modify advanced settings, such as the Elastic Security indices, default time intervals used in filters, and IP reputation links.
Third-party collectors mapped to ECS
editThe Elastic Common Schema (ECS) defines a common set of fields to be used for storing event data in Elasticsearch. ECS helps users normalize their event data to better analyze, visualize, and correlate the data represented in their events. Elastic Security can ingest and normalize events from any ECS-compliant data source.
Elastic Security requires ECS-compliant data. If you use third-party data collectors to ship data to Elasticsearch, the data must be mapped to ECS. Elastic Security ECS field reference lists ECS fields used in Elastic Security.
Cross-cluster searches
editFor information on how to perform cross-cluster searches on Elastic Security indices, see:
- Search across cluster (for self-managed Elastic Stack deployments)
- Enable cross-cluster search (for hosted deployments)