Elastic Security system requirements

edit

Elastic Security is an inbuilt part of Kibana. To use Elastic Security, you only need an Elastic Stack deployment (an Elasticsearch cluster and Kibana). For information on installing the Elastic Stack, see Getting started with the Elastic Stack.

The Support Matrix page lists officially supported operating systems, platforms, and browsers on which Elasticsearch, Kibana, Beats, and Elastic Endpoint have been tested.

Skip installing Elasticsearch and Kibana locally and try a cloud deployment, available on Azure, AWS, and GCP. You can try it out for free.

Kibana space and index privileges

edit

To use Elastic Security, you must have at least:

  • Read privilege for the Security feature in the Kibana space (see Spaces).
  • Read and view_index_metadata privileges for all Elastic Security indices, such as filebeat-*, packetbeat-*, logs-*, and endgame-* indices.

Configure advanced settings describes how to modify Elastic Security indices.

For more information about index privileges, see Elasticsearch security privileges.

Feature-specific requirements

edit

There are some additional requirements for specific features:

License requirements

edit

All features are available as part of the free Basic plan except:

Elastic Stack subscriptions lists the required subscription plans for all features.

Advanced configuration and UI options

edit

Configure advanced settings describes how to modify advanced settings, such as the Elastic Security indices, default time intervals used in filters, and IP reputation links.

Cross-cluster searches

edit

For information on how to perform cross-cluster searches on Elastic Security indices, see: