Manage your projects

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

To manage a project:

  1. Navigate to cloud.elastic.co.
  2. Log in to your Elastic Cloud account.
  3. Select your project from the Serverless projects panel and click Manage.

From the project page, you can:

  • Rename your project. In the Overview section, click Edit next to the project’s name.
  • Manage data and integrations. Update your project data, including storage settings, indices, and data views, directly in your project.
  • Manage API keys. Access your project and interact with its data programmatically using Elasticsearch APIs.
  • Manage members. Add members and manage their access to this project or other resources of your organization.

Search AI Lake settings

edit

Once ingested, your data is stored in cost-efficient, general storage. A cache layer is available on top of the general storage for recent and frequently queried data that provides faster search speed. Data in this cache layer is considered search-ready.

Together, these data storage layers form your project’s Search AI Lake.

The total volume of search-ready data is the sum of the following:

  1. The volume of non-time series project data
  2. The volume of time series project data included in the Search Boost Window

Each project type offers different settings that let you adjust the performance and volume of search-ready data, as well as the features available in your projects.

Setting Description Available in

Search Power

Search Power affects search speed by controlling the number of VCUs (Virtual Compute Units) allocated to search-ready data in the project. Additional VCUs provide more compute resources and result in performance gains.

The Cost-efficient Search Power setting limits the available cache size, and generates cost savings by reducing search performance.

The Balanced Search Power setting ensures that there is sufficient cache for all search-ready data, in order to respond quickly to queries.

The Performance Search Power setting provides more computing resources in addition to the searchable data cache, in order to respond quickly to higher query volumes and more complex queries.

Elasticsearch

Search Boost Window

Non-time series data is always considered search-ready. The Search Boost Window determines the volume of time series project data that will be considered search-ready.

Increasing the window results in a bigger portion of time series project data included in the total search-ready data volume.

Elasticsearch

Data Retention

Data retention policies determine how long your project data is retained.

You can specify different retention periods for specific data streams in your project.

ElasticsearchObservabilitySecurity

Maximum data retention period

When enabled, this setting determines the maximum length of time that data can be retained in any data streams of this project.

Editing this setting replaces the data retention set for all data streams of the project that have a longer data retention defined. Data older than the new maximum retention period that you set is permanently deleted.

Security

Default data retention period

When enabled, this setting determines the default retention period that is automatically applied to all data streams in your project that do not have a custom retention period already set.

Security

Project features

Controls feature tiers and add-on options for your Elastic Security project.

Security

Project features and add-ons

edit

Security For Elastic Security projects, edit the Project features to select a feature tier and enable add-on options for specific use cases.

Feature tier Description and add-ons

Security Analytics Essentials

Standard security analytics, detections, investigations, and collaborations. Allows these add-ons:

  • Endpoint Protection Essentials: Endpoint protections with Elastic Defend.
  • Cloud Protection Essentials: Cloud native security features.

Security Analytics Complete

Everything in Security Analytics Essentials plus advanced features such as entity analytics, threat intelligence, and more. Allows these add-ons:

  • Endpoint Protection Complete: Everything in Endpoint Protection Essentials plus advanced endpoint detection and response features.
  • Cloud Protection Complete: Everything in Cloud Protection Essentials plus advanced cloud security features.
Downgrading the feature tier
edit

When you downgrade your Security project features selection from Security Analytics Complete to Security Analytics Essentials, the following features become unavailable:

  • All Entity Analytics features
  • The ability to use certain entity analytics-related integration packages, such as:

    • Data Exfiltration detection
    • Lateral Movement detection
    • Living off the Land Attack detection
  • Intelligence Indicators page
  • External rule action connectors
  • Case connectors
  • Endpoint response actions history
  • Endpoint host isolation exceptions
  • AI Assistant
  • Attack discovery

And, the following data may be permanently deleted:

  • AI Assistant conversation history
  • AI Assistant settings
  • Entity Analytics user and host risk scores
  • Entity Analytics asset criticality information
  • Detection rule external connector settings
  • Detection rule response action settings