« Prebuilt ML job reference Timeline »
Elastic Docs Serverless Elastic Security serverless

Investigation tools

edit

Investigation tools

edit

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The following sections describe tools for investigating security events and tracking security issues directly in Elastic Security.

These features are available in the Elastic Security app’s side navigation menu:

  • Cases: Track investigation details about security issues.
  • InvestigationsTimelines: Workspace for investigations and threat hunting.
  • InvestigationsOsquery: Run live and scheduled queries on operating systems.
  • Intelligence: Indicators of compromise used for threat intelligence.
  • Notes: Use notes to coordinate responses, conduct threat hunting, and share investigative findings.
« Prebuilt ML job reference Timeline »