Elastic Security overview
editElastic Security overview
editElastic Security combines threat detection analytics, cloud native security, and endpoint protection capabilities in a single solution, so you can quickly detect, investigate, and respond to threats and vulnerabilities across your environment.
Elastic Security provides:
- A detection engine that identifies a wide range of threats
- A workspace for event triage, investigation, and case management
- Interactive data visualization tools
- Integrations for collecting data from various sources
Learn more
edit- Elastic Security UI overview: Navigate Elastic Security’s various tools and interfaces.
- Detection rules: Use Elastic Security’s detection engine with custom and prebuilt rules.
- Cloud security: Enable cloud native security capabilities such as Cloud and Kubernetes security posture management, cloud vulnerability management, and cloud workload protection for Kubernetes and VMs.
- Install Elastic Defend: Enable key endpoint protection capabilities like event collection and malicious activity prevention.
- Machine learning: Enable built-in machine learning tools to help you identify malicious behavior.
- Advanced entity analytics: Leverage Elastic Security’s detection engine and machine learning capabilities to generate comprehensive risk analytics for hosts and users.
- Elastic AI Assistant: Ask AI Assistant questions about how to use Elastic Security, how to understand particular alerts and other documents, and how to write ES|QL queries.
Elasticsearch and Kibana
editElastic Security uses Elasticsearch for data storage, management, and search, and Kibana is its main user interface. Learn more:
- Elasticsearch: A real-time, distributed storage, search, and analytics engine. Elastic Security stores your data using Elasticsearch.
- Kibana: An open-source analytics and visualization platform designed to work with Elasticsearch and Elastic Security. Kibana allows you to search, view, analyze and visualize data stored in Elasticsearch indices.
Elastic Endpoint self-protection
editFor information about Elastic Endpoint’s tamper-protection features, refer to Elastic Endpoint self-protection features.