Elastic Security overview
editElastic Security overview
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Elastic Security combines threat detection analytics, cloud native security, and endpoint protection capabilities in a single solution, so you can quickly detect, investigate, and respond to threats and vulnerabilities across your environment.
Elastic Security provides:
- A detection engine that identifies a wide range of threats
- A workspace for event triage, investigation, and case management
- Interactive data visualization tools
- Integrations for collecting data from various sources
Learn more
edit- Elastic Security UI overview: Navigate Elastic Security’s various tools and interfaces.
- Detection rules: Use Elastic Security’s detection engine with custom and prebuilt rules.
- Cloud native security: Enable cloud native security capabilities such as Cloud and Kubernetes security posture management, cloud native vulnerability management, and cloud workload protection for Kubernetes and VMs.
- Install Elastic Defend: Enable key endpoint protection capabilities like event collection and malicious activity prevention.
- Machine learning: Enable built-in machine learning tools to help you identify malicious behavior.
- Advanced entity analytics: Leverage Elastic Security’s detection engine and machine learning capabilities to generate comprehensive risk analytics for hosts and users.
- Elastic AI Assistant: Ask AI Assistant questions about how to use Elastic Security, how to understand particular alerts and other documents, and how to write ES|QL queries.
Elasticsearch and Kibana
editElastic Security uses Elasticsearch for data storage, management, and search, and Kibana is its main user interface. Learn more:
- Elasticsearch: A real-time, distributed storage, search, and analytics engine. Elastic Security stores your data using Elasticsearch.
- Kibana: An open-source analytics and visualization platform designed to work with Elasticsearch and Elastic Security. Kibana allows you to search, view, analyze and visualize data stored in Elasticsearch indices.
Elastic Endpoint self-protection
editFor information about Elastic Endpoint’s tamper-protection features, refer to Elastic Endpoint self-protection features.