Elastic Security overview

edit

Elastic Security overview

edit

Elastic Security combines threat detection analytics, cloud native security, and endpoint protection capabilities in a single solution, so you can quickly detect, investigate, and respond to threats and vulnerabilities across your environment.

Elastic Security provides:

  • A detection engine that identifies a wide range of threats
  • A workspace for event triage, investigation, and case management
  • Interactive data visualization tools
  • Integrations for collecting data from various sources

Learn more

edit
  • Elastic Security UI overview: Navigate Elastic Security’s various tools and interfaces.
  • Detection rules: Use Elastic Security’s detection engine with custom and prebuilt rules.
  • Cloud native security: Enable cloud native security capabilities such as Cloud and Kubernetes security posture management, cloud native vulnerability management, and cloud workload protection for Kubernetes and VMs.
  • Install Elastic Defend: Enable key endpoint protection capabilities like event collection and malicious activity prevention.
  • Machine learning: Enable built-in machine learning tools to help you identify malicious behavior.
  • Advanced entity analytics: Leverage Elastic Security’s detection engine and machine learning capabilities to generate comprehensive risk analytics for hosts and users.
  • Elastic AI Assistant: Ask AI Assistant questions about how to use Elastic Security, how to understand particular alerts and other documents, and how to write ES|QL queries.

Elasticsearch and Kibana

edit

Elastic Security uses Elasticsearch for data storage, management, and search, and Kibana is its main user interface. Learn more:

  • Elasticsearch: A real-time, distributed storage, search, and analytics engine. Elastic Security stores your data using Elasticsearch.
  • Kibana: An open-source analytics and visualization platform designed to work with Elasticsearch and Elastic Security. Kibana allows you to search, view, analyze and visualize data stored in Elasticsearch indices.
Elastic Endpoint self-protection
edit

For information about Elastic Endpoint’s tamper-protection features, refer to Elastic Endpoint self-protection features.