Elastic Security requirements

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The Support Matrix page lists officially supported operating systems, platforms, and browsers on which components such as Beats, Elastic Agent, Elastic Defend, and Elastic Endpoint have been tested.

Provide access to Elastic Security by assigning a user the appropriate predefined user role or a custom role with specific privileges.

To use Elastic Security, your role must have at least:

For more information about index privileges, refer to Elasticsearch security privileges.

There are some additional requirements for specific features:

Advanced settings describes how to modify advanced settings, such as the Elastic Security indices, default time intervals used in filters, and IP reputation links.

The Elastic Common Schema (ECS) defines a common set of fields to be used for storing event data in Elasticsearch. ECS helps users normalize their event data to better analyze, visualize, and correlate the data represented in their events. Elastic Security can ingest and normalize events from any ECS-compliant data source.