Elastic Security requirements

edit

Elastic Security requirements

edit

The Support Matrix page lists officially supported operating systems, platforms, and browsers on which components such as Beats, Elastic Agent, Elastic Defend, and Elastic Endpoint have been tested.

Space and index privileges

edit

Provide access to Elastic Security by assigning a user the appropriate predefined user role or a custom role with specific privileges.

To use Elastic Security, your role must have at least:

  • Read privilege for the Security feature in the space. This grants you Read access to all features in Elastic Security except cases. You need additional minimum privileges to use cases.
  • Read and view_index_metadata privileges for all Elastic Security indices, such as filebeat-*, packetbeat-*, logs-*, and endgame-* indices.

Advanced settings describes how to modify Elastic Security indices.

For more information about index privileges, refer to Elasticsearch security privileges.

Feature-specific requirements

edit

There are some additional requirements for specific features:

Advanced configuration and UI options

edit

Advanced settings describes how to modify advanced settings, such as the Elastic Security indices, default time intervals used in filters, and IP reputation links.

Third-party collectors mapped to ECS

edit

The Elastic Common Schema (ECS) defines a common set of fields to be used for storing event data in Elasticsearch. ECS helps users normalize their event data to better analyze, visualize, and correlate the data represented in their events. Elastic Security can ingest and normalize events from any ECS-compliant data source.

Elastic Security requires ECS-compliant data. If you use third-party data collectors to ship data to Elasticsearch, the data must be mapped to ECS. Elastic Security ECS field reference lists ECS fields used in Elastic Security.