NEW in Elastic 8.14: Attack Discovery, GA of ES|QL, and AI Assistant features

Security-release-header-image.jpg

Elastic 8.14 is now available! This release supports our mission to modernize security operations with AI-driven security analytics. 8.14 includes major features like the brand new Attack Discovery, significant enhancements to Elastic AI Assistant for Security, and the general availability of ES|QL — all of which provide the SOC with contextual, streamlined SecOps. 

Elastic Security 8.14 is available now on Elastic Cloud — the only hosted Elasticsearch offering to include all of the new features in this latest release. You can also download the Elastic Stack and our cloud orchestration products — Elastic Cloud Enterprise and Elastic Cloud for Kubernetes — for a self-managed experience.

What else is new? Check out the Elastic 8.14 announcement post to learn more.

Automate triage with Attack Discovery!

Attack Discovery is a new generative AI feature designed to enhance the detection and understanding of complex attack patterns with the power of the Elastic Search AI Platform, which uniquely combines search and retrieval augmented generation (RAG) to provide hyper-relevant results that matter. This innovation equips security analysts with advanced tools to swiftly and accurately identify attack chains, offering actionable intelligence that simplifies the alert landscape and reduces mean time to detect and respond (MTTR/MTTD).

1 - attack discovery

Leveraging generative AI, Attack Discovery seamlessly transforms a flood of alerts into a clear and comprehensive overview of attack progressions, enabling teams to respond to cyber threats with exceptional precision and speed. By connecting isolated alerts into a cohesive narrative to reveal attack sequences, this feature uncovers underlying coordinated attacks, simplifies the communication of attack progressions, and allows analysts to trace the entire attack chain and produce comprehensive reports with actionable insights. Additionally, the seamless integration with the Elastic AI Assistant enables analysts to ask follow-up questions and requests like “How can I remediate this threat?” and “Provide me with an ES|QL query that isolates actions taken by this user.”

You can check out a short demo of this feature here.

ES|QL is now generally available in Elastic Security

Elastic’s piped query language, ES|QL, is now generally available! This intuitive language provides security professionals with the ability to search quickly and efficiently while enabling transformations and aggregation of data via a piped syntax. ES|QL empowers security professionals to:

  • Search quickly and immediately enrich results with context or aggregate them for further analysis  

  • Create detection engineering ES|QL rules for alert generation and automated actions

  • Streamline threat hunting and investigations by searching within Elastic Security’s Timeline

Additionally, Elastic’s powerful and expanding host of AI capabilities means that security professionals can generate ES|QL queries from natural language prompts using AI Assistant, made possible with Elastic Learned Sparse EncodeR (ELSER).

For more examples on how you can leverage ES|QL, check out how we’re utilizing it in our research on Elastic Security Labs.

Improvements to AI Assistant

Elastic AI Assistant for Security becomes even more powerful with streaming responses, a new interface, better security, and more. These improvements provide security professionals with quality of life updates and further streamline the analyst experience.

Streaming responses and persisted chats

Streaming responses improves user interaction by delivering responses in real time, mimicking a natural conversation flow. As responses build incrementally, users experience a more dynamic and engaging interaction, allowing for immediate follow-ups and clarifications. By keeping interactions fluid and engaging, streaming responses improve the overall efficiency and user experience with the Elastic AI Assistant.

Video thumbnail

As part of the 8.14 release, Elastic AI Assistant also persists chats — ensuring seamless access to conversations across devices and sessions and eliminating the disruption of lost context. This feature improves productivity by allowing users to effortlessly continue their interactions from where they left off. Additionally, persisted chat logs allow for the creation of alerts, enabling traceability and easy follow up. 

Centralized management

In this release, we’re excited to bring you more enterprise-level controls to enforce robust security and privacy policies. This feature significantly simplifies the enforcement of organizational policies by allowing administrators to dictate anonymization and allowed field settings. This is especially crucial for managing alerts containing personal identifiers or confidential data, ensuring that sensitive details are obscured to maintain privacy and compliance. By mitigating the risks of data leakage, centralized management helps organizations adhere to stringent data protection standards.

2 - elastic ai assistant

Moreover, the integration of advanced role-based access control (RBAC) enhances security by limiting who can modify these critical settings within the organization. This added layer of control ensures that only authorized personnel can adjust anonymization and field settings, reinforcing the organization’s data protection strategy.

New interface

The AI Assistant user interface has changed to promote usability and seamless integration into existing workflows. The new expandable flyout feature accommodates various content and responses, improving the AI Assistant's functionality and overall user experience within the Elastic ecosystem.

Video thumbnail

New LLM choice: Utilize the Claude 3 models

Elastic's open framework facilitates seamless integration with various LLM providers, including locally hosted models, enabling adaptation to the rapidly evolving AI landscape. Elastic Security enhances its AI-driven workflows with the integration of Anthropic’s Claude 3 family of models for AI Assistant and Attack Discovery. By supporting all major LLM providers, we offer users the flexibility to choose models that best fit their operational needs and budget. 

Claude 3 models, known for their larger context window and cost-effective performance, provide more precise and context-aware threat detection, enhancing the identification and response to complex threats. The Claude 3 family includes the Haiku, Sonnet, and Opus models — each tailored to different use cases, ensuring that security teams can select the optimal model for their specific requirements. Haiku offers a cost-effective solution for simple queries; Sonnet strikes a balance between affordability and precision; and Opus delivers high accuracy for critical security scenarios.

Harness AI with Elastic Security

You can read about these capabilities and more in the release notes. Upgrading to a new release can be intimidating, which is why Elastic Security has many resources to help you navigate the process. In addition to Elastic’s Support team, there’s a lively community of Elastic users, experts, PMs, and developers available to everyone on the Elastic Slack and Discuss forums.

Interested in learning more about generative AI? Elastic Security Labs recently published a brand new report: the LLM Safety Assessment. Explore the top 10 most common LLM-based attacks techniques and uncover how these abuses can be mitigated.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.