Elastic Security overviewedit

Elastic Security combines threat detection analytics, cloud native security, and endpoint protection capabilities in a single solution, so you can quickly detect, investigate, and respond to threats and vulnerabilities across your environment.

Elastic Security provides:

  • A detection engine that identifies a wide range of threats
  • A workspace for event triage, investigation, and case management
  • Interactive data visualization tools
  • Integrations for collecting data from various sources

Learn moreedit

  • Get started: Learn about system requirements, workspaces, configuration, and data ingestion.
  • Elastic Security UI overview: Navigate Elastic Security’s various tools and interfaces.
  • Detection rules: Use Elastic Security’s detection engine with custom and prebuilt rules.
  • Cloud native security: Enable cloud native security capabilities such as Cloud and Kubernetes security posture management, cloud native vulnerability management, and cloud workload protection for Kubernetes and VMs.
  • Install Elastic Defend: Enable key endpoint protection capabilities like event collection and malicious activity prevention.
  • Machine learning: Enable built-in machine learning tools to help you identify malicious behavior.
  • Advanced entity analytics: Leverage Elastic Security’s detection engine and machine learning capabilities to generate comprehensive risk analytics for hosts and users.
  • Elastic AI assistant: Ask AI Assistant questions about how to use Elastic Security, how to understand particular alerts and other documents, and how to write ES|QL queries.
  • Elastic Security fields and object schemas: Learn how to structure data for use with Elastic Security.

Elasticsearch and Kibanaedit

Elastic Security uses Elasticsearch for data storage, management, and search, and Kibana is its main user interface. Learn more:

  • Elasticsearch: A real-time, distributed storage, search, and analytics engine. Elastic Security stores your data using Elasticsearch.
  • Kibana: An open-source analytics and visualization platform designed to work with Elasticsearch and Elastic Security. Kibana allows you to search, view, analyze and visualize data stored in Elasticsearch indices.

Elastic Endpoint self-protectionedit

For information about Elastic Endpoint’s tamper-protection features, refer to Elastic Endpoint self-protection.