Elastic Cloud gives you the flexibility to run where you want. Deploy our managed service on Google Cloud, Microsoft Azure, or Amazon Web Services, and we'll handle the maintenance and upkeep for you.
Dedicated support and more features.
Everything in Standard plus:
Advanced functionality with 24/7 support.
Everything in Gold plus:
The fully loaded package with endpoint protection by default.
Everything in Platinum plus:
Platform Services
Managed Elasticsearch and Kibana
Same day version availability
Instant access to security patches
Single-click deployment upgrades
In-place configuration change
Deployment templates
Hot-warm architecture, with automated index curation
Automated snapshots (configurable, default every 30 minutes)
REST API for deployment management
REST API support in ecctl CLI, Golang SDK, and generated SDKs
Providers: AWS, Azure, Google Cloud
FedRAMP authorized at Moderate Impact level on AWS GovCloud (US)2
High availability across zones
Console signup with Google Account
Multi-factor authentication
AWS Marketplace billing integration
Microsoft Azure Marketplace billing integration
Google Cloud Marketplace billing integration
AWS PrivateLink integration
IP filtering
SOC 2 and CSA Star 2 compliance
HIPAA BAA ready
ISO 27001/27017/27018
Elastic Stack Operation & Management
Inverted index (for search)
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, geo)
Flattened field type
Histogram field type
Shape field type
Vector field type
Version field type
Wildcard field type
Frozen indices (for long-term storage)
Searchable snapshots
Snapshot/restore APIs
Snapshot lifecycle management
Minimal snapshots
Data rollups
Data streams
Data transforms
Index management
Index lifecycle management
Data import tutorials
Ingest Node Pipeline Builder UI
Grok Debugger
Upgrade Assistant
Centralized Beats management
Centralized Logstash pipeline management
Clustering and high availability
Automatic data rebalancing
Cross-cluster search
Voting only nodes
Dedicated master nodes
Dedicated coordinating nodes
Secure settings
Data encryption at rest
Encrypted node-to-node communications
Role-based access control
Native authentication
Kibana Spaces
Kibana feature controls
API Keys management
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication and authorization realms
Full-stack monitoring (including Beats and Logstash)
Multi-stack monitoring
Configurable retention policy
Kibana alerting and actions4
Automatic stack issue alerts
Watcher
Kibana alerts
Kibana actions: index and logging
Kibana actions: email, PagerDuty, ServiceNow®, Slack, Jira, IBM Resilient, webhooks
Atlassian Jira integration
ServiceNow ITSM integration
Search & Analysis
Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Async search
Results pinning
Query profiler
Dynamically updateable synonyms
Similarity functions for vector fields
Aggregations
Boxplot aggregation
Cumulative cardinality aggregation
Moving percentiles aggregation
Normalize aggregation
Rate aggregation
String stats aggregation
Top metrics aggregation
T-test aggregation
Geoshape aggregations
Graph exploration
File import wizard
Data Visualizer
Anomaly detection on time series
Outlier detection
Regression
Classification
Population/entity analysis
Log message categorization
Root cause indication
Alerting on anomalies
Forecasting on time series
Inference
Feature importance
Model snapshot management
Language identification
Data Ingest & Transformation
Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat, real browser-based synthetic monitoring agent
Functionbeat
Logstash
ES-Hadoop
File import wizard
Elastic Endgame1
Fleet app
Fleet integrations
Elastic Agent
Selective agent binary updates
Selective agent policy reassignment
Selective agent unenrollment
Operating systems
Web servers and proxies
Datastores and queues
Cloud services
Containers and orchestration
MQTT
Prometheus
ActiveMQ
ArcSight CEF
Audit system data
AWS (S3, EC2, ELB, Billing, CloudTrail, etc.)
Azure
Check Point Firewall
Cisco IOS/ASA, Firepower & Umbrella
CockroachDB
CoreDNS
Crowdstrike Falcon
Docker Logging Plugin
Envoy Proxy
Fortinet Fortigate
Google Cloud (Pub/Sub, VPC, etc.)
Google Workspace
IBM MQ
Iptables
Istio Service Mesh
Juniper SRX
Microsoft 365 Defender & Defender for Endpoint
Microsoft (Office) 365
Microsoft SQL Server
Microsoft Windows Security Events
MISP
NetFlow and IPFIX
Okta
Oracle Database
Palo Alto Firewalls
PowerShell
Pivotal Cloud Foundry (PCF)
Redis Enterprise
Session initiation protocol (SIP)
Sophos XG
Suricata
Sysmon
Zeek (formerly Bro)
Zoom
Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match and geo-match enrich processor
Data Exploration & Visualization
Dashboards
Drilldown between dashboards
Drilldown to URL
Discover
Console
Kibana query autocomplete
Graph analytics
Elastic Observability
Observability overview
User Experience overview
Elastic APM3
Elastic Logs
Log shipper (Filebeat)
Dashboards for common data sources
Logs app
Elastic Metrics
Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app
Elastic Uptime
Send data using Heartbeat
Uptime dashboards in Kibana
Uptime app
Elastic Security
Elastic Common Schema
Security information and event management (SIEM)
Host security analysis
Network security analysis
Timeline event explorer
Case management
Detection engine (e.g., correlation, indicator match, threshold)
Prebuilt detection rules
Detection rule external actions
Machine learning anomaly detection
Prebuilt anomaly detection jobs
Malware prevention and data collection
Elastic Endgame1
Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management
EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistance
Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Customizable protection rules and automated responses
Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files
Artemis(TM) - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives, and discover persistence
Automated memory analysis
Outlier analysis
File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads
Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting
Elastic Maps
Elastic App Search
Index once, sort all you want
Customizable relevance model
Language-specific relevance
Analytics API
Clickthrough API
Index lifecycle management
Elastic Workplace Search
Workplace Search server
Unified search interface
Natural language query filtering
Search history
Typo-tolerant relevance model
Content source prioritization
Search API
First-party cloud source synchronization
First-party on-premise source synchronization
Custom source support
Full-text content indexing for files, documents, and records
Document-level permission support
Private sources
Support
Support coverage
Business hours
24/7/365
24/7/365
Response times
Critical: 4 hrs
L2: 1 day
L3: 2 days
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Unlimited # of incidents
Support contacts
2
6
8
8
Ticket-based support
SLA-based support
Platform Services
Managed Elasticsearch and Kibana
Same day version availability
Instant access to security patches
Single-click deployment upgrades
In-place configuration change
Deployment templates
Hot-warm architecture, with automated index curation
Automated snapshots (configurable, default every 30 minutes)
REST API for deployment management
REST API support in ecctl CLI, Golang SDK, and generated SDKs
Providers: AWS, Azure, Google Cloud
FedRAMP authorized at Moderate Impact level on AWS GovCloud (US)2
High availability across zones
Console signup with Google Account
Multi-factor authentication
AWS Marketplace billing integration
Microsoft Azure Marketplace billing integration
Google Cloud Marketplace billing integration
AWS PrivateLink integration
IP filtering
SOC 2 and CSA Star 2 compliance
HIPAA BAA ready
ISO 27001/27017/27018
Elastic Stack Operation & Management
Inverted index (for search)
Document store (for unstructured)
Columnar store (for analytics)
BKD trees (for numeric, dates, geo)
Flattened field type
Histogram field type
Shape field type
Vector field type
Version field type
Wildcard field type
Frozen indices (for long-term storage)
Searchable snapshots
Snapshot/restore APIs
Snapshot lifecycle management
Minimal snapshots
Data rollups
Data streams
Data transforms
Index management
Index lifecycle management
Data import tutorials
Ingest Node Pipeline Builder UI
Grok Debugger
Upgrade Assistant
Centralized Beats management
Centralized Logstash pipeline management
Clustering and high availability
Automatic data rebalancing
Cross-cluster search
Voting only nodes
Dedicated master nodes
Dedicated coordinating nodes
Secure settings
Data encryption at rest
Encrypted node-to-node communications
Role-based access control
Native authentication
Kibana Spaces
Kibana feature controls
API Keys management
Elasticsearch Token Service
Single sign-on (SAML, OpenID Connect, Kerberos)
Attribute-based access control
Field- and document-level security
Custom authentication and authorization realms
Full-stack monitoring (including Beats and Logstash)
Multi-stack monitoring
Configurable retention policy
Kibana alerting and actions4
Automatic stack issue alerts
Watcher
Kibana alerts
Kibana actions: index and logging
Kibana actions: email, PagerDuty, ServiceNow®, Slack, Jira, IBM Resilient, webhooks
Atlassian Jira integration
ServiceNow ITSM integration
Search & Analysis
Relevance scoring
Highlighting
Type ahead
Corrections
Suggestions
Percolations
Async search
Results pinning
Query profiler
Dynamically updateable synonyms
Similarity functions for vector fields
Aggregations
Boxplot aggregation
Cumulative cardinality aggregation
Moving percentiles aggregation
Normalize aggregation
Rate aggregation
String stats aggregation
Top metrics aggregation
T-test aggregation
Geoshape aggregations
Graph exploration
File import wizard
Data Visualizer
Anomaly detection on time series
Outlier detection
Regression
Classification
Population/entity analysis
Log message categorization
Root cause indication
Alerting on anomalies
Forecasting on time series
Inference
Feature importance
Model snapshot management
Language identification
Data Ingest & Transformation
Filebeat, Metricbeat, Winlogbeat, Packetbeat, Heartbeat, Auditbeat, real browser-based synthetic monitoring agent
Functionbeat
Logstash
ES-Hadoop
File import wizard
Elastic Endgame1
Fleet app
Fleet integrations
Elastic Agent
Selective agent binary updates
Selective agent policy reassignment
Selective agent unenrollment
Operating systems
Web servers and proxies
Datastores and queues
Cloud services
Containers and orchestration
MQTT
Prometheus
ActiveMQ
ArcSight CEF
Audit system data
AWS (S3, EC2, ELB, Billing, CloudTrail, etc.)
Azure
Check Point Firewall
Cisco IOS/ASA, Firepower & Umbrella
CockroachDB
CoreDNS
Crowdstrike Falcon
Docker Logging Plugin
Envoy Proxy
Fortinet Fortigate
Google Cloud (Pub/Sub, VPC, etc.)
Google Workspace
IBM MQ
Iptables
Istio Service Mesh
Juniper SRX
Microsoft 365 Defender & Defender for Endpoint
Microsoft (Office) 365
Microsoft SQL Server
Microsoft Windows Security Events
MISP
NetFlow and IPFIX
Okta
Oracle Database
Palo Alto Firewalls
PowerShell
Pivotal Cloud Foundry (PCF)
Redis Enterprise
Session initiation protocol (SIP)
Sophos XG
Suricata
Sysmon
Zeek (formerly Bro)
Zoom
Index time enrichment
Processors
Analyzers
Tokenizers
Filters
Grok
Field transformation
External lookup enrichment
Circle ingest processor
Match and geo-match enrich processor
Data Exploration & Visualization
Dashboards
Drilldown between dashboards
Drilldown to URL
Discover
Console
Kibana query autocomplete
Graph analytics
Elastic Observability
Observability overview
User Experience overview
Elastic APM3
Elastic Logs
Log shipper (Filebeat)
Dashboards for common data sources
Logs app
Elastic Metrics
Metric shipper (Metricbeat)
Dashboards for common data sources
Metrics app
Elastic Uptime
Send data using Heartbeat
Uptime dashboards in Kibana
Uptime app
Elastic Security
Elastic Common Schema
Security information and event management (SIEM)
Host security analysis
Network security analysis
Timeline event explorer
Case management
Detection engine (e.g., correlation, indicator match, threshold)
Prebuilt detection rules
Detection rule external actions
Machine learning anomaly detection
Prebuilt anomaly detection jobs
Malware prevention and data collection
Elastic Endgame1
Role-based access control
LDAP authentication
Single sign-on (SAML 2.0)
Mutual authentication between the platform and endpoint
RESTful API
Policy-based management
EPP and EDR on Windows, Linux, macOS
Security event collection and storage
Tamper resistance
Malware, ransomware, phishing
Memory injection, software exploitation
Adversary, tactics, techniques, and behaviors
In-memory attacks
Customizable protection rules and automated responses
Isolate hosts
Kill process
Suspend thread execution
Automated file quarantine
Delete, upload, execute files
Artemis(TM) - AI-powered natural-language chat-bot
Search for IoCs and hunt using EQL
Audit system information, applications, file systems, and host firewall
Audit loaded drivers and removable media
Audit running processes, network events, registry hives, and discover persistence
Automated memory analysis
Outlier analysis
File, Process, Network, DNS, Registry, Security, PowerShell, Windows Management Instrumentation, Common Language Runtime, Windows API
DLL and driver loads
Visual attack analysis, enriched with context from MITRE ATT&CK
Alert dashboards
Operations dashboards
Customizable reporting
Elastic Maps
Elastic App Search
Index once, sort all you want
Customizable relevance model
Language-specific relevance
Analytics API
Clickthrough API
Index lifecycle management
Elastic Workplace Search
Workplace Search server
Unified search interface
Natural language query filtering
Search history
Typo-tolerant relevance model
Content source prioritization
Search API
First-party cloud source synchronization
First-party on-premise source synchronization
Custom source support
Full-text content indexing for files, documents, and records
Document-level permission support
Private sources
Support
Support coverage
Response times
Unlimited # of incidents
Support contacts
Ticket-based support
SLA-based support
10
18
18
18
14
14
14
Business hours
24/7/365
24/7/365
Critical: 4 hrs
L2: 1 day
L3: 2 days
L2: 1 day
L3: 2 days
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
Critical: 1 hr
L2: 4 hrs
L3: 1 day
L2: 4 hrs
L3: 1 day
2
6
8
8
1 Elastic Endgame features in the Enterprise subscription require an annual commitment and are not available for the monthly plan.
2 Elastic Cloud subscriptions on AWS GovCloud (US) are only available annually at this time (not monthly).
3 Elastic APM is not supported on Elastic Cloud Standard when purchased through the AWS Marketplace.
4 Refer to the Alerting section (Kibana Alerting and Kibana Actions items) for further details.