Elastic Security

• A detection engine to identify attacks and system misconfiguration
• A workspace for event triage and investigations
• Embedded case management and automated actions
• Detection of signatureless attacks with prebuilt machine learning anomaly jobs and detection rules

Auditbeat, , Winlogbeat, and send security events and other data to Elasticsearch.

The agent detects and protects against malware, and ships host and network events directly to Elastic Security.

Elastic Security can ingest and normalize events from ECS-compatible data sources.

• Get Started with Elasticsearch: Video