Elastic Security is the combination of SIEM and Endpoint protection within one single tool. While the Elastic Security Endpoint agent is collecting data from the host for the SIEM it also actively prevents against Malware and Ransomware attacks. Since v. 7.14 Elastic has the first open and limitless XDR solution in the market. Users of the free ELK stack based SIEM solution get the ability to prevent, detect, and respond to threats before adversaries can steal sensitive information or sabotage operations. The Kibana dashboards in this category helping to get better overview about security related data within in the Elastic Stack. They also show how to use the results of the SIEM detection engine to get better understanding of the current system status. In addition to that you also find additional alerting rules in this section.


Elastic Security downloads

osquery performance dashboard

Kibana Dashboard example to visualize osquery performance

Logstash Meraki Pipeline

Logstash Pipeline to load Meraki logs via Syslog into Elasticsearch

Filebeat Suricata Canvas dashboard

A Kibana Canvas dashboard example that visualizes suricata logs collected with Filebeat.

Sigma Elastic SIEM rules for web server logs

A collection of rules based on the Sigma detection rules for web server looks, e.g. apache, nginx or IIS.

Sigma detection rules for proxy server logs

A collection of rules based on the Sigma detection rules for proxy server and web server looks, e.g. zeek or suricata.

Sigma Sysmon detection rules

A collection of rules based on the Sigma detection rules for Windows Sysmon events based on Winlogbeat data.

Sigma Windows Process Creation detection rules

A collection of rules based on the Sigma rules for Windows (process creation folder) based on Winlogbeat data .

Sigma Windows inbuilt detection rules

A collection of rules based on the Sigma rules for Windows (inbuilt folder) based on Winlogbeat data .

Sigma AWS Cloudtrail Detection rules

A collection of rules based on the Sigma rules for AWS based on the Filebeat AWS module and Elastic agent integration.


More about Elastic Security

Elastic Security unites two critical components of cybersecurity — endpoint security and SIEM — to prevent, detect, and respond to threats. Building blocks for the industries first open and limitless XDR solution.

Elastic Security helps you

  • Automate threat detection to identify priority issues before damage occurs
  • Leverage machine learning to improve accuracy at scale
  • Customize workflows and visualizations to accelerate investigations and response
  • Collaborate with case management and third-party integrations to increase team efficiency