Elastic Security is the combination of the Elastic SIEM and Elastic Endpoint security. With Elastic Security you can protect your applications and your company against any kind of cybercrime. With the inbuilt Elastic detection rules the users get a very comprehensive set of rules to find anomalies within their security data. This repository extends this rules with rules made by the community like the SIGMA rules. The SIGMA rules are prebuilt for the Elastic detection engine and can be used immediatly. The following section shows all downloads that could extend your experience using Elastic Security.


Elastic Security examples

Office 365 dashboards

A collection of Kibana dashboards to provide a holistic view of Microsoft Office 365 environments

Cloudflare Kibana dashboards

Cloudflare dashboards and ingest pipelines to visualize cloudflare logs

Threat detection Kibana dashboard

Kibana dashboard example visualizing the results of the Elastic SIEM detection engine

osquery performance dashboard

Kibana Dashboard example to visualize osquery performance

Logstash Meraki Pipeline

Logstash Pipeline to load Meraki logs via Syslog into Elasticsearch

Filebeat Suricata Canvas dashboard

A Kibana Canvas dashboard example that visualizes suricata logs collected with Filebeat.

Sigma Elastic SIEM rules for web server logs

A collection of rules based on the Sigma detection rules for web server looks, e.g. apache, nginx or IIS.

Sigma detection rules for proxy server logs

A collection of rules based on the Sigma detection rules for proxy server and web server looks, e.g. zeek or suricata.

Sigma Sysmon detection rules

A collection of rules based on the Sigma detection rules for Windows Sysmon events based on Winlogbeat data.


More about Elastic Security

Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, cloud monitoring, and more.