Elastic Security is the combination of the Elastic SIEM and Elastic Endpoint security. With Elastic Security you can protect your applications and your company against any kind of cybercrime. With the inbuilt Elastic detection rules the users get a very comprehensive set of rules to find anomalies within their security data. This repository extends this rules with rules made by the community like the SIGMA rules. The SIGMA rules are prebuilt for the Elastic detection engine and can be used immediatly. The following section shows all downloads that could extend your experience using Elastic Security.


Elastic Security examples

A collection of Kibana dashboards to provide a holistic view of Microsoft Office 365 environments

Cloudflare dashboards and ingest pipelines to visualize cloudflare logs

Kibana dashboard example visualizing the results of the Elastic SIEM detection engine

Kibana Dashboard example to visualize osquery performance

Logstash Pipeline to load Meraki logs via Syslog into Elasticsearch

A Kibana Canvas dashboard example that visualizes suricata logs collected with Filebeat.

A collection of rules based on the Sigma detection rules for web server looks, e.g. apache, nginx or IIS.

A collection of rules based on the Sigma detection rules for proxy server and web server looks, e.g. zeek or suricata.

A collection of rules based on the Sigma detection rules for Windows Sysmon events based on Winlogbeat data.


More about Elastic Security

Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, cloud monitoring, and more.