Elastic Security is the combination of the Elastic SIEM and Elastic Endpoint security. With Elastic Security you can protect your applications and your company against any kind of cybercrime. With the inbuilt Elastic detection rules the users get a very comprehensive set of rules to find anomalies within their security data. This repository extends this rules with rules made by the community like the SIGMA rules. The SIGMA rules are prebuilt for the Elastic detection engine and can be used immediatly. The following section shows all downloads that could extend your experience using Elastic Security.


Elastic Security examples

Sigma Windows Process Creation detection rules

A collection of rules based on the Sigma rules for Windows (process creation folder) based on Winlogbeat data .

Sigma AWS Cloudtrail Detection rules

A collection of rules based on the Sigma rules for AWS based on the Filebeat AWS module and Elastic agent integration.

Sigma Zeek Detection rules

A collection of rules based on the Sigma rules for Zeek based on the Filebeat Zeek module.


More about Elastic Security

Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, cloud monitoring, and more.