Elastic Security Integration
Elastic Security is a single solution that unifies prevention, detection, response, and threat hunting to stop attacks. It delivers layered, signatureless preventions; deep, contextualized visibility into security events across host, network, cloud and user domains; and a rich set of response capabilities – all within a single, lightweight agent. It is driven by a scalable and easy-to-use SaaS or on-prem management platform and supports easy integration with other tools through a fully documented API. Elastic Security is trusted by organizations of all sizes to protect their data from attack.
This integrations will create a specific ECS 8.0.0 compliant index for Threat Intelligence in Elastic Security providing Maltiverse Threat Intelligence feeds for IP, Hostnames, URL’s and file Hashes related fields. That will automatically trigger new alerts pointing out to possible Security Incidents whenever some log entries matches this index.
It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.