You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Elastic {{observability}} provides unified observability across applications and infrastructure. It combines logs, metrics, application traces, user experience data, and more into a single, integrated platform. This consolidation allows for powerful, cross-referenced analysis, enabling teams to move from detecting issues to understanding their root causes with speed and efficiency. By leveraging the search and analytics capabilities of {{es}}, it offers a holistic view of system behavior.
68
+
Elastic {{observability}} provides unified observability across applications and infrastructure. It combines logs, metrics, application traces, user experience data, and more into a single, integrated platform. This consolidation allows for powerful, cross-referenced analysis, enabling teams to move from detecting issues to understanding their root causes quickly and efficiently. By leveraging the search and analytics capabilities of {{es}}, it offers a holistic view of system behavior.
69
69
70
70
Elastic {{observability}} embraces open standards like OpenTelemetry for flexible data collection, and offers scalable, cost-efficient data retention with tiered storage.
71
71
@@ -83,7 +83,7 @@ Apply {{observability}} to various scenarios to improve operational awareness an
83
83
***Uptime monitoring:** Continuously check the status of services and applications to ensure they are available.
84
84
***Universal Profiling:** Gain visibility into system performance and identify expensive lines of code without application instrumentation, helping to increase CPU efficiency and reduce cloud spend.
85
85
***LLM Observability:** Gain deep insights into the performance, usage, and costs of Large Language Model (LLM) prompts and responses.
86
-
***Incident response and management:** Investigate operational incidents by correlating data from multiple sources, which accelerates root cause analysis and resolution.
86
+
***Incident response and management:** Investigate operational incidents by correlating data from multiple sources, accelerating root cause analysis and resolution.
@@ -115,10 +115,10 @@ Use {{elastic-sec}} to protect your systems from security threats.
115
115
:::{dropdown} Use cases
116
116
***SIEM:** {{elastic-sec}}'s modern SIEM provides a centralized platform for ingesting, analyzing, and managing security data from various sources.
117
117
***Third-party integration support:** Ingest data from a various tools and data sources so you can centralize your security data.
118
-
***Threat detection and analytics:** Identify unknown threats by enabling prebuilt or custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools.
118
+
***Threat detection and analytics:** Identify threats by using prebuilt rules with the ability to customize or create custom detection rules, automatically detect anomalous activity with built-in machine learning jobs, or proactively search for threats using our powerful threat hunting and interactive visualization tools.
119
119
***Automatic migration:** Migrate SIEM rules from other platforms to {{elastic-sec}}.
120
120
***Endpoint protection and threat prevention:** Automatically stop cybersecurity attacks—such as malware and ransomware—before damage and loss can occur.
121
-
***AI-powered features:** Leverage generative AI to help enhance threat detection, assist with incident response, and improve day-to-day security operations. For example, use AI Assistant to summarize alerts, identify relevant information, suggest investigation steps, and generate complex queries from natural language input.
121
+
***AI-powered features:** Leverage generative AI to help enhance threat detection, assist with incident response, and improve day-to-day security operations.
122
122
***Custom dashboards and visualizations:** Create custom dashboards and visualizations to gain insights into security events.
123
123
***Cloud Security:** {{elastic-sec}} provides the following cloud features:
124
124
***Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM):** Check cloud service configurations against security benchmarks to identify and resolve misconfigurations that can be exploited.
@@ -140,10 +140,12 @@ Before diving into setup and configuration, familiarize yourself with the founda
140
140
*[**Alerts:**](/solutions/security/detect-and-alert/manage-detection-alerts.md) Notifications that are generated when rule conditions are met. Alerts include a wide range of information about potential threats, including host, user, network, and other contextual data to assist your investigation.
141
141
*[**Machine learning and anomaly detection:**](/solutions/security/advanced-entity-analytics/anomaly-detection.md) Anomaly detection jobs identify anomalous events or patterns in your data. Use these with machine learning detection rules to generate alerts when behavior deviates from normal activity.
142
142
*[**Entity analytics:**](/solutions/security/advanced-entity-analytics/overview.md) A threat detection feature that combines the power of Elastic’s detection engine and machine learning capabilities to identify unusual behavior for hosts, users, and services.
143
-
*[**Cases:**](/solutions/security/investigate/cases.md)A tool that allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
144
-
*[**Timeline:**](/solutions/security/investigate/timeline.md)A threat hunting tool that allows you to investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share.
143
+
*[**Cases:**](/solutions/security/investigate/cases.md)Allows you to collect and share information about security issues. Opening a case lets you track key investigation details and collect alerts in a central location. You can also send cases to external systems.
144
+
*[**Timeline:**](/solutions/security/investigate/timeline.md)Investigate security events so you can gather and analyze data related to alerts or suspicious activity. You can add events to Timeline from various sources, build custom queries, and import/export a Timeline to collaborate and share.
145
145
*[**Security posture management:**](/solutions/security/cloud.md) Includes native cloud security features, such as Cloud Security Posture Management (CSPM) and Cloud Native Vulnerability Management (CNVM), that help you evaluate your cloud infrastructure's configuration against security best practices and identify vulnerabilities. You can use Elastic's native tools or ingest third-party cloud security data and incorporate it into {{elastic-sec}}'s workflows.
146
-
*[**AI Assistant:**](/solutions/security/ai/ai-assistant.md) A generative AI-powered tool that helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
146
+
*[**AI Assistant:**](/solutions/security/ai/ai-assistant.md) Helps with tasks like alert investigation, incident response, and query generation. It utilizes natural language processing and knowledge retrieval to provide context-aware assistance, summarize threats, suggest next steps, and automate workflows. Use AI Assistant to better understand and respond to security incidents.
147
+
*[**Attack Discovery:**](/solutions/security/ai/attack-discovery.md) Uses large language models (LLMs) to analyze security alerts, identify coordinated attack patterns, and provide actionable intelligence to security operations teams. It improves alert triage efficiency by automatically correlating related alerts into comprehensive, simplified threat summaries, allowing you to quickly understand and respond to the most impactful attacks.
148
+
*[**Elastic AI SOC Engine (EASE):**](/solutions/security/ai/ease/ease-intro.md) Integrates Elastic's AI-powered security tools into existing SIEM and EDR/XDR platforms to help mitigate alert fatigue, accelerate threat investigations, and improve response efficiency ({{serverless-short}} only).
147
149
:::
148
150
149
151
<!--TBD: Call out how solutions map to Serverless project types? -->
0 commit comments