From b4d3f25b93ee9eef9358e786054b0cf0643ccf88 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 24 Nov 2025 18:50:18 -0800 Subject: [PATCH 1/4] Creates feature tier comparison for Elastic Security Serverless --- .../security-serverless-feature-tiers.md | 80 +++++++++++++++++++ solutions/toc.yml | 1 + 2 files changed, 81 insertions(+) create mode 100644 solutions/security/security-serverless-feature-tiers.md diff --git a/solutions/security/security-serverless-feature-tiers.md b/solutions/security/security-serverless-feature-tiers.md new file mode 100644 index 0000000000..74bff3c865 --- /dev/null +++ b/solutions/security/security-serverless-feature-tiers.md @@ -0,0 +1,80 @@ +--- +navigation_title: Serverless feature tiers +applies_to: + serverless: ga +products: + - id: security +--- + +# {{elastic-sec}} feature tiers + +{{sec-serverless}} projects are available in the following tiers, each with a carefully selected set of features to enable security operations: + +* **Elastic AI SOC Engine (EASE)**: Use Elastic's AI-powered threat hunting and alert triage capabilities to complement a third-party SIEM deployment. +* **Security Analytics Essentials**: Everything most organizations need to operationalize traditional SIEM. +* **Security Analytics Complete**: All the capabilities included in **Security Analytics Essentials**, plus additional features that provide a more complete toolset. + +Both the **Security Analytics** tiers have **Add-on options** for endpoint protection and cloud protection. + +Refer to the [feature comparison table](#sec-subscription-features) for a more detailed comparison between the tiers. + +## Feature tier pricing [sec-subscription-pricing] + +For pricing information, refer to [Elastic Observability Serverless pricing](https://www.elastic.co/pricing/serverless-security). + +## Security Analytics feature comparison [sec-subscription-features] + +The following table compares features available in each feature tier: + +| **Feature Name** | **Security Analytics Complete** | **Security Analytics Essentials** | **EASE** | +| :--- | :---: | :---: | :---: | +| **[Cases](/solutions/security/investigate/cases.md) (collect and share information)** | ✅ | ✅ | ✅ | +| **Collaboration workflows** | ✅ | ✅ | ✅ | +| **[Native integrations](https://www.elastic.co/docs/reference/integrations) with third-party SIEM and EDR platforms** | ✅ | ✅ | ✅ | +| **Out of the box [dashboards](/solutions/security/dashboards.md)** | ✅ | ✅ | ❌ | +| **Prebuilt and custom [detection rules](/solutions/security/detect-and-alert.md)** | ✅ | ✅ | ❌ | +| **[Machine learning](/solutions/security/advanced-entity-analytics/anomaly-detection.md)** | ✅ | ✅ | ❌ | +| **Triage, investigation, and hunting** | ✅ | ✅ | ❌ | +| **[Threat intelligence integration](/solutions/security/get-started/enable-threat-intelligence-integrations.md)** | ✅ | ✅ | ❌ | +| **[AI Assistant](/solutions/security/ai/ai-assistant.md) with custom knowledge support** | ✅ | ❌ | ✅ | +| **[Attack Discovery](/solutions/security/ai/attack-discovery.md) (AI-powered alert correlation)** | ✅ | ❌ | ✅ | +| **[Automatic Import](/solutions/security/get-started/automatic-import.md) (AI-powered custom integrations)** | ✅ | ❌ | ❌ | +| **[Entity analytics / UEBA](/solutions/security/advanced-entity-analytics.md)** | ✅ | ❌ | ❌ | +| **Extended security content** | ✅ | ❌ | ❌ | +| **Threat intelligence management** | ✅ | ❌ | ❌ | + + +## Add-on options + +Both the **Security Analytics Complete** and **Security Analytics Essentials** feature tiers optional add-ons for **Endpoint protection** and **Cloud protection**. The features included in each add on vary by feature tier, as follows: + +**Endpoint protection add-on:** +| Feature Name | Complete | Essentials | +| :--- | :---: | :---: | +| **Elastic Defend for malware prevention** | ✅ | ✅ | +| **Ransomware protection** | ✅ | ✅ | +| **Memory and behavior prevention** | ✅ | ✅ | +| **Endpoint response actions** | ✅ | ❌ | +| **Advanced endpoint policy management** | ✅ | ❌ | + +**Cloud protection add-on:** +| Feature Name | Complete | Essentials | +| :--- | :---: | :---: | +| **Workload runtime protection** | ✅ | ✅ | +| **Cloud native posture management for Kubernetes, AWS, GCP & more** | ✅ | ✅ | +| **Drift protection for containers** | ✅ | ❌ | +| **Response actions** | ✅ | ❌ | + + +## Upgrade to a higher feature tier [sec-subscription-upgrade] + +:::{warning} +Upgrading a project to a higher feature tier is permanent. +::: + +To access the additional features available in a higher feature tier: + +1. From the [{{ecloud}} Console](https://cloud.elastic.co), select **Manage** next to the {{serverless-short}} project you want to upgrade. +1. Next to **Project features**, select **Edit**. +1. Select your desired feature tier. +1. Select **Save** to complete the upgrade. \ No newline at end of file diff --git a/solutions/toc.yml b/solutions/toc.yml index 0263947dd1..412b5b7394 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -767,4 +767,5 @@ toc: - file: security/advanced-entity-analytics/privileged-user-monitoring-setup.md - file: security/advanced-entity-analytics/monitor-privileged-user-activitites.md - file: security/asset-management.md + - file: security/security-serverless-feature-tiers.md - file: security/apis.md From 03595ff784eb1096a923afc57f8de7216e5abac0 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 24 Nov 2025 19:16:29 -0800 Subject: [PATCH 2/4] adds add-on features --- .../security-serverless-feature-tiers.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/solutions/security/security-serverless-feature-tiers.md b/solutions/security/security-serverless-feature-tiers.md index 74bff3c865..ab1e7afe79 100644 --- a/solutions/security/security-serverless-feature-tiers.md +++ b/solutions/security/security-serverless-feature-tiers.md @@ -34,7 +34,7 @@ The following table compares features available in each feature tier: | **Out of the box [dashboards](/solutions/security/dashboards.md)** | ✅ | ✅ | ❌ | | **Prebuilt and custom [detection rules](/solutions/security/detect-and-alert.md)** | ✅ | ✅ | ❌ | | **[Machine learning](/solutions/security/advanced-entity-analytics/anomaly-detection.md)** | ✅ | ✅ | ❌ | -| **Triage, investigation, and hunting** | ✅ | ✅ | ❌ | +| **[Triage](/solutions/security/detect-and-alert/manage-detection-alerts.md), [investigation](/solutions/security/investigate.md), and [hunting](https://www.elastic.co/security/threat-hunting)** | ✅ | ✅ | ❌ | | **[Threat intelligence integration](/solutions/security/get-started/enable-threat-intelligence-integrations.md)** | ✅ | ✅ | ❌ | | **[AI Assistant](/solutions/security/ai/ai-assistant.md) with custom knowledge support** | ✅ | ❌ | ✅ | | **[Attack Discovery](/solutions/security/ai/attack-discovery.md) (AI-powered alert correlation)** | ✅ | ❌ | ✅ | @@ -51,19 +51,19 @@ Both the **Security Analytics Complete** and **Security Analytics Essentials** f **Endpoint protection add-on:** | Feature Name | Complete | Essentials | | :--- | :---: | :---: | -| **Elastic Defend for malware prevention** | ✅ | ✅ | -| **Ransomware protection** | ✅ | ✅ | -| **Memory and behavior prevention** | ✅ | ✅ | -| **Endpoint response actions** | ✅ | ❌ | -| **Advanced endpoint policy management** | ✅ | ❌ | +| **[Malware prevention](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#malware-protection)** | ✅ | ✅ | +| **[Ransomware protection](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#ransomware-protection)** | ✅ | ✅ | +| **[Memory](/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#memory-protection) and [behavior prevention](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#behavior-protection)** | ✅ | ✅ | +| **[Endpoint response actions](/solutions/security/endpoint-response-actions.md)** | ✅ | ❌ | +| **Advanced [endpoint policy management](/solutions/security/manage-elastic-defend/endpoints.md)** | ✅ | ❌ | **Cloud protection add-on:** | Feature Name | Complete | Essentials | | :--- | :---: | :---: | -| **Workload runtime protection** | ✅ | ✅ | -| **Cloud native posture management for Kubernetes, AWS, GCP & more** | ✅ | ✅ | +| **[Workload runtime protection](/solutions/security/cloud/cloud-workload-protection-for-vms.md)** | ✅ | ✅ | +| **[Cloud native posture management](/solutions/security/cloud/security-posture-management-overview.md) for Kubernetes, AWS, GCP & more** | ✅ | ✅ | | **Drift protection for containers** | ✅ | ❌ | -| **Response actions** | ✅ | ❌ | +| **[Response actions](solutions/security/endpoint-response-actions.md)** | ✅ | ❌ | ## Upgrade to a higher feature tier [sec-subscription-upgrade] From dfde605f3cda05d9fb210b69f6f8ea2931d85e0e Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 25 Nov 2025 10:21:12 -0800 Subject: [PATCH 3/4] fixes broken links --- solutions/security/security-serverless-feature-tiers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/security-serverless-feature-tiers.md b/solutions/security/security-serverless-feature-tiers.md index ab1e7afe79..9b6cbdefc3 100644 --- a/solutions/security/security-serverless-feature-tiers.md +++ b/solutions/security/security-serverless-feature-tiers.md @@ -63,7 +63,7 @@ Both the **Security Analytics Complete** and **Security Analytics Essentials** f | **[Workload runtime protection](/solutions/security/cloud/cloud-workload-protection-for-vms.md)** | ✅ | ✅ | | **[Cloud native posture management](/solutions/security/cloud/security-posture-management-overview.md) for Kubernetes, AWS, GCP & more** | ✅ | ✅ | | **Drift protection for containers** | ✅ | ❌ | -| **[Response actions](solutions/security/endpoint-response-actions.md)** | ✅ | ❌ | +| **[Response actions](/solutions/security/endpoint-response-actions.md)** | ✅ | ❌ | ## Upgrade to a higher feature tier [sec-subscription-upgrade] From 7c7ac722e866b14217a904340edba6afecc4463f Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 25 Nov 2025 10:23:00 -0800 Subject: [PATCH 4/4] Update security-serverless-feature-tiers.md --- solutions/security/security-serverless-feature-tiers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/security-serverless-feature-tiers.md b/solutions/security/security-serverless-feature-tiers.md index 9b6cbdefc3..49356c4697 100644 --- a/solutions/security/security-serverless-feature-tiers.md +++ b/solutions/security/security-serverless-feature-tiers.md @@ -53,7 +53,7 @@ Both the **Security Analytics Complete** and **Security Analytics Essentials** f | :--- | :---: | :---: | | **[Malware prevention](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#malware-protection)** | ✅ | ✅ | | **[Ransomware protection](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#ransomware-protection)** | ✅ | ✅ | -| **[Memory](/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#memory-protection) and [behavior prevention](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#behavior-protection)** | ✅ | ✅ | +| **[Memory](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#memory-protection) and [behavior prevention](/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md#behavior-protection)** | ✅ | ✅ | | **[Endpoint response actions](/solutions/security/endpoint-response-actions.md)** | ✅ | ❌ | | **Advanced [endpoint policy management](/solutions/security/manage-elastic-defend/endpoints.md)** | ✅ | ❌ |