Yesterday, the team behind Elastic Stack announced the release of Elastic Stack 7.2.0. The major highlight of this release is the free availability of Elastic SIEM (Security information and event management) as a part of Elastic’s default distribution. The Elastic SIEM app provides interactivity, ad hoc search, responsive drill downs and packages it into an intuitive product experience.
Elastic Stack 7.2.0 also comes with the free availability of the Elastic app search for its users, which was only available as a hosted service up until now. With this release, Elastic has advanced the Kubernetes and container monitoring initiative to include the monitoring of the NATS open source messaging system, CoreDNS, and to support the CRI-O format container logs.
https://youtu.be/bmx13X87e2s
What is Elastic SIEM?
The SIEM app is an interactive UI workspace for security teams to triage events and perform initial investigations. It assigns a Timeline Event Viewer which allows analysts to gather and store evidence of an attack, pin and comment on relevant events, and share their findings all from within Kibana. Kibana is an open source data visualization plugin for Elasticsearch. Elastic SIEM is being introduced as a beta in the 7.2 release of the Elastic Stack.
Image Source: Elastic blog
The Elastic SIEM app enables analysis of host-related and network-related security events as part of alert investigations or interactive threat hunting, including the following:
- The Hosts view in the SIEM app provides key metrics regarding host-related security events, and a set of data tables that enable interaction with the Timeline Event Viewer.
- The Network view in the SIEM app informs analysts of key network activity metrics, facilitates investigation time enrichment, and provides network event tables that enable interaction with the Timeline Event Viewer.
- Analysts can easily drag objects of interest into the Timeline Event Viewer to create the required query filter to get to the bottom of an alert. With Auto-saving, it is possible to ensure that the results of the investigation are available for incident response teams.
Elastic SIEM is available on the Elasticsearch Service on Elastic Cloud, or for download. Since this a major feature of Elastic Stack, it has got people quite excited.
https://twitter.com/cbnetsec/status/1143661272594096128
https://twitter.com/neu5ron/status/1143623893476958208
https://twitter.com/netdogca/status/1143581280837107714
https://twitter.com/tommyyyyyyyy/status/1143791589325725696
General availability of Elastic App Search on-premise
With the Elastic Stack 7.2.0 version, the Elastic App Search product is going to be freely available for users as a downloadable, self-managed search solution.
Though Elastic App Search has been around for over a decade as a cloud-based solution, users of Elastic will have a greater flexibility to build fluid and engaging search experiences.
As part of this release, the below services will be offered in a downloadable form:
- Simple and focused data ingestion
- Powerful search APIs and UI frameworks
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime
- Insightful analytics
- Intuitive relevance controls
Elastic Stack 7.2.0 is also introducing the Metrics Explorer. It will enable users to quickly visualize the most important infrastructure metrics and interact with them using common tags and chart groupings inside the Infrastructure app. With this feature, users can create a chart and see on the dashboard.
Other Highlights
- Elasticsearch simplifies search-as-you-type, adds a UI around snapshot/restore, gives more control over relevance without sacrificing performance, and much more.
- Kibana makes it even easier to build a secure, multi-tenant Kibana instance with advanced RBAC for Spaces. Elastic Stack 7.2.0 has also introduced kiosk mode for Canvas, and the maps created in the new Maps app can now be embedded in any Kibana dashboard. There are also new easy-on-your-eyes dark-mode map tiles and much more.
- Beats improves edge-based processing with a new JavaScript processor, and more.
- Logstash gets faster with the Java execution pipeline going GA. It now fully supports JMS as an input and output, and more.
Users are very impressed with the features introduced in Elastic Stack 7.2.0
https://twitter.com/mikhail_khusid/status/1143695869411307526
https://twitter.com/markcartertm/status/1143652867284189184
Visit the Elastic blog for more details.
Core security features of Elastic Stack are now free!
Elasticsearch 7.0 rc1 releases with new allocation and security features
Elastic Stack 6.7 releases with Elastic Maps, Elastic Update and much more!
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Japan
Slovakia
