maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/siem/index.asciidoc
Ben Skelker 843c2383ea
[Docs]Security docs 7.9 updates (#75156) 
* security docs 7.9 updates

* terminology

* updates advanced settings

* terminology

* corrections
2020-08-18 08:25:06 +03:00

61 lines
2 KiB
Plaintext
Raw Blame History

[role="xpack"]
[[xpack-siem]]
= Elastic Security
[partintro]
--
Elastic Security combines SIEM threat detection features with endpoint
prevention and response capabilities in one solution, including:
* A detection engine to identify attacks and system misconfiguration
* A workspace for event triage and investigations
* Interactive visualizations to investigate process relationships
* Embedded case management and automated actions
* Detection of signatureless attacks with prebuilt {ml} anomaly jobs and
detection rules
[role="screenshot"]
image::siem/images/overview-ui.png[Elastic Security in Kibana]
[float]
== Add data
Kibana provides step-by-step instructions to help you add data. The
{security-guide}[Security Guide] is a good source for more
detailed information and instructions.
[float]
=== {Beats}
https://www.elastic.co/products/beats/auditbeat[{auditbeat}],
https://www.elastic.co/products/beats/filebeat[{filebeat}],
https://www.elastic.co/products/beats/winlogbeat[{winlogbeat}], and
https://www.elastic.co/products/beats/packetbeat[{packetbeat}]
send security events and other data to Elasticsearch.
The default index patterns for Elastic Security events are `auditbeat-*`, `winlogbeat-*`,
`filebeat-*`, `packetbeat-*`, `endgame-*`, `logs-*`, and `apm-*-transaction*`. To change the default pattern patterns, go to *Stack Management > Advanced Settings > securitySolution:defaultIndex*.
[float]
=== Elastic Security endpoint agent
The agent detects and protects against malware, and ships host and network
events directly to Elastic Security.
[float]
=== Elastic Common Schema (ECS) for normalizing data
The {ecs-ref}[Elastic Common Schema (ECS)] defines a common set of fields to be
used for storing event data in Elasticsearch. ECS helps users normalize their
event data to better analyze, visualize, and correlate the data represented in
their events.
Elastic Security can ingest and normalize events from ECS-compatible data sources.
--
include::siem-ui.asciidoc[]
include::machine-learning.asciidoc[]
Reference in a new issue View git blame Copy permalink