Elastic

What is Elastic?

Elastic Security is a SIEM and XDR platform built on the Elastic Stack, the same foundation as the widely used Elasticsearch and Kibana tools. It ingests and normalizes security data from endpoints, cloud environments, network infrastructure, and third-party tools into a single data store, where it can be searched, visualized, and analyzed at scale. Elastic's detection engine runs continuously against the ingested data, applying a library of prebuilt detection rules aligned to MITRE ATT&CK as well as custom rules authored by the security team. The platform's open architecture means that data from virtually any source can be ingested using Beats agents or Logstash pipelines, making it a flexible choice for organizations with heterogeneous environments. Elastic Security also includes endpoint protection capabilities through its Elastic Agent, which provides EDR functionality alongside log collection.

How does Elastic work with Qevlar?

Qevlar connects to Elastic Security to query alerts and raw log data during investigations. This allows Qevlar to search across the full corpus of ingested security data when investigating a specific threat, retrieving relevant events from any data source that has been indexed without requiring the analyst to write manual queries.