Yesterday, the team behind Elastic Stack announced the release of Elastic Stack 7.2.0. The major highlight of this release is the free availability of Elastic SIEM (Security information and event management) as a part of Elastic’s default distribution. The Elastic SIEM app provides interactivity, ad hoc search, responsive drill downs and packages it into an intuitive product experience.
Elastic Stack 7.2.0 also comes with the free availability of the Elastic app search for its users, which was only available as a hosted service up until now. With this release, Elastic has advanced the Kubernetes and container monitoring initiative to include the monitoring of the NATS open source messaging system, CoreDNS, and to support the CRI-O format container logs.
What is Elastic SIEM?
The SIEM app is an interactive UI workspace for security teams to triage events and perform initial investigations. It assigns a Timeline Event Viewer which allows analysts to gather and store evidence of an attack, pin and comment on relevant events, and share their findings all from within Kibana. Kibana is an open source data visualization plugin for Elasticsearch. Elastic SIEM is being introduced as a beta in the 7.2 release of the Elastic Stack.
Image Source: Elastic blog
The Elastic SIEM app enables analysis of host-related and network-related security events as part of alert investigations or interactive threat hunting, including the following:
- The Hosts view in the SIEM app provides key metrics regarding host-related security events, and a set of data tables that enable interaction with the Timeline Event Viewer.
- The Network view in the SIEM app informs analysts of key network activity metrics, facilitates investigation time enrichment, and provides network event tables that enable interaction with the Timeline Event Viewer.
- Analysts can easily drag objects of interest into the Timeline Event Viewer to create the required query filter to get to the bottom of an alert. With Auto-saving, it is possible to ensure that the results of the investigation are available for incident response teams.
Elastic SIEM is available on the Elasticsearch Service on Elastic Cloud, or for download. Since this a major feature of Elastic Stack, it has got people quite excited.
Am I allowed to geek out and get super excited about this; BECAUSE I AM!!! I have been using the ELK stack for 3 years and found its flexibility to be amazing! I'm so pumped to see that they are releasing a #SIEM designed for cyber security. Super excited! #blueteam#elastic
— Chris Bailey (@cbnetsec) June 25, 2019
thank you! this is incredible, allowing the community to be able to spend more time on what matters: the data, SIGMA rules, and overall use cases/hunting. No more barriers of SIEM integrations. No additional sums of money needed to have the SIEM functionality.
— Nate (Neutron) (@neu5ron) June 25, 2019
— Andy Newman (@netdogca) June 25, 2019
This looks awesome.
— tom burke (@tommyyyyyyyy) June 26, 2019
General availability of Elastic App Search on-premise
With the Elastic Stack 7.2.0 version, the Elastic App Search product is going to be freely available for users as a downloadable, self-managed search solution.
Though Elastic App Search has been around for over a decade as a cloud-based solution, users of Elastic will have a greater flexibility to build fluid and engaging search experiences.
As part of this release, the below services will be offered in a downloadable form:
- Simple and focused data ingestion
- Powerful search APIs and UI frameworks
- Insightful analytics
- Intuitive relevance controls
Elastic Stack 7.2.0 is also introducing the Metrics Explorer. It will enable users to quickly visualize the most important infrastructure metrics and interact with them using common tags and chart groupings inside the Infrastructure app. With this feature, users can create a chart and see on the dashboard.
- Elasticsearch simplifies search-as-you-type, adds a UI around snapshot/restore, gives more control over relevance without sacrificing performance, and much more.
- Kibana makes it even easier to build a secure, multi-tenant Kibana instance with advanced RBAC for Spaces. Elastic Stack 7.2.0 has also introduced kiosk mode for Canvas, and the maps created in the new Maps app can now be embedded in any Kibana dashboard. There are also new easy-on-your-eyes dark-mode map tiles and much more.
- Logstash gets faster with the Java execution pipeline going GA. It now fully supports JMS as an input and output, and more.
Users are very impressed with the features introduced in Elastic Stack 7.2.0
This is pretty wild https://t.co/xFCTfjLUfX
— Mikhail Khusid (@mikhail_khusid) June 26, 2019
— Mark Carter (@markcartertm) June 25, 2019
Visit the Elastic blog for more details.