35
Enterprise Search
Observability Security
• Site Search
• App Search
• Workplace Search
• Logs & Metrics
• Application Performance
Monitoring (APM)
• Uptime
• SIEM (Threat Hunting)
• EndPoint Security (EPP & EDR)
All running on the same Elastic Stack
3 Solutions – 1 Stack
Elasticsearch
Kibana
Elastic Stack
Store, Search, & Analyze
Visualize & Manage
Ingest
SaaS On-Prem
Elastic cloudElastic cloudEnterprise
Elastic cloudOn Kubernetes
Standalone
Elastic Stack
Site
Search
App
Search
Workplace
Search
Logs APM SIEMMetrics Endpoint
Security
Beats Logstash Endpoint
Elastic Stack
Asynchronous Search
Integrated Alerting
This is only phase 1!
Look forward to:
• New alert types
• New alert integrations
Soon
Integrated Alerting
Transforms GA
In version 7.5 we introduced binary
classification, which classified data
points into two possible categories.
E.g. malicious, benign
In version 7.7 we have released
multi-class classification. This
chooses the best class for each
data point from up to 30 possible
categories. E.g. class of DGA
algorithm - benign, zloader, kraken,
mydoom, pizd. Multi-class jobs can
be created in the data frame
analytics part of the UI, with the
results page including a confusion
matrix for measuring the accuracy
of the classification.
Supervised learning - multi-class classification
Running Red Hat Enterprise Linux 8?
CentOS 8? Windows 2019?
Good news: with the 7.7 release
we're supporting Elasticsearch on all
three platforms.
In addition, with 7.7 we've added
support for OpenJDK 14.
For details please check our Elastic
Support Matrix.
Updated OS Support Matrix
Elastic Enterprise Search
Workplace Search now GA
Workplace Search now GA
Workplace Search now GA
Free Basic Tier for
quick and easy
deployment
Enterprise level
security and
integration available
Workplace Search now GA
Privacy as a priority
Relevance at any scale
Get started quickly
Elastic Observability
APM Service Maps
Show dependencies
between services,
other services and
backends
View KPIs of each
service
APM Central Configuration
No more YAML typo’s!
APM Distributed Profiling
https://www.elastic.co/blog/from-distributed-tracing-to-distributed-profiling-with-elastic-apm
Integrations
Observability for Pivotal Cloud Foundry (PCF) Operators and Developers
Monitoring PCF is no joke!
“PCF is a complicated, distributed black box
that just works! Except when it doesn’t and
it’s a nightmare to figure out the root cause.”
The PCF healthwatch team built super-metrics to
measure uptime and performance KPIs for developers
and PCF KPIs for operators trying to maintain SLAs.
• https://www.elastic.co/guide/en/beats/metricbeat/7.7/metricbeat-
module-cloudfoundry.html
• https://www.elastic.co/guide/en/beats/filebeat/7.7/filebeat-input-
cloudfoundry.html
Enhanced Cloud Integrations
Consolidate monitoring of
various public cloud
deployments in one single
“Pane of Glass”.
These integrations are
based on generic ELK
components.
If a service is not present
in this list, there is still a
good chance it is available.
and many more…
Prometheus
Do you monitor multiple Kubernetes clusters?
Prometheus has some challenges in enterprise world:
• Long term storage
• Scalability
• Security
Elastic Elevates Prometheus to Enterprise.
With the Elastic 7.7 release, Metricbeat is now able to act as a
remote_write endpoint for Prometheus. Plus, added support for
PromQL queries in the Prometheus module.
https://www.elastic.co/what-is/prometheus-monitoring
https://www.elastic.co/blog/prometheus-monitoring-at-scale-with-the-elastic-stack
Prometheus
You can start streaming metrics from Prometheus to
Elasticsearch already now with Metricbeat. Using the
prometheus module you can scrape metrics from either
Prometheus servers, exporters or push gateways.
OpenMetrics
Support for OpenMetrics
Moving more deployments to
the cloud? The Elastic Stack
handles cloud native metrics
just like any other index.
As OpenMetrics continues to
standardize how metric data
is exposed, we focus on
streamlining the experience
of collecting all of your
metrics for unified analysis.
Further Integrations added in 7.7
Elastic Security
Stop threats at scaleEliminate blind spots Arm every analyst
Elastic Security7.7 Update
➔ New Filebeat modules for
Office 365 and Okta
➔ Filebeat CEF module supports
Check Point
➔ Elastic Endpoint Security
streams to Logstash
➔ ECS “Mapper” tool made
public
➔ SIEM queries support ECS
fields
➔ Notifications - Email, Slack,
PagerDuty, Webhook
➔ Direct ML integration in
detection engine
➔ Expanded prebuilt rules (130)
➔ Prebuilt MITRE Based
Protections
➔ Import and export timelines
➔ SIEM rule execution
monitoring
➔ New case management
workflows
➔ New simple case
management workflow
integration with
ServiceNow®
➔ New Investigation Guide
playbooks
Case management - Integrated
Case management – ServiceNow Integration
Fit into Your
EcosystemElastic SIEM adds native
integration with ServiceNow ITSM
Find -> Detect -> Protect
Find malicious behavior with Timeline or ML
and turn it in a Detection rule with 4 clicks.
New prebuilt Detection Rules
New prebuilt detection rules protecting against:
•Living-off-the-land techniques— attackers using executing malicious code with OS-native applications.
•Privilege escalation via UAC bypass and related techniques— attackers bypassing Windows User Account Controls (UAC)
•Suspicious child processes of targeted business applications— attackers using PDF applications to download and execute malicious payloads
Reading Material
https://www.elastic.co/blog/elastic-stack-7-7-0-released
https://www.elastic.co/blog/elastic-enterprise-search-7-7-0-released
https://www.elastic.co/blog/elastic-observability-7-7-0-released
https://www.elastic.co/blog/elastic-apm-7-7-0-released
https://www.elastic.co/blog/elastic-logs-7-7-0-released
https://www.elastic.co/blog/elastic-metrics-7-7-0-released
https://www.elastic.co/blog/elastic-uptime-monitoring-7-7-0-released
https://www.elastic.co/blog/elastic-security-7-7-0-released
https://ela.st/26-may-lunchnlearn-financial-services
Questions?
