1
1.0.2
Xanadu, Washington DC, Vancouver
Elastic Security is a free and open XDR solution intended to unify the capabilities of SIEM, endpoint security, and cloud security. It powers prevention, detection, and response across the attack surface, supporting centralized analysis of years of environmental data. The solution eliminates data silos, reduces alert fatigue, and arms practitioners to stop complex threats — quickly and at cloud scale.
The Elastic for SecOps app enables end-to-end response workflows across Elastic Security and ServiceNow Security Operations (SecOps). It connects the Elastic Stack with ServiceNow Security and Incident Response (SIR), providing two ways to automate the generation of security incidents:
- Case management integration enables practitioners to escalate Elastic Security cases (including case details, data observables, analyst notes, and associated alarms) into ServiceNow security incidents with just one click.
- Alerting integration enables admins to configure forwarding of individual Elastic alerts to ServiceNow SIR and automate the creation of corresponding ServiceNow security incidents.
The app advances organizational security maturity by integrating the capabilities of Elastic Security with the security orchestration and automated response (SOAR) capabilities of ServiceNow SIR, facilitating collaboration within the SOC and beyond.
- Streamline and standardize incident response by integrating Elastic case management and alerting with ServiceNow Security Incident Response (SIR).
- Forward individual alerts and packaged cases from Elastic (including associated alerts and observables) to ServiceNow SIR to facilitate collaboration within the SOC and beyond.
- Fully integrate the unified SIEM and endpoint security capabilities of Elastic Security with the security orchestration and automated response (SOAR) capabilities of ServiceNow SIR.
- Add support for the cmdb field
- Security Incident Response
- Security Incident Response Dependencies
- Security Support Core