Elastic has introduced the Elastic AI SOC Engine (EASE), a serverless security package designed to enhance Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems. This innovative solution leverages Elastic’s Attack Discovery platform and an AI assistant to aid Security Operations Centre (SOC) analysts in identifying and addressing hidden threats more efficiently. EASE seamlessly integrates with leading tools like Splunk, Microsoft Sentinel, and CrowdStrike, supporting agentless integrations that ingest alerts for enhanced AI analysis. It facilitates alert triage, correlation, and prioritization while enriching investigations with data from platforms like Jira, GitHub, and SharePoint. According to Santosh Krishnan, Elastic’s GM for Observability and Security, EASE is a game-changer for overwhelmed SOC teams, helping to automate threat prioritization and accelerate investigations. Eventually, teams can transition to Elastic Security, creating a unified, AI-driven platform that consolidates SIEM, EDR, and cloud security solutions.
Source link
Share
Read more