Elastic Security
By Elastic
SIEM and endpoint security built on the Elasticsearch stack, with a genuinely usable free self-managed tier and an openly published detection rule repository. Elastic re-added the OSI-approved AGPL as a source-license option in 2024, but its official distributions still ship under the non-OSI Elastic License 2.0, so the product as normally run is free-tier source-available rather than fully open source.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaSOn-premHybrid
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Freemium
Capability checklist
SIEMHow Elastic Security measures up against the full Security Information & Event Management taxonomy.
- Broad log ingestion — supported
- Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
- Correlation & detection rules — supported
- Turns raw events into alerts via built-in and custom detection logic.
- Fast historical search — supported
- Query months of data quickly during investigations.
- Behavior analytics (UEBA) — supported
- Baselines user and entity behavior to flag anomalies.
- Dashboards & reporting — supported
- Compliance and operational reporting out of the box.
- Detection-as-code — supported
- Manage detection rules in version control with CI.
Alternatives
Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.