Cyber Tool Stack
All tools

Elastic Security

By Elastic

SIEM and endpoint security built on the Elasticsearch stack, with a genuinely usable free self-managed tier and an openly published detection rule repository. Elastic re-added the OSI-approved AGPL as a source-license option in 2024, but its official distributions still ship under the non-OSI Elastic License 2.0, so the product as normally run is free-tier source-available rather than fully open source.

Verified Source: 1

Product type
Software
Deployment
SaaSOn-premHybrid
Organization size
SMBMid-marketEnterprise
Pricing tier
Freemium

Capability checklist

SIEM

How Elastic Security measures up against the full Security Information & Event Management taxonomy.

Broad log ingestion — supported
Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
Correlation & detection rules — supported
Turns raw events into alerts via built-in and custom detection logic.
Fast historical search — supported
Query months of data quickly during investigations.
Behavior analytics (UEBA) — supported
Baselines user and entity behavior to flag anomalies.
Dashboards & reporting — supported
Compliance and operational reporting out of the box.
Detection-as-code — supported
Manage detection rules in version control with CI.

Alternatives

Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.