The Elastic Action integration enriches indicators with information found in Elastic Security.

Elastic Security unifies SIEM, endpoint security, and cloud security on an open platform. This allows SecOps teams to protect, detect, and respond at scale. These analytical and protection capabilities, leveraged by the speed and extensibility of Elasticsearch, enable analysts to defend their organization from threats before damage and loss occur.

The integration provides the following action:

• Elastic Enrich Indicators - executes an Elastic search query and retrieves the hits that match the query.

The action is compatible with the following object types:

• Assets
• Indicators

The action returns the following enriched system objects:

• Assets
• Indicators

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.