The Elastic Security CDF allows the automatic ingestion of alerts and cases from Elastic Security into ThreatQ. This enables analysts in ThreatQ to stay up to date with the latest alerts and cases, as well as enabling platform to re-prioritize indicators based on sightings.

Elastic Security unifies SIEM, endpoint security, and cloud security on an open platform, arming SecOps teams to protect, detect, and respond at scale. These analytical and protection capabilities, leveraged by the speed and extensibility of Elasticsearch, enable analysts to defend their organization from threats before damage and loss occur.

The integration provides the following feeds:

• Elastic Security Alerts - pulls alerts from Elastic Security into ThreatQ.
• Elastic Security Cases - pulls cases from Elastic Security into ThreatQ.

The integration ingests the following system objects:

• Assets
• Attack Patterns
• Events
• Incidents
• Indicators