Elastic has introduced a new feature, Automatic Import, to streamline the process of onboarding data in security information and event management (SIEM) systems. This feature automates the development of custom data integrations, allowing for faster addition of custom data sources.
According to the company, Elastic Security can now integrate custom data sources in less than ten minutes, a process that previously could take several days. This enhancement is designed to provide broader visibility and simplify SIEM implementation.
One of Elastic’s major security customers recently migrated nearly 200 data sources, including various custom technologies. The company states that this new feature can significantly reduce the time and consulting hours needed for such large-scale implementations.
“Automatic Import addresses one of the biggest headaches of switching SIEMs: onboarding custom data sources,” said Michelle Abraham, research director of security and Trust at IDC.
“The feature automates the development of new data integrations, reducing the cost, complexity, and stress of migration.”
Elastic has introduced Automatic Import, a feature that leverages generative AI to accelerate tasks in security operations (SecOps). This feature builds on Elastic’s previous AI-driven security analytics tools, such as the Elastic AI Assistant, which helps answer security questions and guides workflows, and Attack Discovery, which automates alert triage. The new capability is designed to address security challenges in dynamic environments by managing unstructured data and extracting relevant insights through Large Language Models (LLMs) and retrieval-augmented generation (RAG).
Automatic Import is powered by the Elastic Search AI Platform, offering model-agnostic access to large language models and the ability to ground insights in proprietary data using RAG. This is supported by the flexibility of Search AI Lake and Elastic’s expertise in enabling security teams to work with various types of data.
“Automatic Import makes building and testing custom data integrations easier, helping us quickly enhance visibility throughout our environment,” said Nate Thompson, Senior Manager of Cybersecurity Analytics & Automation at Dana.
Elastic Security includes over 400 prebuilt data integrations, and the Automatic Import feature extends visibility to additional security technologies and applications. These integrations normalize data to the Elastic Common Schema (ECS), allowing for consistent analysis through dashboards, search, alerting, machine learning, and other tools.
“Establishing visibility across an enterprise IT environment is inherently difficult, but no matter how the attack surface changes, security teams can’t afford to fly blind. Until now, onboarding custom data has been costly and complex,” said Mike Nichols, VP of product for security at Elastic. “Automatic Import arrives at a critical moment to address these challenges, as organizations explore replacement options for their legacy SIEM tools.”
Read More:
Tech Startups in India - Driving Future Via AI, Cybersecurity