You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit

Elastic Security

Elastic Security combines threat detection analytics, cloud native security, and endpoint protection in a single solution, so you can quickly detect, investigate, and respond to threats and vulnerabilities across your environment.


Serverless projects provide you with the existing Elastic Security on-premise and Elastic Cloud deployment functionality, and the following new features and capabilities:

  • Continuous onboarding hub at the center of the Get started page
  • Security-focused, single-level navigation
  • Osquery availability within Investigations
  • Assets management for Fleet, endpoints, and Cloud
  • Security-specific roles
  • Machine learning nodes included, by default
  • Developer tools for interacting with your data

Get started

Create a Security project

Create your first serverless Security project.

Ingest data

Learn how to add your own data to Elastic Security.

How to

Enable detection rules

Activate prebuilt rules from Elastic, and create your own custom rules.

Protect endpoints

Install and configure real-time endpoint protection with Elastic Defend.

Secure your cloud

Improve cloud security posture, scan for vulnerabilities, and monitor workloads.

Triage and respond to alerts

Analyze potential threats and launch investigations.

Investigate security events

Query security event data and hunt for threats.

Visualize security data

Use prebuilt dashboards and create your own visualizations.