The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
What’s new
editWhat’s new
edit7.9 release
editIn the 7.9 release, Elastic SIEM and Endpoint Security combined into a single unified app, Elastic Security. The following lists the new changes as a result of the merge.
Terminology changes
edit- Signal detection rules have been renamed to detection rules.
-
Signals are now called detection alerts, which fall into one of the following categories:
- Detection alerts: Alerts occurring within the Elastic Security from the rules engine.
- External alerts: Alerts originating outside of Elastic Security.
- Kibana alerts: Alerts native to Kibana (may not be security related).
- Whitelist is now called the Exception list. Items added to the Exception list are known as exceptions.
Navigation changes
edit-
The former Alerts tab has been renamed to Detections.
- The Alerts title page in the Detections tab has been renamed to Detection alerts.
- Alert count has been renamed to Trend.
-
In the Overview tab:
- Alert count has been renamed to Detection alert trend.
- External alert count has been renamed to External alert trend.
- A new tab, Administration, allows analysts to view and manage hosts running Elastic Endpoint Security. From this page you can also manage integrations and check the configuration status of hosts to ensure they’re protected.