Elastic Security
Synopsis
The Elastic Security target sends security telemetry to Elastic Security (formerly Elastic SIEM) using the Elasticsearch Bulk API with security-optimized index patterns and ECS normalization. This target extends standard Elasticsearch configuration with security-specific index management and detection rule integration.
Schema
- name: <string>
description: <string>
type: elasticsecurity
properties:
version: <integer>
index: <string>
endpoints:
- endpoint: <string>
username: <string>
password: <string>
max_payload_size_kb: <integer>
batch_size: <integer>
timeout: <integer>
use_compression: <boolean>
write_action: <string>
field_format: <string>
pipeline: <string>
filter_path: <string>
insecure_skip_verify: <boolean>
debug:
status: <boolean>
dont_send_logs: <boolean>