Sublime Security is a programmable, AI-powered, cloud email security platform for Microsoft 365 and Google Workspace environments. It is used to block email attacks such as phishing, BEC, malware, threat hunt, and auto-triage user reports.

The Sublime Security integration collects data for Audit, Email Message(MDM Schema) and Message Event logs using REST API and AWS-S3 or AWS-SQS

‍

Connect Swimlane SOAR to Elastic

This integration sniffs network packets on a host and dissects known protocols.

Monitoring your network traffic is critical to gaining observability and securing your environment — ensuring high levels of performance and security. The Network Packet Capture integration captures the network traffic between your application servers, decodes common application layer protocols and records the interesting fields for each transaction.

‍

This Active Directory Entity Analytics integration allows users to securely stream User Entities data to Elastic Security via the Active Directory LDAP look-ups. When integrated with Elastic Security, this valuable data can be leveraged within Elastic for risk-scoring scenarios (e.g., context enrichments) and detecting advanced analytics (UBA) use cases.

‍

The Living off the Land Attack (LotL) Detection package contains a supervised machine learning model, called ProblemChild and associated assets, which are used to detect living off the land (LotL) activity in your environment.

‍

The Lateral movement detection model package contains assets that detect lateral movement based on file transfer activity and Windows RDP events. This package requires a Platinum subscription. Please ensure that you have a Trial, Platinum, or Enterprise subscription before proceeding.

‍

Collect logs and metrics from Kubernetes—an open-source system for automating deployment, scaling, and management of containerized applications.

‍

Collect metrics and logs from Docker instances with Elastic Agent.

https://docs.elastic.co/integrations/docker

‍

Collect logs from Amazon Security Lake with Elastic Agent. This Amazon Security Lake integration helps you analyze security data, so you can get a more complete understanding of your security posture across the entire organization.

‍

Monitor Amazon S3 buckets by collecting access logs, storage & request metrics with Elastic Agent.

Collect logs and metrics for Amazon Elastic Compute Cloud service with Elastic Agent. Use the Amazon EC2 integration to collect logs and metrics related to your EC2 instances.

The AWS WAF integration allows you to monitor AWS Web Application Firewall (WAF), a web application firewall for protecting against common web exploits.

‍

The AWS Security Hub integration collects and parses data from AWS Security Hub REST APIs.

The AWS CloudTrail integration allows you to monitor AWS CloudTrail.

The Amazon GuardDuty integration collects and parses data from Amazon GuardDuty Findings REST APIs.

The Microsoft 365 Defender integration allows you to monitor Alert, Incident (Microsoft Graph Security API) and Event (Streaming API) Logs. Microsoft 365 Defender is a unified pre and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Integration to Tines SOAR Automation platform. https://www.tines.com

Collect logs from various Atlassian products. Atlassian develops collaboration and project management tools for software development teams.

‍

Collect logs from Google Workplace and GCP with Elastic Agent

Collect logs from Microsoft M365 and Azure with Elastic Agent

This integration is for Fortinet FortiEDR logs sent in the syslog format

The CrowdStrike Falcon integration allows you to easily connect your CrowdStrike Falcon platform to Elastic for seamless onboarding of alerts and telemetry from CrowdStrike Falcon and Falcon Data Replicator. Elastic Security can leverage this data for security analytics including correlation, visualization and incident response.

The firewall dataset collects logs from Firewall Rules in your Virtual Private Cloud (VPC) networks.

This integration is used to fetch logs and metrics from AWS Network Firewall, a network protections service for Amazon VPCs.

Azure Firewall Logs are records of events such as network and application rules that occur within your Azure Firewalls. They provide visibility and can be used to troubleshoot issues related to access, conectivity or performance.

Cisco Meraki offers a centralized cloud management platform for all Meraki devices such as MX Security Appliances, MR Access Points and so on. Its out-of-band cloud architecture creates secure, scalable and easy-to-deploy networks that can be managed from anywhere. This can be done from almost any device using web-based Meraki Dashboard and Meraki Mobile App. Each Meraki network generates its own events.

The Check Point integration allows you to monitor Check Point Firewall logs from appliances running Check Point Management.

Collect logs from Sophos firewalls with Elastic Agent

Collect logs from Fortinet FortiGate firewalls with Elastic Agent

Collect logs from Fortinet FortiGate firewalls with Elastic Agent

Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent.

Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.

Ingest threat intelligence indicators from OpenCTI with Elastic Agent.

Ingest threat intelligence indicators from MISP platform with Elastic Agent.

Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent

Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent.

Ingest threat intelligence indicators from Anomali with Elastic Agent.

Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent.

Ingest threat intelligence indicators from Cybersixgill with Elastic Agent.

Ingest threat intelligence from EclecticIQ with Elastic Agent

Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent

Threat Intelligence

Collect Threat Intelligence from products within the Mandiant Advantage platform.