Home >
Enterprise >
Participants >
Elastic > Carbanak+FIN7 Configuration
|
Elastic Configuration
Product Versions
Product Description
Elastic Security Solution Brief
elastic.co/security Elastic Security builds on the power of the Elastic Stack to deliver prebuilt capabilities that help security teams to evolve even faster. The solution enables a unified, out-of-the-box approach to SIEM, security analytics, and advanced threat detection, prevention, and response — with the inherent benefits of speed, scale, and relevance Elasticsearch is known for.
Prevent, detect, respond
Why do organizations rely on Elastic Security to stay ahead of adversaries? Speed, scalability, and a free and open approach to security that is powered in part by contributions from the Elastic community. Validated by industry experts, Elastic Security helps prevent damage, reduces dwell times, and increases team efficiencies.
Eliminate blind spots
Elastic makes searching, visualizing, and analyzing across all your data simple and instantly actionable. Protect your organization through global visibility and immediate insights, real-world-validated detections, and an interface built for accelerated analysis and response. Resource-based pricing allows for uninhibited data ingestion and storage, supported by a universe of API integrations with preferred technologies.
Stop threats at scale
With the Elastic Security detection engine, automate threat detection and identify priority issues before damage occurs. Leverage integrated machine learning capabilities to improve accuracy at scale across the entire organization. Align to MITRE ATT&CK® and hunt for threats quickly and methodically.
Arm every analyst
Elastic Security’s intuitive visualizations make it easy to determine root cause across host, network, cloud, user — any data source. Analysts can easily customize workflows and investigative drill downs while leveraging built-in case management and integrations with operations platforms to collaborate more efficiently.
Free and Open
Elastic Security provides free and open security features to equip SOC teams to prevent, detect and respond to threats at scale. Users can get started - or even build an entire solution - at no cost. Our code is housed in public repositories with a commitment to an open development process and transparent and direct engagement with our community. For example, in the /elastic/detection-rules GitHub repository, you can find rules written for Elastic Security, with coverage for many MITRE ATT&CK techniques.
A free and open model ensures that our community and customers can innovate, evolve, and optimize the solution for their unique environment. For more information about our corporate philosophy on the importance of an open approach to developing and delivering security capabilities, please visit: https://www.elastic.co/campaigns/security-only-from-elastic.
Try Elastic Security
Want to check out Elastic Security for yourself? Try an extended 30-day free trial on Elasticsearch Service at ela.st/elastic-security , or spin up your own open source deployment with no time or size restriction.

Product Configuration
Elastic software capabilities used in this round of testing consisted of out-of-the-box capabilities found in the free and open Standard license tier (except for Machine Learning, which is available in the Platinum tier).
The previous two MITRE evaluations were conducted using Elastic Endgame, which was our former EPP/EDR offering gained through the acquisition of Endgame. Elastic Security is our current unified security solution for SIEM, security analytics, and advanced threat detection, prevention and response.
- Elastic (v7.9.2)
-
Endpoint Security (v7.9.2)
- Default policy, detect-only (per testing criteria)
-
winlogbeat (v7.9.2)
- PowerShell module
- Sysmon module
- metricbeat (v7.9.2)
- packetbeat(v7.9.2)