Elastic Soc

The Elastic Security Operations Center

(Elastic SOC®)

Flexible. Scalable. Affordable.

Log Correlation

Correlate and store logs from multiple sources. Full-text search across trillions of events in split seconds. Any log or event type is supported.

Intrusion Detection

Includes Suricata with support for the ET Pro ruleset and IP and Domain Reputation lists -or- integrate with an existing IDS/IPS solution.

Alerts & Reporting

Multi-conditional, cross-correlated alarms with customizable actions and on-demand or scheduled reporting. Summarize and identify important events.

Complete Security Operations Monitoring

All of your events in one place



Service Monitoring

SNMP-based CPU, Memory and Bandwidth usage, threshold notifications and alerting for all of your critical systems, correlated with event sources.

Situational Awareness

Customized data inputs that add context to every event. Emerging Threats’ IQ Risk Reputation Database, DHCP Bindings, Vulnerability Reports, and more.

Active Response

Configurable Alarm actions to impede ongoing threats, allowing time for investigation and remediation. Interacts with multiple agents and sources.

Customize Your Situational Awareness Data

Flexible external data sources to add relevance



Hybrid Cloud Model

Utilize our infrastructure, deploy as many collectors as you want. Never worry about how much RAM or CPU is required on your SIEM databases to process additional data

Lightning Fast

Big Data technologies at our core. Your logs and event data should not be subject to legacy technologies. Ensure that you get the data you need at lightning speed.


Security Focused

All communication between components is encrypted and secured; all log archives are encrypted, access to our web portal is completely restricted.

Flexible Configuration and Pricing

Never pay for what you don’t use, scale as you grow

There are never any per-sensor, per-device or per-agent fees.
You control your costs with policy-driven data retention.