I just upgraded one of my test machines from 8.1.2 to 8.5.2 and I noticed that there is now a menu in the security section called "Intelligence", but when I click on it it says "Start a free trial or upgrade your license to Enterprise to use threat intelligence.".
In 8.1.2 I used Threat Intelligence and Rules to monitor my agents for malicious traffic, all with the free license, but it seems that the feature was put behind a paywall now? If yes on which version was that? I couldn't find any mention of it in the change log.
It was a really nice feature to have and I certainly can't buy an enterprise license without having a company in the first place (using Elastic SIEM it for home/lab monitoring).
Seems like that - although I found that my TI container is still fetching TI data and sending it to Elastic. The question is, if the rules still work...
Hello Martin! I want to provide some clarification here.
The rules (indicator match, and others) and any previous threat intelligence capabilities are still available in the free version.
The newly introduced Intelligence section in 8.5 is new functionality. The Intelligence section currently consists of the Indicators of Compromise (IoC) page which provides users with a centralized view of all their threat intelligence IoCs from all activated Threat Intelligence integrations making it easier to analyze all TI data in one place, and investigate IoCs in Timeline.
It would be nice if those difference are more explicit in the documentation.
I know that the subscription page shows what is available in each license level, but sometimes it is not clear what each thing in the subscription page means when looking at Kibana or Elasticsearch features.
We have a Platinum license and we just set up a new cluster with a trial license to do a temporary migration, we saw the Indicator page and were planning to use it, but now seeing that it is only available on Enterprise we will need to build something similar ourselves.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
