Elastic Agent

Dear team,

In my current organization have at least 5000 employees. So, when I use the ELK for security information and event management, is it ok for all employees?

Thanks and regards,


TLDR: yes, do a bit of batching and preparation.

The Elastic stack together with agent/fleet is absolutely able to scale to those proportions. Quite easily with a little bit of love actually.

I understand you want to use agent/defend to monitor and protect the workstations of those employees. When doing so you need to keep in mind how much data ingest you want to do (policy/integration configuration) and if defend will run in detect or prevent mode.

When starting I'd suggest with a small batch of employees (10-100) in detect mode and ingest the required data to get a feel for what is happening. Once you get that down you will know how to scale the cluster and have been able to tune (create exceptions) for elastic defend on the expected behavior.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.