Hi team, We are analyzing Elastic stack for our security needs. we are testing Elastic defend for forwarding logs.
After the Elastic Agent is installed with the Elastic Defend integration, several protections features — including preventions against malware, ransomware, memory threats, and malicious behavior — are automatically enabled on protected hosts (some features require a Platinum or Enterprise license). I
The above para is from documentation. In that it is mentioned that platinum / enterprise license is required for enabling Protection features. If so basic license is enough for log collection right? Can someone confirm this?
First think I would do is look at this page to get an undersanding of the Licensing Levels - Note there is Slight Difference with Self managed and Cloud
Absolutely Log Collection is Basic... for most integrations ... there are a couple that are licensed... Do you have a specific integration / question?
Hi @mike123 . Thanks for taking a look at Elastic Security.
Correct - the Basic license is sufficient for telemetry /event collection with Elastic Defend. The basic license also includes Malware protection via Elastic Defend.
The additional protections available through Defend (Ransomware, memory threat, malicious behavior) require at least the Platinum license. The link Stephen provided above - Subscriptions | Elastic Stack Products & Support | Elastic - contains those details (scroll down to the Elastic Security section!)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.