Elastic Defend Licensing

Hi team, We are analyzing Elastic stack for our security needs. we are testing Elastic defend for forwarding logs.

After the Elastic Agent is installed with the Elastic Defend integration, several protections features — including preventions against malware, ransomware, memory threats, and malicious behavior — are automatically enabled on protected hosts (some features require a Platinum or Enterprise license). I

The above para is from documentation. In that it is mentioned that platinum / enterprise license is required for enabling Protection features. If so basic license is enough for log collection right? Can someone confirm this?

From Elastic Agent to Endpoint Security

Hi @mike123 Welcome to the community!

First think I would do is look at this page to get an undersanding of the Licensing Levels - Note there is Slight Difference with Self managed and Cloud

Absolutely Log Collection is Basic... for most integrations ... there are a couple that are licensed... Do you have a specific integration / question?

1 Like

Hi @mike123 . Thanks for taking a look at Elastic Security.

Correct - the Basic license is sufficient for telemetry /event collection with Elastic Defend. The basic license also includes Malware protection via Elastic Defend.

The additional protections available through Defend (Ransomware, memory threat, malicious behavior) require at least the Platinum license. The link Stephen provided above - Subscriptions | Elastic Stack Products & Support | Elastic - contains those details (scroll down to the Elastic Security section!)

1 Like

Thanks for the swift response. Will evaluate Elastic defend and get license if needed.