does elasticsearch SIEM email notification alert is free in the current version of elastic stack 8.4.1 ?? I heard that this tool is gold or somethinglike that i don't know more about it.
or i will use elasticalert?
No. email notification needs a platinum license for on premise. Subscriptions | Elastic Stack Products & Support | Elastic see Alerting
It needs a Gold level for the cloud service. See Elastic Cloud Feature Matrix | Elastic
1 Like
The only actions available in the alerts with the Basic license are the log action, which will write a log line in Kibana's log, and the index action, which will write the alert in some index.
To get an e-mail you will need to use a third party tool like elastalert or you can also use the index action and create a simple tool to read from the index and send your e-mails.
1 Like
thanks @dadoonet for your response what you mean by the word "license" i'am a new in elasticsearch and i know the word "version" for exp and i installed the elastic stack in ubuntu VM
You will need to build something, maybe a python script using the elasticsearch python client to query the index and trigger the e-mail.
1 Like
A commercial license.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.