Hi I’m a rookie student try to understand if something is possible in Elasticsearch…
In Qradar you can define server objects and network objects, for example internal servers, network zones or IP ranges and then use them directly in correlation rules.
I’m wondering if something similar can be done in Elasticsearch / Elastic Security with the free basic license.
-Can I model servers and networks as documents (e.g in a dedicated index) and the reference them in detection rules?
-Or is there any built-in feature in Elastic Security for managing such assets/objects out of the box?
-If it’s possible, are there examples or best practices for implementing this?
Thanks in advance for any guidance!