I am working on building Elastic Security for my company. I want to monitor user login activity and receive alerts when suspicious login behavior occurs. Which Elastic product should I use for this purpose?
From what I understand, Elastic Observability is used to collect logs and other telemetry data, while Elastic Security is focused on threat detection and alerting. Should I implement Elastic Observability to gather the login logs and then use Elastic Security to detect suspicious activity and generate alerts?
I am a bit confused about how these products work together. Could you please clarify their roles and recommend study materials to better understand how to set this up? Thank you!
Elastic Security has specific mechanisms for collecting the relevant logs (Fleet). If you are only interested in security, you don't need to install Elastic Observability.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.