The Elastic Stack and the associated products Elasticsearch, Kibana, Beats and Logstash have been released in version 7.7. As usual, every component comes up with innovations – the greatest innovation is likely to be the Workplace Search function, with which the entire work-related data stock of the company should be searched. Also new are the alerting system, an embedded case management in the event of security incidents, and service maps, which obviously visualize relationships and dependencies between the services.
The Elastic Stack is a collection of open source software for searching large databases and analyzing logs. These include the search engine ElasticSearch, beats for collecting metrics from different sources, Logstash for preprocessing the data and Kibana for data visualization. Since version 5, these programs have appeared in coordinated versions.
New notification system for Kibana
Version 7.7 introduces a new alerting system for Kibana, which, according to the provider, is supposed to lead users better, keep an eye on the uptime of applications, monitor SLA response times and ward off attacks. Predefined actions and notification mechanisms are available for this in the app. The other components of the stack support the new alerting framework by regularly sending alerts (for example via Elastic SIEM), while Elastic Oberservability apparently provides the metric data, APM and uptime directly. Users should be able to define rules that send notifications when defined key figures are exceeded – for example, when error rates in a service increase abruptly or the transaction times change critically. The alerts can also be forwarded via email or to services such as Slack.
Comprehensive search function for the workplace
The Elastic Workplace Search is new: With it, employees of a company should have access to a centralized search function for the entire work-related database via a single search field. The search spans all the tools that the company uses and apparently offers integration options for numerous offers such as OneDrive, GoogleDrive, Dropbox, GSuite, Jira, SharePoint Online, Zendesk and Microsoft 365. There is a blog entry about the new workplace search functionwho explains how it works.
The service maps are part of distributed tracing and, according to the provider, map relationships in Elastic APM 7.7 between the Elastic applications and the external services they call. On the basis of the transaction data, APM automatically creates service maps that graphically represent the communication of the services within the distributed, dynamic architectures and are to update them continuously. The maps also have performance indicators and summary information.
Embedded case management for Elastic Security and Elastic SIEM
Major innovations can also be seen in the area of security: Elastic Security 7.7 has an embedded case management, which is intended to allow the security department of a company to react more differently to incidents. The integrated case workflow should enable analysts to open, label, comment, update and close cases. The team responsible for security operations should be able to compile investigation guides with reference information for the company's security analysts to monitor detection times and to create dashboards with security KPIs. By embedding the new case management feature in Elastic SIEM (Security Information and Event Management, including endpoint security), cross-organizational tracking and countermeasures are now possible.
More information can be found in the release notesthat too in English be available. Further Innovations that affect the logstash, can be found in a separate announcement. Interested parties can Elasticsearch as a managed service on the Elastic Cloud avail or Download the software collection from Elastic and manage it yourself.
. (tagsToTranslate) Elastic (t) Elastic Stack (t) ElasticSearch