Threat Intelligence Utilities
Prebuilt Threat Intelligence dashboard for Elastic Security
What is an Elastic integration?
This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.
Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.
See the integrations quick start guides to get started:
The threat intelligence utilities package contains a dashboard that provides a high-level overview of data from all connected TI feeds.
To add the dashboard, click Settings > Install Threat Intelligence Utilities assets.
Changelog
| Version | Details |
|---|---|
1.4.0 | Enhancement View pull request The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added 'owner.type: elastic' to package manifest. |
1.3.0 | Enhancement View pull request Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI. |
1.2.3 | Bug fix View pull request Fix the query type for matching 'event.dataset'. |
1.2.2 | Bug fix View pull request Update to use new Threat Indicator Match rule names. |
1.2.1 | Bug fix View pull request Update to use security-solution-default. |
1.2.0 | Enhancement View pull request Update package-spec version to 2.7.0. |
1.1.0 | Enhancement View pull request Include ti_util in threat_intel category. |
1.0.1 | Bug fix View pull request Correcting index-pattern references in dashboard |
1.0.0 | Enhancement View pull request Initial draft of the package |