Elastic Security feature tiers
Serverless
Elastic Security Serverless projects are available in the following tiers, each with a carefully selected set of features to enable security operations:
- Elastic AI SOC Engine (EASE): Use Elastic's AI-powered threat hunting and alert triage capabilities to complement a third-party SIEM deployment.
- Security Analytics Essentials: Everything most organizations need to operationalize traditional SIEM.
- Security Analytics Complete: All the capabilities included in Security Analytics Essentials, plus additional features that provide a more complete toolset.
Both of the Security Analytics tiers have Add-on options for endpoint protection and cloud protection.
Refer to the feature comparison table for a more detailed comparison between the tiers.
For pricing information, refer to Elastic Security Serverless pricing.
The following table compares features available in each feature tier:
| Feature Name | Security Analytics Complete | Security Analytics Essentials | EASE |
|---|---|---|---|
| Cases (collect and share information) | ✅ | ✅ | ✅ |
| Native integrations with third-party SIEM and EDR platforms | ✅ | ✅ | ✅ |
| Out of the box dashboards | ✅ | ✅ | ❌ |
| Prebuilt and custom detection rules | ✅ | ✅ | ❌ |
| Machine learning | ✅ | ✅ | ❌ |
| Triage, investigation, and hunting | ✅ | ✅ | ❌ |
| Threat intelligence integration | ✅ | ✅ | ❌ |
| AI Assistant with custom knowledge support | ✅ | ❌ | ✅ |
| Attack Discovery (AI-powered alert correlation) | ✅ | ❌ | ✅ |
| Automatic Import (AI-powered custom integrations) | ✅ | ❌ | ❌ |
| Entity analytics / UEBA | ✅ | ❌ | ❌ |
| Extended security content | ✅ | ❌ | ❌ |
| Threat intelligence management | ✅ | ❌ | ❌ |
Both the Security Analytics Complete and Security Analytics Essentials feature tiers have optional add-ons for Endpoint protection and Cloud protection. The features included in each add on vary by feature tier, as follows:
Endpoint protection add-on:
| Feature Name | Complete | Essentials |
|---|---|---|
| Malware prevention | ✅ | ✅ |
| Ransomware protection | ✅ | ✅ |
| Memory and behavior prevention | ✅ | ✅ |
| Endpoint response actions | ✅ | ❌ |
| Advanced endpoint policy management | ✅ | ❌ |
Cloud protection add-on:
| Feature Name | Complete | Essentials |
|---|---|---|
| Workload runtime protection | ✅ | ✅ |
| Cloud native posture management for Kubernetes, AWS, GCP & more | ✅ | ✅ |
| Response actions | ✅ | ❌ |
Upgrading a project to a higher feature tier is permanent.
To access the additional features available in a higher feature tier:
- From the Elastic Cloud Console, select Manage next to the Serverless project you want to upgrade.
- Next to Project features, select Edit.
- Select your desired feature tier.
- Select Save to complete the upgrade.