Elastic Security feature tiers
Elastic Security Serverless projects are available in the following tiers, each with a carefully selected set of features to enable security operations:
- Elastic AI SOC Engine (EASE): Use Elastic's AI-powered threat hunting and alert triage capabilities to complement a third-party SIEM deployment.
- Security Analytics Essentials: Everything most organizations need to operationalize traditional SIEM.
- Security Analytics Complete: All the capabilities included in Security Analytics Essentials, plus additional features that provide a more complete toolset.
Both of the Security Analytics tiers have Add-on options for endpoint protection and cloud protection.
Refer to the feature comparison table for a more detailed comparison between the tiers.
For pricing information, refer to Elastic Security Serverless pricing.
The following table compares features available in each feature tier:
| Feature Name | Security Analytics Complete | Security Analytics Essentials | EASE |
|---|---|---|---|
| Cases (collect and share information) | ✅ | ✅ | ✅ |
| Native integrations with third-party SIEM and EDR platforms | ✅ | ✅ | ✅ |
| Out of the box dashboards | ✅ | ✅ | ❌ |
| Prebuilt and custom detection rules | ✅ | ✅ | ❌ |
| Machine learning | ✅ | ✅ | ❌ |
| Triage, investigation, and hunting | ✅ | ✅ | ❌ |
| Threat intelligence integration | ✅ | ✅ | ❌ |
| AI Assistant with custom knowledge support | ✅ | ❌ | ✅ |
| Attack Discovery (AI-powered alert correlation) | ✅ | ❌ | ✅ |
| Automatic Import (AI-powered custom integrations) | ✅ | ❌ | ❌ |
| Entity analytics / UEBA | ✅ | ❌ | ❌ |
| Extended security content | ✅ | ❌ | ❌ |
| Threat intelligence management | ✅ | ❌ | ❌ |
| Private connectivity | ✅ | ❌ | ❌ |
| IP filtering | ✅ | ❌ | ❌ |
Both the Security Analytics Complete and Security Analytics Essentials feature tiers have optional add-ons for Endpoint protection and Cloud protection. The features included in each add on vary by feature tier, as follows:
Endpoint protection add-on:
| Feature Name | Complete | Essentials |
|---|---|---|
| Malware prevention | ✅ | ✅ |
| Ransomware protection | ✅ | ✅ |
| Memory and behavior prevention | ✅ | ✅ |
| Endpoint response actions | ✅ | ❌ |
| Advanced endpoint policy management | ✅ | ❌ |
Cloud protection add-on:
| Feature Name | Complete | Essentials |
|---|---|---|
| Workload runtime protection | ✅ | ✅ |
| Cloud native posture management for Kubernetes, AWS, GCP & more | ✅ | ✅ |
| Response actions | ✅ | ❌ |
Upgrading a project to a higher feature tier cannot always be efficiently reversed: downgrading to a lower tier immediately makes some features unavailable, and data associated with those features can be permanently deleted.
To access the additional features available in a higher feature tier:
- From the Elastic Cloud Console, select Manage next to the Serverless project you want to upgrade.
- Next to Project features, select Edit.
- Select your desired feature tier.
- Select Save to complete the upgrade.
You cannot downgrade to EASE from any other feature tier. You can upgrade from EASE to other tiers.
When you downgrade your Security project features selection from Security Analytics Complete to Security Analytics Essentials, the following features become unavailable:
- All Entity Analytics features
- The ability to use certain entity analytics-related integration packages, such as:
- Data Exfiltration detection
- Lateral Movement detection
- Living off the Land Attack detection
- Intelligence Indicators page
- External rule action connectors
- Case connectors
- Endpoint response actions history
- Endpoint host isolation exceptions
- Trusted devices
- AI Assistant
- Attack discovery
And, the following data may be permanently deleted:
- AI Assistant conversation history
- AI Assistant settings
- Entity Analytics user and host risk scores
- Entity Analytics asset criticality information
- Detection rule external connector settings
- Detection rule response action settings