Introducing Elastic Security 7.7.0>
Elastic Blog
We are excited to share the release of Elastic Security 7.7, which advances our goal of providing an open and free foundation for security practitioners everywhere to protect their organizations from hidden adversaries. This release broadens the availability of data within Elastic SIEM, builds on the power of Kibana alerting to further automate threat detection and response, and aligns the work of security practitioners with embedded case management and a new integration with ServiceNow ITSM. A new, built-in case workflow allows analysts to open, update, tag, comment on, close, and integrate cases with external systems. Upon detecting a threat and performing initial qualification, analysts can quickly create a case to organize known details and drive further action. This workflow thereby helps instill and streamline standard operating procedures related to triage, qualification, and escalation. The new case management workflow in Elastic Security 7.7 facilitates tracking detection and response times for individual cases. Elasticâs new case management function is directly integrated with ServiceNow IT Service Management (ITSM), improving coordination and alignment within (and beyond) the security operations team. Elastic Security 7.7 reduces MTTR with a new alerting feature and new ways to combine machine learning jobs and detection rules. Version 7.7 further helps organizations eliminate blind spots by collecting new sources of cloud, application, and security data. Weâve expanded out-of-the-box data source support with new Filebeat modules for Okta and Microsoft 365 (previously called Office 365) and an expansion of the Filebeat CEF module for Check Point.
Link: https://www.elastic.co/blog/elastic-security-7-7-0-released