Elastic Stack 7.7 is ready for downloading, providing users with a new alerting framework, an embedded case management workflow in Elastic SIEM, and service maps meant for better system insight.
As with the last couple of releases, Elastic has stayed on the trajectory of improving security by introducing what it calls “embedded case management” to its SIEM offering. The new addition is hoped to facilitate the handling of incidents, by giving users a way of opening security cases, which can then be updated, tagged, commented on, closed, or integrated with other systems. Additional visualisation options help with workflow optimisations or post-mortems, giving insight into detection times as well as the time needed to respond to an issue.
Once updated, users will also be able to learn more about how their services are interacting. Elastic’s application performance management module realises this in v7.7 by checking a service’s transaction data and generating a map from that information. Other than the graphical representation of internal and external services, the maps also include performance indicators for better understanding of a system, which can help find bottlenecks and improve setups.
The latter could be especially interesting, given that Elastic’s observability tooling now also comes with integrations to collect logs and metrics from Prometheus, AWS (Lambda, Virtual Private Cloud, Amazon Aurora, DynamoDB), Google Cloud (Pub/Sub and Load Balancing), Azure (database account and container metrics), Pivotal Cloud Foundry, MQTT, Redis Enterprise, Istio, and IBM MQ.
While easy access to all of this information is surely handy, they’re only really useful if there are also ways to automatically let teams know if something goes awry. Elastic took this into account and worked out a new alerting framework, which is a beta feature of data exploration tool Kibana 7.7.
It is “tightly integrated within the Elastic Observability and Security solutions” meaning users can create alerts directly from SIEM, APM, and co. Webhooks and integration with tools like Slack and PagerDuty have been added to the framework as well, making sure alerts don’t go unheard and have a way of reaching people outside the platform.
Other than that, Elastic used the last couple of months to refine its Workplace Search, allowing the new feature to become an official part of the Enterprise Search platinum license. Admins can now set the tool up to synchronise with office applications, cloud storage platforms, collaboration tools and other information stores, which are then searchable via the Workplace Search UI. To make sure everyone only gets to find the information they’re allowed to read, access control is part of the package as well.