Getting Started
To learn more about OpenSearch Security Analytics and start exploring your event logs, visit About Security Analytics and Setting up Security Analytics in our documentation.
Security Analytics
Detect and respond to security threats in real time
The ever-increasing number of online, interconnected systems creates a large attack surface that is challenging to defend against malicious actors. Organizations that take a proactive approach to protecting their data and infrastructure can mitigate the legal, financial, and reputational risks posed by security threats.
OpenSearch offers out-of-the-box Security Analytics to help you detect, investigate, and respond to threats in real time. With Security Analytics, the security log data from your critical infrastructure can provide insight into potential risks to your systems, users, confidential data, and applications. Built-in functionality like customizable detection rules, integrated dashboards, and a robust correlation engine gives your security teams a powerful, lexible toolkit to investigate potential threats and take necessary mitigation steps.
Help protect organizational systems and sensitive data from malicious activity, including insider threats.
Collect security event data from a wide variety of log sources to generate critical insights.
Detect potential threats with prepackaged or customizable detection rules that follow a generic, open-source format.
Monitor and correlate adversary actions in real time across devices, hosts, and applications.
Key Features
Open-source detection rules
2,200+ prepackaged rules for your security event log sources.
Unified interface
Access user-friendly security threat detection, investigation, and reporting tools.
Automated alerts
Create alerts on matched detection rules so that incident response teams are notified in real time.
Correlation engine
Configure correlation rules to automatically link security findings and investigate them using a visual knowledge graph.
Customizable tools
Use any custom log source and define your own rules to detect potential threats.
Use Cases
| Security Analytics Use Cases | |
|---|---|
| Event correlation | Use correlation rules to help identify and investigate potential issues across multiple systems. |
| Analyze custom logs: | Create customized detection rules to help analyze data from custom log types. |
| Real-time detection: | Detect adversarial actions in real time and notify security teams about potential threats. |