Elastic Security

Open-source SIEM and security analytics built on the ELK Stack

ToolOpen Source SIEMOpen SourceCloudSelf-hosted

Pricing: Free 14-day trial; no flat published price. Elastic Cloud Hosted is resource/pay-as-you-go; Serverless Security is usage-based from ~$0.09/GB ingest + ~$0.017/GB/mo retention (Essentials), ~$0.11/$0.019 (Complete); enterprise/self-managed via contact sales.

Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed February 2026 · How we review listings

What is Elastic Security?

Elastic Security is a unified security solution built on the Elastic (ELK) Stack that combines SIEM, endpoint security, and cloud security into a single platform. It leverages Elasticsearch for fast search and analytics at scale, provides pre-built detection rules aligned with MITRE ATT&CK, and offers free and open core functionality that makes it accessible to organizations of all sizes.

Best for: Teams wanting open-source flexibility with enterprise SIEM capabilities and no per-GB ingest pricing
Pros
  • Open-source core with no ingest-based pricing
  • Scales massively with Elasticsearch
  • Unified SIEM, EDR, and cloud security
  • Strong community and extensive documentation
  • No per-GB data licensing costs
Considerations
  • Complex cluster management at scale
  • Advanced features require paid subscription
  • Steeper operational overhead than SaaS alternatives
  • Detection content less mature than Splunk

Reported in public reviews and vendor documentation. See sources below.

Key Features

SIEM with detection engine and rules
Endpoint detection and response (EDR)
Cloud security posture management
MITRE ATT&CK-aligned detection rules
Machine learning anomaly detection
Threat intelligence integration
Case management and investigation
Cross-cluster search and replication

Are you Elastic Security? Improve this listing with screenshots, case studies and more.

Quick Info
PricingFree 14-day trial; no flat published price. Elastic Cloud Hosted is resource/pay-as-you-go; Serverless Security is usage-based from ~$0.09/GB ingest + ~$0.017/GB/mo retention (Essentials), ~$0.11/$0.019 (Complete); enterprise/self-managed via contact sales.
ModelResource-based (nodes/capacity)
Founded2012
CloudYes
Self-HostedYes
Open SourceYes

Last updated: Feb 20, 2026

Certifications
SOC 2ISO 27001PCI DSS
In the glossary