Elastic SIEM

Through this integration, Elastic's users gain access to the advanced ESET Threat Intelligence feeds, offering real-time data on indicators of compromise (IoCs) such as botnets, malicious domains, files, URLs, and IPs. These feeds also provide deep insights into the operations of notorious APT groups, sourced from ESET's extensive malware and threat research. This integration enriches Elastic's SIEM product, enabling security operators to leverage globally-sourced threat data for unprecedented geographical visibility, dramatically reduced false positives - allowing for more accurate threat detection and analysis - and contextualized threat investigation.

The main benefits for Elastic and ESET customers

  • Delivery of real-time data from ESET feeds containing IoCs, including those collected from the most prevalent APT groups
  • Comprehensive feeds of malicious objects, URLs, IPs, botnets and domains and APT groups
  • Deduplicated, highly curated feeds to provide maximum effectiveness with minimal false positives  
  • Unique offering based on proprietary ESET research and telemetry
  • Real-time feeds, offered in commonly used formats​, TAXII/STIX 2.1

See how the integration works

Get more information on how to get started in the documentation