Elastic Stack 7.2.0 released, Elasticsearch as the core of Elastic Stack, which is a distributed, RESTful style search engine and data analysis, to solve a variety of use cases continue to emerge.
This release introduces several new features, including the new Elastic SIEM and Elastic App Search, and can update the observational and so on.
Elastic SIEM
Elastic Stack 7.2 added more integration options: Cisco ASA and Palo Alto firewalls are now supported data source. In order to enable users to take advantage of all of these data, Elastic team launched Elastic Common Schema (ECS); ECS is a scalable maps, allowing users to easily analyze common data from different sources.
Now that easily from one step to collect safety data, and stores through a common pattern, the next multiple data sources is through a user interface such content grouped together, and provide tailor-made for the needs of the user security practitioners experience. So Elastic SIEM emerged.
Core Elastic SIEM SIEM is a new application, this application is an interactive workspace security team, allow them to classify the event and conduct the initial investigation. Including a timeline event viewer (Timeline Event Viewer) can allow analysts to collect and store evidence of the attack, fixed-related activities and add comments, and add comments and share their findings, and all this can be done in Kibana in.
In addition, the investigation or interactive threat warning in hunting, SIEM application can also help analyze the host and network-related security incidents.
For more details, see Elastic SIEM released Bowen .
Elastic App Search on-premise version GA
通过 Elastic App Search,开发人员只需短短几分钟,即可打造面向用户的消费者级别搜索体验。
该产品无论在哪里,都可大规模部署。现已面向社区正式推出,并包含在 Elastic Stack 的默认分发包中,免费供用户使用。
更多详情可查看 Elastic App Search 发布博文。
可观察性更新:APM 中的 .NET、Kubernetes 监测、Metrics Explorer
“可观察性”强调对系统、服务和应用程序的运行状况拥有统一的可见性。基于此,新版本继续致力于改进操作人员可用的工具,确保应用程序和服务的可用性、健康和速度。
具体来说,Elastic APM 新增了对 .NET 的支持,推出了用户呼声极高的 .NET 代理的公测版。
在基础设施监测方面,添加了 Metrics Explorer,这是 Kibana 中 Infrastructure 应用内的一个新视图,旨在改善用户与基础设施指标进行临时交互时的体验。
最后, 7.2 版本继续扩展了 Kubernetes 监测工具集合,因为 Elastic 团队针对云端原生技术(例如 CoreDNS 和 CRI-O)推出了数项新的数据集成功能。
更多详情可查看可观察性博文。
其他
- Elasticsearch 简化了“输入即搜索”功能,添加了一个有关快照/恢复功能的 UI,可以让用户在不牺牲性能的情况下更充分地控制相关度,还具有其他一些改进。阅读更多内容。
- 在 Kibana 中,使用针对 Spaces 的高级 RBAC(基于角色的访问控制)功能,能够更加轻松地构建有安全保障的多租户 Kibana 实例。Elastic 团队还针对 Canvas 推出了自助服务模式,而且在新的 Maps 应用内创建的地图现在可以嵌入任何 Kibana 仪表板内。还有能够保护眼睛的深色模式地图磁贴,以及其他功能。阅读更多内容。
- Beats 使用新的 JavaScript 处理器改善边缘处理性能,以及其他功能。阅读更多内容。
- 随着 Java 执行管道 GA 版本的发布,Logstash 实现了速度提升,而且还完全支持将 JMS 作为输入和输出,以及其他改进。阅读更多内容。