Get started with Elastic Security
Serverless Security Stack
New to Elastic Security? Follow the instructions in this topic to get started. Then, review the rest of the Get Started section to learn how to use the UI, review requirements, and discover more about our security features.
-
Choose your deployment type
Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend Elastic Security Serverless, which enables you to run Elastic Security in a fully managed environment so you don’t have to manage the underlying Elasticsearch cluster and Kibana instances.
Create an Elastic Security Serverless projectThere are two options to create serverless projects:
- If you're a new user, sign up for a free 14-day trial. For more information about Elastic Cloud trials, check out Trial information.
- If you're an existing customer, log in to Elastic Cloud and follow these instructions on how to create a serverless project.
NoteYou need the
adminpredefined role or an equivalent custom role to create projects. For more information, refer to User roles and privileges.After you've created your project, you're ready to move on to the next step.
Alternatively, if you prefer a self-managed deployment, you can create a local development installation in Docker:
curl -fsSL https://elastic.co/start-local | shCheck out the complete list of deployment types to learn more.
-
Ingest your data
After you've deployed Elastic Security, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into Elastic Security is through one of our hundreds of ready-made integrations. You can add an integration directly from the Get Started page within the Ingest your data section:
- At the top of the page, click Set up Security.
- In the Ingest your data section, click Add data with integrations.
- Choose from one of our recommended integrations, or select another tab to browse by category.
Elastic also provides different ingestion methods to meet your infrastructure needs.
TipIf you have data from a source that doesn't yet have an integration, you can use Automatic Import to create one using AI.
-
Get started with your use case
Not sure where to start exploring Elastic Security or which features may be relevant to you? Continue to the next topic to view our quickstart guides, each of which is tailored to a specific use case and helps you complete a core task so you can get up and running.
Use these resources to learn more about Elastic Security or get started in a different way.
- Migrate your SIEM rules from Splunk's Search Processing Language (SPL) to Elasticsearch Query Language (ES|QL) using Automatic Migration.
- Check out the numerous Security integrations available to collect and process your data.
- Get started with AI for Security.
- Learn how to use Elasticsearch Query Language (ES|QL) for security use cases.
- View our release notes for the latest updates.