 
          The ever-increasing number of online, interconnected systems creates a large attack surface that is challenging to defend against malicious actors. Organizations that take a proactive approach to protecting their data and infrastructure can mitigate the legal, financial, and reputational risks posed by security threats.
OpenSearch offers out-of-the-box Security Analytics to help you detect, investigate, and respond to threats in real time. With Security Analytics, the security log data from your critical infrastructure can provide insight into potential risks to your systems, users, confidential data, and applications. Built-in functionality like customizable detection rules, integrated dashboards, and a robust correlation engine gives your security teams a powerful, flexible toolkit to investigate potential threats and take necessary mitigation steps.
Defend systems and data
Comprehensive visibility
Flexible Toolkit
Real-time Response
Key features
Open-source detection rules
2,200+ prepackaged rules for your security event log sources.
Near-real time anomaly detection.
Advanced algorithms for automatically spotting anomalies in data streams in near real time for timely alerts and faster, more accurate threat detection without manual intervention.
Unified interface
Access user-friendly security threat detection, investigation, and reporting tools.
Automated alerts
Create alerts on matched detection rules so that incident response teams are notified in real time.
Correlation engine
Configure correlation rules to automatically link security findings and investigate them using a visual knowledge graph.
Customizable tools
Use any custom log source and define your own rules to detect potential threats.
Use cases
| Security analytics use cases | |
|---|---|
| Event correlation | Use correlation rules to help identify and investigate potential issues across multiple systems. | 
| Analyze custom logs: | Create customized detection rules to help analyze data from custom log types. | 
| Real-time detection: | Detect adversarial actions in real time and notify security teams about potential threats. | 
Getting started
To learn more about OpenSearch Security Analytics and start exploring your event logs, visit About Security Analytics and Setting up Security Analytics in our documentation.


















