Detect and respond to security threats in real time

OpenSearch platform for security analytics applications hero banner.
OpenSearch platform for security analytics applications hero banner.

The ever-increasing number of online, interconnected systems creates a large attack surface that is challenging to defend against malicious actors. Organizations that take a proactive approach to protecting their data and infrastructure can mitigate the legal, financial, and reputational risks posed by security threats.

OpenSearch offers out-of-the-box Security Analytics to help you detect, investigate, and respond to threats in real time. With Security Analytics, the security log data from your critical infrastructure can provide insight into potential risks to your systems, users, confidential data, and applications. Built-in functionality like customizable detection rules, integrated dashboards, and a robust correlation engine gives your security teams a powerful, lexible toolkit to investigate potential threats and take necessary mitigation steps.

Defend systems and data
Help protect organizational systems and sensitive data from malicious activity, including insider threats.
Comprehensive visibility
Collect security event data from a wide variety of log sources to generate critical insights.
Flexible Toolkit
Detect potential threats with prepackaged or customizable detection rules that follow a generic, open-source format.
Real-time Response
Monitor and correlate adversary actions in real time across devices, hosts, and applications.

Key Features

Open-source detection rules

2,200+ prepackaged rules for your security event log sources.

Unified interface

Access user-friendly security threat detection, investigation, and reporting tools.

Automated alerts

Create alerts on matched detection rules so that incident response teams are notified in real time.

Correlation engine

Configure correlation rules to automatically link security findings and investigate them using a visual knowledge graph.

Customizable tools

Use any custom log source and define your own rules to detect potential threats.

Use Cases

Security Analytics Use Cases
Event correlation Use correlation rules to help identify and investigate potential issues across multiple systems.
Analyze custom logs: Create customized detection rules to help analyze data from custom log types.
Real-time detection: Detect adversarial actions in real time and notify security teams about potential threats.

Getting Started

To learn more about OpenSearch Security Analytics and start exploring your event logs, visit About Security Analytics and Setting up Security Analytics in our documentation.