ELASTIC Security Labs has announced nine new integrations for Elastic Security, expanding coverage across cloud security, endpoint visibility, email threat detection, identity and SIEM. The rollout includes macOS Security Events, which complements Elastic Defend with predicate-based filters to reduce ingestion noise and provide OS-level visibility alongside Windows, and IBM QRadar, enabling easier alert ingestion and supporting a migration workflow that maps existing rules to Elastic’s detections.
Proofpoint Essentials brings four event types into Elastic Security for SMB environments, while AWS Security Hub findings are brought in in OC SF format and normalised to ECS for unified investigation. Additional new integrations cover JupiterOne, Airlock Digital, Island Browser, Ironscales and Cyera, each shipping with prebuilt dashboards and mappings to accelerate detection, correlation and response.
Across the board, the nine integrations come with ingest pipelines and dashboards that offer immediate value without extra parsers or custom visualisation work. Elastic emphasises that these integrations support a broader detection and investigation capability, including AI-assisted investigation and queries via ES|QL and EQL.