Elastic unveils AI-powered data import feature for enterprise security

Elastic Security has introduced a new feature, Automatic Import, aimed at simplifying the process of data onboarding for its users. The feature utilises generative AI technology to facilitate the integration of custom data sources, making it faster than any other competing security analytics solution currently available.

Michelle Abraham, Research Director for Security and Trust at IDC, commented on the significance of this development. "Automatic Import addresses one of the biggest headaches of switching SIEMs: onboarding custom data sources," she said. "The feature automates the development of new data integrations, reducing the cost, complexity, and stress of migration." The new tool reportedly reduces the time to add custom data sources from several days to less than ten minutes, whereas legacy systems often involve significant manual effort.

Nate Thompson, Senior Manager for Cybersecurity Analytics & Automation at Dana, spoke on the benefits his organisation witnessed. "Automatic Import makes building and testing custom data integrations easier, helping us quickly enhance visibility throughout our environment," he remarked. This perspective underscores the value of the tool in real-world security operations where enterprises deal with diverse data formats and sources.

Elastic's automatic import feature is built on the Elastic Search AI Platform, which provides model-agnostic access to large language models (LLMs) and the ability to ground answers using retrieval-augmented generation (RAG). This capability allows Elastic to handle unstructured data more effectively, offering insights through these technologically advanced models.

Mike Nichols, Vice President of Product for Security at Elastic, highlighted the challenges organisations face in transitioning to new systems. "Establishing visibility across an enterprise IT environment is inherently difficult, but no matter how the attack surface changes, security teams can't afford to fly blind. Until now, onboarding custom data has been costly and complex," Nichols observed. He further noted that Automatic Import arrives at a crucial moment when organisations are looking to replace their legacy SIEM tools.

In addition to this new feature, Elastic Security incorporates more than 400 prebuilt data integrations. Automatic Import extends this capability, enabling the inclusion of technologies and applications relevant to evolving security concerns. The feature is designed to normalise data to the Elastic Common Schema (ECS), allowing uniform analysis with dashboards, search functions, alerting, machine learning, and more.

The company noted that this tool will be highly beneficial for large-scale organisations. One of Elastic's major security customers recently migrated nearly 200 data sources, including numerous custom technologies, with the new feature. According to Elastic, such customers can now save hundreds of hours in consulting time and reduce implementation periods dramatically.

Automatic Import is currently available to all customers with an Enterprise licence. The tool includes support for JSON and NDJSON-based log formats, and it is launching with support for Anthropic models via Elastic's connector for Amazon Bedrock.