Core Components

ELS Data Node

Purpose: Serves as the core data storage component, providing scalable NoSQL database capabilities for security and operational data.

Key Features:

  • Distributed Architecture: Automatic sharding and replication across cluster nodes

  • Real-time Search: Sub-second query response times across millions of events

  • Hot-Warm-Cold Storage: Automatic data lifecycle management for cost optimization

  • Security Features: Built-in authentication, authorization, and audit logging

Node Types:

  • Master-eligible nodes: Cluster state management and coordination

  • Data nodes: search execution, document storage and indexing operations

ELS Console

Purpose: Provides the visualization and management interface for security analysts and administrators.

Key Capabilities:

  • Security Dashboards: Pre-built dashboards for MITRE ATT&CK, compliance, and threat hunting

  • Live Threat Map: Real-time global threat visualization

  • Advanced Analytics: Support for Vega-Lite custom visualizations

  • RBAC Integration: Granular access control with Active Directory integration

  • Plugin Ecosystem: Modular architecture supporting custom security apps

Enhanced Features:

  • Empowered AI Interface: Direct access to AI model store and anomaly detection

  • Data Export Wizard: Streamlined report generation from dedicated tab

ELS Network Node

Purpose: Ingests, processes, and enriches data from multiple sources before storing in ELS Data Node.

Processing Capabilities:

  • Multi-Protocol Ingestion: Syslog, Beats, SNMP, APIs, databases, cloud services

  • Real-time Parsing: Custom parsing rules for any log format or data structure

  • Threat Intelligence: Automatic IOC enrichment from multiple threat feeds

  • GeoIP Enhancement: Location-based analysis for network traffic

  • Custom Pipeline Creation: GUI-based pipeline builder

Empowered AI

Purpose: Provides machine learning capabilities for threat detection, user behavior analysis, and predictive analytics.

AI Capabilities:

  • Online AI Store: Download pre-trained models from https://energylogserver.com/ai-store/

  • Anomaly Detection: Identifies unusual patterns in user behavior, network traffic, and system events

  • Predictive Analytics: Forecasts trends and potential environmental issues

  • Automated Model Training: Learns from your environment’s normal patterns

  • UEBA Integration: User and Entity Behavior Analytics for insider threat detection

Available Use Cases:

  • Netflow Traffic Analysis: Detects network anomalies and data exfiltration

  • User Behavior Monitoring: Identifies compromised accounts and privilege escalation

  • AI Assistant: Prompt-based log analysis integrated into the Discover view. See AI Assistant in Discover for usage details.