| navigation_title | Get started | ||||||
|---|---|---|---|---|---|---|---|
| mapped_pages | |||||||
| applies_to |
|
||||||
| products |
|
New to {{elastic-sec}}? Follow the instructions in this topic to get started. Then, review the rest of the Get Started section to learn how to use the UI, review requirements, and discover more about our security features.
::::::{{stepper}} :::::{{step}} Choose your deployment type
Elastic provides several self-managed and Elastic-managed options. For simplicity and speed, we recommend {{sec-serverless}}, which enables you to run {{elastic-sec}} in a fully managed environment so you don’t have to manage the underlying {{es}} cluster and {{kib}} instances.
$$$create-sec-serverless-project$$$ ::::{dropdown} Create an {{sec-serverless}} project :open: There are two options to create serverless projects:
- If you're a new user, sign up for a free 14-day trial. For more information about {{ecloud}} trials, check out Trial information.
- If you're an existing customer, log in to {{ecloud}} and do the following:
- Select Create project from the Serverless projects panel.
- Select Next from the Security panel.
- Name your project and select your feature tier. For more information about tiers, refer to pricing.
- Select a cloud provider and region.
- Select Create project. It takes a few minutes to create your project.
- Once the project is ready, select Continue to open the Get started page (you might need to log in to Elastic Cloud again). From here, you can learn more about Elastic Security features and start setting up your workspace.
:::{note}
You need the admin predefined role or an equivalent custom role to create projects. For more information, refer to User roles and privileges.
:::
After you've created your project, you're ready to move on to the next step. ::::
Alternatively, if you prefer a self-managed deployment, you can create a local development installation in Docker:
curl -fsSL https://elastic.co/start-local | shCheck out the complete list of deployment types to learn more.
:::::
::::{{step}} Ingest your data
After you've deployed {{elastic-sec}}, the next step is to get data into the product before you can search, analyze, or use any visualization tools. The easiest way to get data into {{elastic-sec}} is through one of our hundreds of ready-made integrations. You can add an integration directly from the Get Started page within the Ingest your data section:
- At the top of the page, click Set up Security.
- In the Ingest your data section, click Add data with integrations.
- Choose from one of our recommended integrations, or select another tab to browse by category. :::{image} /solutions/images/security-gs-ingest-data.png :alt: Ingest data :screenshot: :::
Elastic also provides different ingestion methods to meet your infrastructure needs.
:::{{tip}}
If you have data from a source that doesn't yet have an integration, you can use Automatic Import to create one using AI.
:::
::::
::::{{step}} Get started with your use case Not sure where to start exploring {{elastic-sec}} or which features may be relevant to you? Continue to the next topic to view our quickstart guides, each of which is tailored to a specific use case and helps you complete a core task so you can get up and running. ::::
::::::
Use these resources to learn more about {{elastic-sec}} or get started in a different way.
- Migrate your SIEM rules from Splunk's Search Processing Language (SPL) to Elasticsearch Query Language ({{esql}}) using Automatic Migration.
- Check out the numerous Security integrations available to collect and process your data.
- Get started with AI for Security.
- Learn how to use {{es}} Query Language ({{esql}}) for security use cases.
- View our release notes for the latest updates.