| navigation_title | Serverless feature tiers | |||
|---|---|---|---|---|
| applies_to |
|
|||
| products |
|
{{sec-serverless}} projects are available in the following tiers, each with a carefully selected set of features to enable security operations:
- Elastic AI SOC Engine (EASE): Use Elastic's AI-powered threat hunting and alert triage capabilities to complement a third-party SIEM deployment.
- Security Analytics Essentials: Everything most organizations need to operationalize traditional SIEM.
- Security Analytics Complete: All the capabilities included in Security Analytics Essentials, plus additional features that provide a more complete toolset.
Both of the Security Analytics tiers have Add-on options for endpoint protection and cloud protection.
Refer to the feature comparison table for a more detailed comparison between the tiers.
For pricing information, refer to Elastic Security Serverless pricing.
The following table compares features available in each feature tier:
| Feature Name | Security Analytics Complete | Security Analytics Essentials | EASE |
|---|---|---|---|
| Cases (collect and share information) | ✅ | ✅ | ✅ |
| Native integrations with third-party SIEM and EDR platforms | ✅ | ✅ | ✅ |
| Out of the box dashboards | ✅ | ✅ | ❌ |
| Prebuilt and custom detection rules | ✅ | ✅ | ❌ |
| Machine learning | ✅ | ✅ | ❌ |
| Triage, investigation, and hunting | ✅ | ✅ | ❌ |
| Threat intelligence integration | ✅ | ✅ | ❌ |
| AI Assistant with custom knowledge support | ✅ | ❌ | ✅ |
| Attack Discovery (AI-powered alert correlation) | ✅ | ❌ | ✅ |
| Automatic Import (AI-powered custom integrations) | ✅ | ❌ | ❌ |
| Entity analytics / UEBA | ✅ | ❌ | ❌ |
| Extended security content | ✅ | ❌ | ❌ |
| Threat intelligence management | ✅ | ❌ | ❌ |
| Private connectivity | ✅ | ❌ | ❌ |
| IP filtering | ✅ | ❌ | ❌ |
Both the Security Analytics Complete and Security Analytics Essentials feature tiers have optional add-ons for Endpoint protection and Cloud protection. The features included in each add on vary by feature tier, as follows:
Endpoint protection add-on:
| Feature Name | Complete | Essentials |
|---|---|---|
| Malware prevention | ✅ | ✅ |
| Ransomware protection | ✅ | ✅ |
| Memory and behavior prevention | ✅ | ✅ |
| Endpoint response actions | ✅ | ❌ |
| Advanced endpoint policy management | ✅ | ❌ |
Cloud protection add-on:
| Feature Name | Complete | Essentials |
|---|---|---|
| Workload runtime protection | ✅ | ✅ |
| Cloud native posture management for Kubernetes, AWS, GCP & more | ✅ | ✅ |
| Response actions | ✅ | ❌ |
% commenting this out until it gets reintroduced in 9.3 | Drift protection for containers | ✅ | ❌ |
:::{warning} Upgrading a project to a higher feature tier cannot always be efficiently reversed: downgrading to a lower tier immediately makes some features unavailable, and data associated with those features can be permanently deleted. :::
To access the additional features available in a higher feature tier:
- From the {{ecloud}} Console, select Manage next to the {{serverless-short}} project you want to upgrade.
- Next to Project features, select Edit.
- Select your desired feature tier.
- Select Save to complete the upgrade.
:::{note} You cannot downgrade to EASE from any other feature tier. You can upgrade from EASE to other tiers. :::
When you downgrade your Security project features selection from Security Analytics Complete to Security Analytics Essentials, the following features become unavailable:
- All Entity Analytics features
- The ability to use certain entity analytics-related integration packages, such as:
- Data Exfiltration detection
- Lateral Movement detection
- Living off the Land Attack detection
- Intelligence Indicators page
- External rule action connectors
- Case connectors
- Endpoint response actions history
- Endpoint host isolation exceptions
- Trusted devices
- AI Assistant
- Attack discovery
And, the following data may be permanently deleted:
- AI Assistant conversation history
- AI Assistant settings
- Entity Analytics user and host risk scores
- Entity Analytics asset criticality information
- Detection rule external connector settings
- Detection rule response action settings