Elastic develops automatic SIEM migration tool

Search AI company Elastic has introduced a new feature designed to simplify the transition from an existing security information and event management (SIEM) deployment to the Elastic Security suite.

The Automatic Migration tool maps existing SIEM detection rules to equivalent Elastic-built rules without the need for exact text matches. Any rules that are not mapped, including lookups and macros, are translated into Elastic queries using generative AI.

Through these capabilities, what is traditionally a complex, time-consuming task of mapping rules manually can instead be completed within minutes, Elastic said. Users are able to examine and review individual rules to ensure they have migrated accurately using a single click.

The new tool has launched into technical preview to all Elastic customers with an enterprise licence or using the Security Analytics Complete tier of Elastic Cloud Serverless. It currently supports automatic migration from Splunk, with plans to support additional SIEMs over time.

Elastic engineers have evaluated the performance of Automatic Migration with real-time rulesets, and conducted extensive error testing. The tool has been tested across a range of AI models.

“Many security teams are stuck using their inefficient SIEMs due to the significant time and money it takes to transition to a modern solution, with migrating detection rules, dashboards and other artifacts among the most challenging aspects for migration,” commented Elastic GM of Security and Observability Santosh Krishnan. “By mapping and translating existing SIEM artifacts, Automatic Migration reduces the cost, complexity and risk that comes with SIEM migration.”

Image credit: iStock.com/MF3d