Core Components

ELS Data Node

Enterprise-grade data storage and search engine

Purpose: Acts as the heart of the system, providing scalable NoSQL database capabilities for security and operational data.

Key Features:

  • Distributed Architecture: Automatic sharding and replication across cluster nodes

  • Real-time Search: Sub-second query response times on millions of events

  • Hot-Warm-Cold Storage: Automatic data lifecycle management for cost optimization

  • Security Features: Built-in authentication, authorization, and audit logging

Node Types:

  • Master-eligible nodes: Cluster state management and coordination

  • Data nodes: search execution, document storage and indexing operations

ELS Console

Comprehensive web interface for security operations

Purpose: Provides intuitive visualization and management interface for security analysts and administrators.

Key Capabilities:

  • Security Dashboards: Pre-built dashboards for MITRE ATT&CK, compliance, and threat hunting

  • Live Threat Map: Real-time global threat visualization

  • Advanced Analytics: Support for Vega-Lite custom visualizations

  • RBAC Integration: Granular access control with Active Directory integration

  • Plugin Ecosystem: Modular architecture supporting custom security apps

Enhanced Features:

  • Empowered AI Interface: Direct access to AI model store and anomaly detection

  • Data Export Wizard: Streamlined report generation from dedicated tab

ELS Network Node

Intelligent data processing and enrichment pipeline

Purpose: Ingests, processes, and enriches data from hundreds of different sources before storing in ELS Data Node.

Processing Capabilities:

  • Multi-Protocol Ingestion: Syslog, Beats, SNMP, APIs, databases, cloud services

  • Real-time Parsing: Custom parsing rules for any log format or data structure

  • Threat Intelligence: Automatic IOC enrichment from 50+ threat feeds

  • GeoIP Enhancement: Location-based analysis for network traffic

  • Custom Pipeline Creation: GUI-based pipeline builder

Empowered AI

AI-powered security analytics and automation

Purpose: Provides advanced machine learning capabilities for threat detection, user behavior analysis, and predictive security analytics.

AI Capabilities:

  • Online AI Store: Download pre-trained models from https://energylogserver.com/ai-store/

  • Anomaly Detection: Identifies unusual patterns in user behavior, network traffic, and system events

  • Predictive Analytics: Forecasts security trends and potential attack vectors

  • Automated Model Training: Learns from your environment’s normal patterns

  • UEBA Integration: User and Entity Behavior Analytics for insider threat detection

Available Use Cases:

  • Netflow Traffic Analysis: Detects network anomalies and data exfiltration

  • User Behavior Monitoring: Identifies compromised accounts and privilege escalation

  • Malware Detection: Advanced heuristics for unknown malware identification