You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit

Elastic Security requirements

Requirements for using and configuring Elastic Security.

The Support Matrix page lists officially supported operating systems, platforms, and browsers on which components such as Beats, Elastic Agent, Elastic Defend, and Elastic Endpoint have been tested.

Feature-specific requirements

There are some additional requirements for specific features:

Third-party collectors mapped to ECS

The Elastic Common Schema (ECS) defines a common set of fields to be used for storing event data in Elasticsearch. ECS helps users normalize their event data to better analyze, visualize, and correlate the data represented in their events. Elastic Security can ingest and normalize events from any ECS-compliant data source.


Elastic Security requires ECS-compliant data. If you use third-party data collectors to ship data to Elasticsearch, the data must be mapped to ECS. Elastic Security ECS field reference lists ECS fields used in Elastic Security.

On this page