mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-29 18:03:32 -04:00
41 lines
1.4 KiB
Text
41 lines
1.4 KiB
Text
[[esql-elastic-security]]
|
|
=== Using {esql} in {elastic-sec}
|
|
|
|
++++
|
|
<titleabbrev>Using {esql} in {elastic-sec}</titleabbrev>
|
|
++++
|
|
|
|
You can use {esql} in {elastic-sec} to investigate events in Timeline and create
|
|
detection rules. Use the Elastic AI Assistant to build {esql} queries, or answer
|
|
questions about the {esql} query language.
|
|
|
|
[discrete]
|
|
[[esql-elastic-security-timeline]]
|
|
=== Use {esql} to investigate events in Timeline
|
|
|
|
You can use {esql} in Timeline to filter, transform, and analyze event data
|
|
stored in {es}. To start using {esql}, open the **{esql}** tab. To learn
|
|
more, refer to {security-guide}/timelines-ui.html#esql-in-timeline[Investigate
|
|
events in Timeline].
|
|
|
|
[discrete]
|
|
[[esql-elastic-security-detection-rules]]
|
|
=== Use {esql} to create detection rules
|
|
|
|
Use the {esql} rule type to create detection rules using {esql} queries. The
|
|
{esql} rule type supports aggregating and non-aggregating queries. To learn
|
|
more, refer to {security-guide}/rules-ui-create.html#create-esql-rule[Create an
|
|
{esql} rule].
|
|
|
|
[discrete]
|
|
[[esql-elastic-security-ai-assistant]]
|
|
=== Elastic AI Assistant
|
|
|
|
Use the Elastic AI Assistant to build {esql} queries, or answer questions about
|
|
the {esql} query language. To learn more, refer to
|
|
{security-guide}/security-assistant.html[AI Assistant].
|
|
|
|
NOTE: For AI Assistant to answer questions about {esql} and write {esql}
|
|
queries, you need to
|
|
{security-guide}/security-assistant.html#set-up-ai-assistant[enable knowledge
|
|
base].
|