Ingest third-party security data
Serverless Security Stack
This section describes how to ingest security data from third-party tools into Elasticsearch. Once ingested, this data can provide additional context and enrich your Elastic Security workflows.
You can ingest both third-party workload protection data and third-party security posture and vulnerability data.
This page lists only third-party integrations that collect data that can directly appear in Elastic Security workflows. For a complete list of integrations, many of which can collect security-related data, refer to Integrations.
You can ingest third-party security alerts into Elastic Security to view them on the Alerts page and incorporate them into your triage and threat hunting workflows.
Ingest alerts from the following integrations:
You can ingest third-party data into Elastic Security to review and investigate it alongside data collected by Elastic Security's native integrations. Once ingested, security posture and vulnerability data appears on the Findings page and in the entity details and alert details flyouts.
Data from third-party integrations does not appear on the CNVM dashboard or the Cloud Posture dashboard.
Data from the following integrations can feed into your Elastic Security workflows: