Elastic

ES|QL Cheat Sheet. Save for later.

OMB M-26-14 sets a new logging compliance path to address today’s intensifying cyber threats. This isn't a refresh of the old tiering model. It's a full replacement with a new outcome-based maturity framework, tighter timelines, and IoT and OT systems explicitly in scope for the first time. As CISA plans to publish its logging reference architecture, US federal agencies already operating with a unified logging and security foundation are better positioned to move fast while staying compliant. Distributed architectures are now encouraged, searchability matters more than raw data volume, and the two disciplines at the center of M-26-14 (continuous event monitoring and threat hunting, investigation, response, and forensics) are where Elastic’s unified, AI-powered platform can help agencies store logs affordably, securely share data when needed, and stay ahead of AI-fueled threats. Here's what changed and how Elastic can help you align: https://go.es.io/4eCCe9L

AI is driving a buying cycle reset. Companies consolidating onto fewer platforms are spending more, not less, because the platform keeps expanding into new use cases. Log analytics becomes SIEM. Enterprise search becomes the retrieval layer for AI agents. Observability becomes the investigation layer for security. Each expansion compounds on the last, all on a single Elastic data layer. This is what platform economics looks like when the underlying architecture is actually unified. And it's why the consolidation decision is increasingly a strategic one, not a procurement one. Jesse Sladek, our GVP of Partner Sales, Strategy & Enablement, on what this means for technology leaders making platform decisions in 2026. https://lnkd.in/eTGDuYR8

AI agents are only as powerful as the systems behind them. See how Elastic and AWS drive that at scale. At booth #614, we’re demoing live: → agents that maintain context at scale → logs transformed into actionable signals → threat detection that finds what hides in the noise All running on Elastic Cloud on AWS. At 1:30 PM on the Red Silent Stage (Hall 3E): @Jeff Vestal, Sr. Principal AI Architect at Elastic, presents: “From stateless to stateful: Architecting agent memory with Elastic and Bedrock.” If you're building agentic AI on AWS, save this one for your schedule. See you at #AWSSummit New York →https://go.es.io/4xn4Nzi AWS Partners

Traditional per-endpoint licensing forces a prioritization exercise no SOC lead wants to perform. When you are capped by host count, "low-value" assets become unmonitored footholds for lateral movement. An attacker doesn’t respect your internal asset tiers; they exploit the blind spots you couldn't afford to cover. That’s why we ended the per-endpoint tax. Elastic Security XDR provides world-class prevention for every host without per-endpoint fees, so you can stop choosing what to protect and start securing everything. No compromises. No trade-offs. Just total visibility and world-class prevention and response across your entire environment. Build for the threat, not the invoice: https://go.es.io/4exEPBP

HNSW is fast. But it is also memory-hungry. DiskBBQ is the alternative. Hierarchical K-means partitions all vectors into clusters, each with a representative centroid. The centroids are arranged into a tree and loaded into memory. The vectors themselves stay on disk. At query time, the centroid tree is searched first to find the most promising clusters. Only those get fetched and fully explored. BBQ (Better Binary Quantization) compresses each vector to 1 bit per dimension, so bulk cluster scoring stays fast with minimal memory and disk overhead. SOAR (Spilling with Orthogonality-Amplified Residuals) assigns border vectors to multiple clusters, which reduces the recall penalty of hard cluster boundaries. Use HNSW when you need maximum recall and have plenty of memory. Use DiskBBQ when you're cost-sensitive and can live with slightly lower recall. Full breakdown of how DiskBBQ works under the hood, including benchmarks and configuration details: https://go.es.io/43V34Uq

The fastest way to miss a critical threat is to get buried in the friction of your own tools. Elastic Workflows transforms your security data into an active response engine, eliminating the manual triage and tool-switching that stall investigations. By unifying the lifecycle from detection to containment, it allows you to move from alert to action at the speed of the attack. Built natively where your security data lives, it allows you to execute reliable playbooks and call AI agents for reasoning within a single Workflow. This means no extra system to maintain, no data movement, and no added integration layers. Reclaim your response velocity and shut down the threats that matter, faster. https://go.es.io/4e6RzxU

Critical thinking can't be automated. That's the take from Mandy Andress, Elastic's CISO, who weighs in on the cyber skills every security team still needs, in elastic Forbes Technology Council. As AI takes on more of the heavy lifting in triage, correlation and response, Mandy's point is more important than ever: security teams still need to question assumptions, validate findings and understand the real business impact of threats, so alerts turn into meaningful action, not just noise. Read Mandy's contribution alongside other security leaders: https://go.es.io/4fuIgKz

Attackers are compressing timelines from hours to minutes. See how agentic AI can investigate threats, enrich alerts, and stage responses before analysts ever have to pivot between tools. Join James Spiteri and Andrew Pease from Elastic alongside Daniel Miessler of Unsupervised Learning for a live look at the agentic SOC in action. You’ll see: • Autonomous investigation workflows • Conversational detection engineering • Real-world threat research from Elastic Security Labs • Security operations integrated into tools like Claude, Cursor, and GitHub Copilot Put agentic AI to work: Real-world defense against threats. June 17 | Register now: https://lnkd.in/ekMUb7Qd

The question worth asking after this week at Microsoft Build: what data is your agent actually reasoning over? Without a retrieval layer, your training data may be months old, with no proprietary data, and no knowledge of your environment. That's exactly what our sessions at Build were designed to solve, and what most teams running AI on Azure are still working through. We showed developers how Elasticsearch works as the context provider, retrieving from your actual data before the model generates anything. Developers walked away with hands-on coverage of: → Agent memory and context engineering for long conversations in production → Search-powered AI workflows connected to operational data → Building conversational search experiences with Agent Builder and Azure OpenAI → GitHub Copilot integrations with Elasticsearch → An open-source CI/CD security detector for GitHub Actions and Azure DevOps, built by Elastic Security Labs #MSBuild