--- title: "Elastic’s new Custom Threat Intelligence integration" source_name: "Elastic Blog" original_url: "https://www.elastic.co/blog/custom-threat-intelligence-integration" canonical_url: "https://www.traeai.com/articles/08e6d4f4-c66f-4211-9c72-34d416a0d184" content_type: "article" language: "英文" score: 5 tags: ["Elastic","威胁情报","Security","SIEM","Threat Intel"] published_at: "2024-11-19T05:00:00+00:00" created_at: "2026-05-01T23:07:03.677719+00:00" --- # Elastic’s new Custom Threat Intelligence integration Canonical URL: https://www.traeai.com/articles/08e6d4f4-c66f-4211-9c72-34d416a0d184 Original source: https://www.elastic.co/blog/custom-threat-intelligence-integration ## Summary 页面显示 Custom Threat Intelligence 集成主题,但正文严重截断,仅剩半句‘build dashboards using data sto…’,无技术实现路径。 ## Key Takeaways - 标题明确安全领域新能力,但未披露支持的 TI 格式(如 STIX/MISP) - 未说明如何接入私有威胁源或做规则映射 - 缺乏 API 示例、Kibana 配置截图或检测规则样例 ## Content Title: Elastic’s new Custom Threat Intelligence integration URL Source: http://www.elastic.co/blog/custom-threat-intelligence-integration Published Time: 2024-11-19T05:00:00.000Z Markdown Content: # Elastic’s new Custom Threat Intelligence integration | Elastic Blog [Skip to main content](http://www.elastic.co/blog/custom-threat-intelligence-integration#main-content) New Forrester Wave Leader, Q2 2025 [Access report](http://www.elastic.co/resources/observability/analyst-report/gartner-magic-quadrant-observability-platforms?plcmt=global-alert-banner) [About us](http://www.elastic.co/about)[Partners](http://www.elastic.co/partners)[Support](http://www.elastic.co/support)|EN[Login](https://cloud.elastic.co/login) [](http://www.elastic.co/) * Elasticsearch ##### Elasticsearch for... * ###### [Context engineering Get the most relevant context to agents so that they deliver accurate and trusted outcomes](http://www.elastic.co/elasticsearch/context-engineering) * ###### [Vector database Efficiently create, store, and search vector embeddings](http://www.elastic.co/elasticsearch/vector-database) * ###### [Search powered applications The speed, scale, and flexibility to power modern application experience](http://www.elastic.co/enterprise-search/search-applications) * ###### [Logs Collect, search, explore, and act on large volumes](http://www.elastic.co/observability/log-monitoring) * ###### [Threat protection Detect, investigate, and remediate cyber threats at scale on real-time data](http://www.elastic.co/security/investigation-response) * ###### [Workflows Combine scripted automation with AI reasoning natively in Elasticsearch](http://www.elastic.co/elasticsearch/workflows) ##### Elasticsearch components * ###### [Elasticsearch A distributed, RESTful search and analytics engine](http://www.elastic.co/elasticsearch) * ###### [Kibana (Discover, Dashboards) Explore, visualize, and build dashboards using data stored in Elasticsearch](http://www.elastic.co/kibana) * ###### [Elastic Agent Builder Build context-aware agents faster that incorporate all your data and deliver best-in-class relevance.](http://www.elastic.co/elasticsearch/agent-builder) * ###### [AutoOps Easy cluster management with performance recommendations, resource utilization, and cost insights](http://www.elastic.co/platform/autoops) * ###### [Piped query language Simplify workflows and accelerate query response for efficient data processing](http://www.elastic.co/elasticsearch/piped-query-language) * ###### [Jina AI search models Jina AI is part of Elastic, bringing best-in-class models for embeddings, rerankers, and URL and doc extraction](http://www.elastic.co/jina-search-models) ##### Deployment options * ###### [Elastic Cloud Serverless Zero operational load so that you can build faster](http://www.elastic.co/cloud/serverless?pg=global&plcmt=nav&cta=205352-serverless-title)[Start free trial](https://cloud.elastic.co/serverless-registration?pg=global&plcmt=nav&cta=205352-serverless) * ###### [Elastic Cloud Hosted Deploy and scale on any cloud in minutes with ultimate control](http://www.elastic.co/cloud?pg=global&plcmt=nav&cta=205352-hosted-title)[Start free trial](https://cloud.elastic.co/registration?pg=global&plcmt=nav&cta=205352-hosted) * ###### [Self-managed Elasticsearch Run locally, via Kubernetes, or your own orchestration](http://www.elastic.co/downloads/elasticsearch?pg=global&plcmt=nav&cta=205352-title)[Download](http://www.elastic.co/downloads/elasticsearch?pg=global&plcmt=nav&cta=205352) * Solutions ##### Search * ###### [Ecommerce search Improve customers' search experience and drive conversion](http://www.elastic.co/enterprise-search/ecommerce) * ###### [Customer support search Help customers find support information quickly and easily](http://www.elastic.co/enterprise-search/customer-support) * ###### [Search-driven apps Create engaging apps quickly and easily with Elasticsearch](http://www.elastic.co/enterprise-search/site-search) [Overview](http://www.elastic.co/enterprise-search) ##### Observability * ###### [Log analytics Centralize and analyze logs using Search AI to detect, investigate, and remediate incidents](http://www.elastic.co/observability/log-monitoring) * ###### [Infrastructure monitoring Monitor, visualize, and analyze the health of your on-premises and cloud infrastructure](http://www.elastic.co/observability/infrastructure-monitoring) * ###### [Digital experience monitoring Improve users' experience with real user monitoring (RUM), synthetic testing, and uptime monitoring](http://www.elastic.co/observability/digital-experience-monitoring) * ###### [App performance monitoring Monitor, visualize, and analyze the performance and availability of your applications](http://www.elastic.co/observability/application-performance-monitoring) * ###### [AIOps Automatically detect, diagnose, and resolve issues faster with GenAl and ML](http://www.elastic.co/observability/aiops) * ###### [LLM observability Monitor and optimize LLM performance, cost, safety, and reliability](http://www.elastic.co/observability/llm-monitoring) [Overview](http://www.elastic.co/observability) ##### Security * ###### [Next-gen SIEM Detect, investigate, and respond to evolving threats with Al-driven security analytics](http://www.elastic.co/security/siem) * ###### [Workflows for security Automate alert triage, enrichment, and response natively. No separate SOAR required.](http://www.elastic.co/security/soar) * ###### [XDR and endpoint security Secure your endpoints, clouds, and containers with AI-driven insights](http://www.elastic.co/security/xdr) * ###### [AI for security Automate your triage, investigation, and response workflows with Search AI](http://www.elastic.co/security/ai) [Overview](http://www.elastic.co/security) * Enterprise ##### Why Elastic? * ###### [10x your data's value Learn how you can tap into your underutilized data with Search AI](http://www.elastic.co/search-ai?plcmt=nav&cta=205352) [Knowledge Hub](http://www.elastic.co/what-is) ##### Industry [Financial services](http://www.elastic.co/industries/financial-services)[Manufacturing](http://www.elastic.co/industries/manufacturing)[Public sector](http://www.elastic.co/industries/public-sector)[Retail](http://www.elastic.co/industries/retail-ecommerce)[Telecommunications](http://www.elastic.co/industries/telecommunications)[View all industries](http://www.elastic.co/industries) ##### Better together * ###### [Cloud providers Deploy with your favorite cloud marketplace: AWS, Azure, or Google Cloud](http://www.elastic.co/partners/cloud-marketplace) * ###### [Elastic AI Ecosystem Use Elastic with built-in integrations with leading Al technology providers](http://www.elastic.co/partners/ai-ecosystem) * ###### [Search AI Partner Program Partner with Elastic so we can find the answers, together](http://www.elastic.co/partners) ##### Accolades * ###### [AV-Comparatives Elastic earns Endpoint Prevention and Response Certification from AV-Comparatives](http://www.elastic.co/resources/security/report/av-comparatives-endpoint-protection-response?plcmt=en-nav) * ###### [Forrester Wave™ Leader A Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025](http://www.elastic.co/resources/security/report/forrester-security-analytics-wave?plcmt=en-nav&cta=236038) * ###### [Gartner Magic Quadrant Leader A Leader in 2025 Gartner® Magic Quadrant™ for Observability Platforms](http://www.elastic.co/resources/observability/analyst-report/gartner-magic-quadrant-observability-platforms?plcmt=en-nav&cta=261204) * ###### [IDC MarketScape Leader Leader in IDC MarketScape: Worldwide SIEM for Enterprise 2024](http://www.elastic.co/resources/security/report/idc-analyst-siem-marketspace-report) ##### Customers [View all customers stories](http://www.elastic.co/customers) ![Image 4: logo for Docusign](https://elastic-global-nav-assets.s3.us-west-2.amazonaws.com/logo-docusign.svg) ### [Search Docusign powers millions of e-signature searches daily with Elasticsearch](http://www.elastic.co/customers/docusign) ![Image 5: logo for UOL](https://elastic-global-nav-assets.s3.us-west-2.amazonaws.com/logo-uol.svg) ### [Security UOL slashes incident resolution time by 80% with Elastic Security](http://www.elastic.co/customers/uol) ![Image 6: logo for PepsiCo](https://elastic-global-nav-assets.s3.us-west-2.amazonaws.com/logo-pepsico.svg) ### [Observability Pepsi boosts efficiency and reduces MTTR by 30% with Elastic Observability](http://www.elastic.co/customers/pepsico) * Resources ##### Launch * ###### [Get started Follow along with beginner guides for each solution](http://www.elastic.co/getting-started) * ###### [Demo gallery Play in our hands-on sandbox and watch how-to videos](http://www.elastic.co/demo-gallery) * ###### [Downloads Download Elasticsearch now to get started for free](http://www.elastic.co/downloads) * ###### [Integrations Easily connect Elasticsearch to all the systems that matter](http://www.elastic.co/integrations/data-integrations) ##### Learn * ###### [Docs Learn how to use all of Elastic's products and features](https://www.elastic.co/docs) * ###### [Elasticsearch Labs Learn how to build with the latest features and abilities](https://www.elastic.co/search-labs) * ###### [Elastic Security Labs Understand the threat horizon and see the latest research](https://www.elastic.co/security-labs) * ###### [Elastic Observability Labs Explore what's next in monitoring and metric trends](https://www.elastic.co/observability-labs) * ###### [Blog Read all of the latest company news from Elastic's blog](http://www.elastic.co/blog) ##### Connect * ###### [Community Join our community of developers on Slack, GitHub, and more](http://www.elastic.co/community) * ###### [Events Attend your local meetups, workshops, and Elastic{ON}](http://www.elastic.co/events) * ###### [Webinars Check out Elastic webinars and learn directly from our experts](http://www.elastic.co/events/?tab=1&event=Webinars) * ###### [Discuss Share tips, ask questions, and learn from other developers](https://discuss.elastic.co/) ##### Get help * ###### [Training Learn Elastic for free and expand your skills with our courses](http://www.elastic.co/training) * ###### [Support Get expert advice on your Elasticsearch deployments for fast resolution](http://www.elastic.co/support) * ###### [Consulting Drive success with custom support and consulting services](http://www.elastic.co/consulting) [Pricing](http://www.elastic.co/pricing)[Docs](https://www.elastic.co/docs) Search [Start free trial](https://cloud.elastic.co/registration?tech=rtp&pg=global&plcmt=nav&cta=eswt-24503-b)[Contact sales](http://www.elastic.co/contact) [Blog](http://www.elastic.co/blog) [Company](http://www.elastic.co/blog/custom-threat-intelligence-integration) [* Solutions](http://www.elastic.co/blog/category/solutions) [* Stack + Cloud](http://www.elastic.co/blog/category/stack-cloud) [* News](http://www.elastic.co/blog/category/company-news) [* Customers](http://www.elastic.co/blog/category/customers) [* Generative AI](http://www.elastic.co/blog/category/generative-ai) [* Culture](http://www.elastic.co/blog/category/culture) [Elasticsearch Labs](http://www.elastic.co/search-labs) [* Blogs](http://www.elastic.co/search-labs/blog) [* Tutorials](http://www.elastic.co/search-labs/tutorials) [* Examples](http://www.elastic.co/search-labs/tutorials/examples) [* Integrations](http://www.elastic.co/search-labs/integrations) [Security Labs](http://www.elastic.co/security-labs) [* Blogs](http://www.elastic.co/security-labs) [* Reports](http://www.elastic.co/security-labs/category/reports) [* Tools](http://www.elastic.co/security-labs/category/tools) [Observability Labs](http://www.elastic.co/observability-labs) [* Blogs](http://www.elastic.co/observability-labs/blog) [![Image 7: Blog feed](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-rss-feed-24.svg)](http://www.elastic.co/blog/feed) ## Table of Contents Table of contents![Image 8: icon-toc-16-blue.svg](http://www.elastic.co/static-res/images/svg/icon-toc-16-blue.svg) * [Elastic’s new Custom Threat Intelligence integration](http://www.elastic.co/blog/custom-threat-intelligence-integration#elastic%E2%80%99s-new-custom-threat-intelligence-integration) * [Key features of the Custom Threat Intelligence integration](http://www.elastic.co/blog/custom-threat-intelligence-integration#key-features-of-the-custom-threat-intelligence-integration) * [Use case: Understanding a CEL program for custom API ingestion](http://www.elastic.co/blog/custom-threat-intelligence-integration#use-case:-understanding-a-cel-program-for-custom-api-ingestion) * [Breaking down the CEL program](http://www.elastic.co/blog/custom-threat-intelligence-integration#breaking-down-the-cel-program) * [CEL initial state](http://www.elastic.co/blog/custom-threat-intelligence-integration#cel-initial-state) * [Bring threat data into your security infrastructure easily](http://www.elastic.co/blog/custom-threat-intelligence-integration#bring-threat-data-into-your-security-infrastructure-easily) * Close # Elastic’s new Custom Threat Intelligence integration By [Chema Martinez](http://www.elastic.co/blog/author/chema-martinez) November 19, 2024 ![Image 9: 145070_-_Blog_header_image_Switching_from_the_Java_High_Level_(1).jpg](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt1c3e638bb361b5b7/673abf1866a4f3cb560cbd56/145070_-_Blog_header_image_Switching_from_the_Java_High_Level_(1).jpg) * [![Image 10: Twitter](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-twitter-grey.svg)![Image 11: Twitter](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-twitter-white.svg)Share on Twitter](javascript:void(0))Share on Twitter * [![Image 12: LinkedIn](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-linkedIn-grey.svg)![Image 13: LinkedIn](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-linkedIn-white.svg)Share on LinkedIn](javascript:void(0))Share on LinkedIn * [![Image 14: Facebook](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-facebook-grey.svg)![Image 15: Facebook](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-facebook-white.svg)Share on Facebook](javascript:void(0))Share on Facebook * [![Image 16: email](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-mail-24-lighterInk.svg)![Image 17: email](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-mail-24-white.svg)Share by Email](javascript:void(0))Share by Email * [![Image 18: print](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-print-24-lighterInk.svg)![Image 19: print](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-print-24-white.svg)Print this page](javascript:void(0))Print In modern cybersecurity, organizations must be prepared to handle a wide variety of threat intelligence data to stay ahead of emerging threats. To support this need, Elastic introduces the[Custom Threat Intelligence integration](https://www.elastic.co/docs/current/integrations/ti_custom), specifically designed for ingesting indicators of compromise (IoCs) in the STIX 2.1 format. By [converting](https://www.elastic.co/security-labs/stixy-situations-ecsaping-your-threat-data) STIX data into the Elastic Common Schema (ECS), this integration makes it simple to bring threat data from diverse sources directly into Elastic for unified analysis and detection workflows. This integration gives users the flexibility to gather threat intelligence from a range of sources, such as STIX-compliant APIs, TAXII 2.1 servers, and even log files in air-gapped environments. ## Key features of the Custom Threat Intelligence integration The Custom Threat Intelligence integration is built for ingesting and converting STIX data into ECS, allowing users to merge threat intelligence from various external sources into Elastic effortlessly. Below are the integration’s core features: * **Conversion of STIX indicators to ECS:** The integration is designed to ingest STIX 2.1 format data, converting each indicator into ECS-compatible fields. A default pipeline handles common STIX data mappings automatically, but users can extend functionality by adding custom pipelines for unique STIX indicators or formats as needed. * **CEL input for API communication:** The integration uses the [Common Expression Language (CEL) input](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html) to enable flexible communication with STIX APIs. Through CEL programs, the integration can connect to STIX-compliant APIs and retrieve relevant threat intelligence data. This approach allows for highly customizable data ingestion, handling HTTP requests, responses, and data processing in a structured way. * **Built-in TAXII 2.1 client for simplified data retrieval:** For organizations relying on TAXII servers, the integration includes a built-in CEL program that acts as a TAXII 2.1 client. This client facilitates connections to TAXII 2.x servers, automatically retrieving STIX data with minimal configuration — just the TAXII server URL and any required authentication credentials. * **Log file support for air-gapped environments:** Recognizing the needs for air-gapped environments, the integration also supports reading STIX-based threat intelligence from log files. This enables organizations in isolated environments to incorporate threat intelligence without requiring direct internet access. * **Built-in dashboard for visualizing indicators:** The integration comes with a built-in dashboard to visualize ingested threat intelligence indicators, making it easy for users to view and interpret the threat data collected. This dashboard provides an organized view of indicators, helping analysts quickly assess threat intelligence patterns and enhance awareness. ![Image 20: Custom Threat Intelligence dashboard: IoCs overview](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte8d009e546f997ef/673ab94c9123c2ec790a412b/image2.png) Custom Threat Intelligence dashboard: IoCs overview ## Use case: Understanding a CEL program for custom API ingestion For STIX APIs that do not follow a specific protocol like TAXII, CEL programs allow you to customize the retrieval and processing of threat data. Using CEL, you can define HTTP headers, query parameters, pagination, and payload processing to meet the requirements of the API — ensuring accurate and complete ingestion of threat intelligence. To show how CEL programs work within the Custom Threat Intelligence integration, let’s break down a sample CEL program. This example shows how a CEL program can be used to retrieve data from a custom STIX API using the GET method and incorporates flexible authentication options based on the presence of an API key or Basic Authentication credentials. ``` state.with( request( "GET", (has(state.initial_interval) && state.initial_interval != "") ? ( state.url.trim_right("/") + "?" + { "start": [(now() - duration(state.initial_interval)).format(time_layout.RFC3339)], }.format_query() ) : state.url ).with( { "Header": { "Authorization": (has(state.api_key) && state.api_key != "") ? ["Bearer " + string(state.api_key)] : (state.?username.orValue("") != "" && state.?password.orValue("") != "") ? ["Basic " + (state.username + ":" + state.password).base64()] : [] } } ).do_request().as(resp, (resp.StatusCode == 200) ? bytes(resp.Body).decode_json().as(body, { "events": body.objects.map(e, { "message": e.encode_json(), } ), "url": state.url, "api_key": state.?api_key.orValue(""), "username": state.?username.orValue(""), "password": state.?password.orValue(""), } ) : { "events": { "error": { "code": string(resp.StatusCode), "id": string(resp.Status), "message": "GET:" + ( (size(resp.Body) != 0) ? string(resp.Body) : string(resp.Status) + " (" + string(resp.StatusCode) + ")" ), }, } } ) ) ``` ![Image 21](http://www.elastic.co/static-res/images/content-copy-16-blue.svg)Copy to clipboard Copy to clipboard ### Breaking down the CEL program 1. **Request construction:** The CEL program constructs an HTTP GET request. If the _initial\_interval_ is set, the request URL appends a query parameter specifying the start time — which is calculated from the current time minus the initial interval. This allows the integration to fetch only recent threat data. 2. **Header setup:** The program dynamically builds the Authorization header to support different types of authentication: 1. If an _api\_key_ is provided, it creates a Bearer token using _Authorization: Bearer _. 2. If the API requires Basic Authentication instead, it checks for _username_ and _password_ fields, encoding them in base64 as required by the Basic format. 3. If neither an API key nor username and password are available, the Authorization header is left empty. 3. **Data processing on successful response:** If the response status is 200 (OK), the program decodes the JSON body of the response and maps each STIX object as an event in Elastic. 4. **Error handling:** If the response status is not 200, the program generates an error event that includes the status code, response status, and any response body content. This error handling provides visibility into any issues with data retrieval. ### CEL initial state Each CEL program requires an [initial state](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#input-state-cel) definition — which includes key parameters, such as the API URL, authentication tokens, and retrieval intervals. Following the example above, the CEL state for this case could look like this. ``` url: "https://stix-server.example.com" username: "" password: "" initial_interval: "120h" ``` ![Image 22](http://www.elastic.co/static-res/images/content-copy-16-blue.svg)Copy to clipboard Copy to clipboard When adding a CEL program to the Custom Threat Intelligence integration, ensure the _Enable TAXII 2.1_ toggle is disabled, and paste the CEL program and its initial state into the designated blocks in the integration’s configuration. ![Image 23: CEL configuration for the integration](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blta15a552588261ceb/673ab9f4b35d6679916d896b/Screenshot_2024-11-17_at_10.52.13_PM.png) CEL configuration for the integration This example provides a generic template for using CEL programs to retrieve threat intelligence from STIX APIs. However, users will likely need to adapt the program based on the specific requirements of their STIX server — paying particular attention to query parameters, required headers, and the structure of the response body. ## Bring threat data into your security infrastructure easily Elastic’s Custom Threat Intelligence integration makes it easy to bring threat data into your security infrastructure — giving you more insights to catch and respond to threats faster. With support for STIX 2.1 indicators, connections to TAXII servers, and flexible CEL configurations, this integration is built to fit your specific needs — turning threat intelligence indicators into ECS format so that it works seamlessly across the Elasticsearch Platform. We’re excited for you to[try out these features](https://www.elastic.co/docs/current/integrations/ti_custom), explore new use cases, and share your feedback to help us continue evolving threat intelligence capabilities within Elastic. _The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all._ ## Share * [![Image 24: Twitter](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-twitter-grey.svg)![Image 25: Twitter](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-twitter-white.svg)Share on Twitter](javascript:void(0))Share on Twitter * [![Image 26: LinkedIn](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-linkedIn-grey.svg)![Image 27: LinkedIn](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-linkedIn-white.svg)Share on LinkedIn](javascript:void(0))Share on LinkedIn * [![Image 28: Facebook](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-facebook-grey.svg)![Image 29: Facebook](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-facebook-white.svg)Share on Facebook](javascript:void(0))Share on Facebook * [![Image 30: email](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-mail-24-lighterInk.svg)![Image 31: email](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-mail-24-white.svg)Share by Email](javascript:void(0))Share by Email * [![Image 32: print](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-print-24-lighterInk.svg)![Image 33: print](http://www.elastic.co/static-res/images/svg/blogsvgs/icon-print-24-white.svg)Print this page](javascript:void(0))Print ### Sign up for Elastic Cloud free trial Spin up a fully loaded deployment on the cloud provider you choose. As the company behind [Elasticsearch](http://www.elastic.co/elasticsearch), we bring our features and support to your Elastic clusters in the cloud. [Start free trial](https://cloud.elastic.co/registration) [![Image 34: Elastic The Search AI Company](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf8467a95eaa27e4a/6638d7da0d02e4e98155aaa3/logo-tagline_secondary_all_white-177.svg)](http://www.elastic.co/) Follow us * [![Image 35: Elastic's LinkedIn page](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte7cfb1a091901ce1/5eb00c925751b2150e57a9d6/footer-icon-linkedin.svg)](https://www.linkedin.com/company/elastic-co) * [![Image 36: Elastic's YouTube page](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt7c28b18be98b1af8/5eb00ca908d37e6d82ef7655/footer-icon-youtube.svg)](https://www.youtube.com/user/elasticsearch) * [![Image 37: Elastic's Facebook page](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt75566c5278ad68da/5eb00c59d238e314f259fbea/footer-icon-facebook.svg)](https://www.facebook.com/elastic.co) * [![Image 38: Elastic's Twitter page](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt341fed86979a9fbb/5eb00c76b8a6356e4ddc1180/footer-icon-twitter.svg)](https://www.twitter.com/elastic) * [![Image 39: Elastic's GitHub page](https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt6ef5841a45696d80/64ca2a6fc530871313bc3822/icon-footer-github.svg)](https://github.com/elastic) * About us [About Elastic](http://www.elastic.co/about/)[Leadership](http://www.elastic.co/about/leadership)[Blog](http://www.elastic.co/blog)[Newsroom](http://www.elastic.co/about/press) * Join us [Careers](http://www.elastic.co/careers)[Career portal](https://jobs.elastic.co/#/)[How we hire](http://www.elastic.co/careers/how-we-hire) * Partners [Find a partner](https://partners.elastic.co/findapartner/)[Partner login](https://cloud.elastic.co/login?redirectTo=https://partners.elastic.co/English/Partner/home.aspx)[Request access](https://partners.elastic.co/English/register_email.aspx)[Become a partner](http://www.elastic.co/partners/become-a-partner) * Trust & Security [Legal](http://www.elastic.co/legal)[Trust center](http://www.elastic.co/trust)[Privacy](http://www.elastic.co/trust/privacy)[Trade Compliance](http://www.elastic.co/legal/trade-compliance)[Ethics & Compliance](http://www.elastic.co/legal/ethics-and-compliance) * Investor relations [Investor resources](https://ir.elastic.co/home/default.aspx)[Governance](https://ir.elastic.co/governance/corporate-governance/default.aspx)[Financials](https://ir.elastic.co/financials/quarterly-results/default.aspx)[Stock](https://ir.elastic.co/stock/stock-quote/default.aspx) * Excellence Awards [Previous winners](http://www.elastic.co/blog/2022-elastic-excellence-awards-winners)[Elastic{ON} Tour](http://www.elastic.co/events/elasticon)[Become a sponsor](http://www.elastic.co/events/sponsor)[All events](http://www.elastic.co/events/) About us * [About Elastic](http://www.elastic.co/about/) * [Leadership](http://www.elastic.co/about/leadership) * [Blog](http://www.elastic.co/blog) * [Newsroom](http://www.elastic.co/about/press) Join us * [Careers](http://www.elastic.co/careers) * [Career portal](https://jobs.elastic.co/#/) * [How we hire](http://www.elastic.co/careers/how-we-hire) Partners * [Find a partner](https://partners.elastic.co/findapartner/) * [Partner login](https://cloud.elastic.co/login?redirectTo=https://partners.elastic.co/English/Partner/home.aspx) * [Request access](https://partners.elastic.co/English/register_email.aspx) * [Become a partner](http://www.elastic.co/partners/become-a-partner) Trust & Security * [Legal](http://www.elastic.co/legal) * [Trust center](http://www.elastic.co/trust) * [Privacy](http://www.elastic.co/trust/privacy) * [Trade Compliance](http://www.elastic.co/legal/trade-compliance) * [Ethics & Compliance](http://www.elastic.co/legal/ethics-and-compliance) Investor relations * [Investor resources](https://ir.elastic.co/home/default.aspx) * [Governance](https://ir.elastic.co/governance/corporate-governance/default.aspx) * [Financials](https://ir.elastic.co/financials/quarterly-results/default.aspx) * [Stock](https://ir.elastic.co/stock/stock-quote/default.aspx) Excellence Awards * [Previous winners](http://www.elastic.co/blog/2022-elastic-excellence-awards-winners) * [Elastic{ON} Tour](http://www.elastic.co/events/elasticon) * [Become a sponsor](http://www.elastic.co/events/sponsor) * [All events](http://www.elastic.co/events/) * [Trademarks](http://www.elastic.co/legal/trademarks) * [Terms of Use](http://www.elastic.co/legal/terms-of-use) * [Privacy](http://www.elastic.co/legal/privacy-statement) * [Sitemap](http://www.elastic.co/sitemap) © 2026. elasticsearch B.V. All Rights Reserved This website and all associated content, software, discussion forums, products, and services are intended for professional use only. No consumer use of this website or its content is intended or directed. Elastic, Elasticsearch, and other related marks are trademarks, logos, or registered trademarks of elasticsearch B.V. in the United States and other countries. Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the [Apache Software Foundation](https://www.apache.org/) in the United States and/or other countries. All other brand names, product names, or trademarks belong to their respective owners. ![Image 41](https://t.co/1/i/adsct?bci=4&dv=UTC%26en-US%26Google%20Inc.%26Linux%20x86_64%26255%26800%26600%268%2624%26800%26600%260%26na&eci=3&event=%7B%7D&event_id=5de25c3f-dbd4-4d96-9d19-b2a40c0485b8&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=5c603310-6252-4993-9a50-814659a632e0&pt=Elastic%E2%80%99s%20new%20Custom%20Threat%20Intelligence%20integration%20%7C%20Elastic%20Blog&tw_document_href=https%3A%2F%2Fwww.elastic.co%2Fblog%2Fcustom-threat-intelligence-integration&tw_iframe_status=0&tw_pid_src=1&twpid=tw.1777676774232.467357533804963013&txn_id=o50k2&type=javascript&version=2.3.53)![Image 42](https://analytics.twitter.com/1/i/adsct?bci=4&dv=UTC%26en-US%26Google%20Inc.%26Linux%20x86_64%26255%26800%26600%268%2624%26800%26600%260%26na&eci=3&event=%7B%7D&event_id=5de25c3f-dbd4-4d96-9d19-b2a40c0485b8&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=5c603310-6252-4993-9a50-814659a632e0&pt=Elastic%E2%80%99s%20new%20Custom%20Threat%20Intelligence%20integration%20%7C%20Elastic%20Blog&tw_document_href=https%3A%2F%2Fwww.elastic.co%2Fblog%2Fcustom-threat-intelligence-integration&tw_iframe_status=0&tw_pid_src=1&twpid=tw.1777676774232.467357533804963013&txn_id=o50k2&type=javascript&version=2.3.53)![Image 43](https://id.rlcdn.com/464526.gif) ![Image 44](https://bat.bing.com/action/0?ti=5425009&tm=gtm002&Ver=2&mid=220fe839-d211-48f4-81b8-ce72bc5ca9d2&bo=1&sid=5a6b393045b211f190b48f2091d0d8cf&vid=5a6b435045b211f18848d511cdc54455&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=800&sh=600&sc=24&tl=Elastic%E2%80%99s%20new%20Custom%20Threat%20Intelligence%20integration%20%7C%20Elastic%20Blog&p=https%3A%2F%2Fwww.elastic.co%2Fblog%2Fcustom-threat-intelligence-integration&r=<=773&evt=pageLoad&sv=2&cdb=AQAQ&rn=25743) ![Image 45](blob:https://www.elastic.co/a5d9790f-21a6-48b2-ba3c-40f01fb7b6af)