ES|QL for security use cases

Elastic Stack Serverless

Use the following resources to learn about using the Elasticsearch Query Language (ES|QL) for cybersecurity use cases.

Tutorials

Threat hunting with ES|QL: Learn how to use ES|QL to hunt for threats in your data.

Documentation

Learn how to:

Generate and understand ES|QL queries using the AI Assistant
Investigate events in Timeline using ES|QL
Create detection rules using ES|QL
Convert Splunk SPL rules to ES|QL with Automatic Migration