You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit
Last updated: Mar 20th, 2023

Threat Intelligence Utilities

Prebuilt Threat Intelligence dashboard for Elastic Security

What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The threat intelligence utilities package contains a dashboard that provides a high-level overview of data from all connected TI feeds.

To add the dashboard, click Settings > Install Threat Intelligence Utilities assets.


Enhancement View pull request
Include ti_util in threat_intel category.
Bug fix View pull request
Correcting index-pattern references in dashboard
Enhancement View pull request
Initial draft of the package