You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

Security billing dimensions

Learn about how Security usage affects pricing.

Elastic Security serverless projects provide you with all the capabilities of Elastic Security to perform SIEM, security analytics, endpoint security, and cloud security workflows. Projects are provided using a Software as a Service (SaaS) model, and pricing is entirely consumption based. Security Analytics/SIEM is available in two tiers of carefully selected features to enable common security operations:

  • Security Analytics Essentials — Includes everything you need to operationalize traditional SIEM in most organizations.
  • Security Analytics Complete — Adds advanced security analytics and AI-driven features that many organizations will require when upgrading or replacing legacy SIEM systems.

Your monthly bill is based on the capabilities you use. When you use Security Analytics/SIEM, your bill is calculated based on data volume, which has these components:

  • Ingest — Measured by the number of GB of log/event/info data that you send to your Security project over the course of a month.
  • Retention — Measured by the total amount of ingested data stored in your Security project.

Endpoint Protection

Endpoint Protection is an optional add-on to Security Analytics that provides on-endpoint protection and prevention. Endpoint Protection is available in two tiers of selected features to enable common endpoint security operations:

  • Endpoint Protection Essentials — Includes robust protection against malware, ransomware, and other malicious behaviors.
  • Endpoint Protection Complete — Adds endpoint response actions and advanced policy management.

You pay based on the number of protected endpoints you configure with the Elastic Defend integration. Note that logs, events, and alerts ingested into your Security project from endpoints running Elastic Defend are billed using the Ingest and Retention pricing described above.

Cloud Protection

Cloud Protection is an optional add-on to Security Analytics that provides value-added protection capabilities for cloud assets. Cloud Protection is available in two tiers of carefully selected features to enable common cloud security operations:

  • Cloud Protection Essentials — Protects your cloud workloads, continuously tracks posture of your cloud assets, and helps you manage risks by detecting configuration issues per CIS benchmarks.
  • Cloud Protection Complete — Adds response capabilities and configuration drift prevention for Cloud Workloads.

You pay based on the number of protected cloud workload and other cloud assets you configure for use with Elastic Cloud Security. Note that logs, events, alerts, and configuration data ingested into your security project are billed using the Ingest and Retention pricing described above.

For detailed Elastic Security serverless project rates, check Elastic Cloud pricing table.

On this page