Hello people of the forum! I’m trying to find a definitive answer to usage of the Elastic SIEM. From what I’m reading, OD uses the open source license. A basic license from Elastic appears to be required for SIEM feature usage, however, when you go to the Kibana start page you are presented with the intro page which specifically calls out the SIEM features on the upper right. After much googling and searching in the forum, there isn’t a lot of info on the SIEM features but I would think if it didn’t work in OD it wouldn’t be shown.
The questions :
Can someone please clarify for me if the SIEM feature set works? I’ve just upgraded to OD 1.6.0 in a self hosted Docker setup.
Is there an official feature matrix that compares and contrasts OD vs Elastic direct?