Elastic’s new Custom Threat Intelligence integration — ingest STIX 2.1 into ECS

AI Impact Summary

Elastic has released a new Custom Threat Intelligence integration designed to streamline the ingestion of STIX 2.1 threat data into the Elastic Search AI Platform. This integration converts STIX indicators into Elastic Common Schema (ECS) format, enabling unified analysis and detection workflows by consolidating threat intelligence from diverse sources like STIX-compliant APIs, TAXII 2.1 servers, and even log files. The integration leverages Common Expression Language (CEL) programs for flexible API communication and data processing, offering customization options for unique STIX indicators and formats.