THREATOPS
THREAT OPSThreat News › From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Security

From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Security

lowelastic_securityPublished 2026-05-04

<p>Elastic Security now includes AI-powered detection rule creation, built into the rule creation workflow. Analysts describe a threat behavior in plain English and receive a complete, validated Elasticsearch Query Language (ES|QL) rule in return, with MITRE ATT&amp;CK mappings, severity recommendations, and a preview against live data, all without leaving the platform or writing a single line of

Attributed threat actors

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.elastic.co/security-labs/ai-esql-detection-rule-creation