New in Elastic Security 8.18 and 9.0: Automatic Migration, ES|QL Lookup Join

Elastic Security 8.18 and 9.0 introduce several enhancements aimed at improving efficiency and threat response for security operations teams. Key updates include Automatic Migration for transitioning from legacy SIEMs like Splunk, enhanced AI features, and the introduction of the ES|QL Lookup Join for dynamic data enrichment. The release also expands automated response integrations with Microsoft Defender and CrowdStrike, and introduces host traffic anomaly detection through machine learning. Additionally, Elastic Security now offers agentless data integration support for 15 widely used platforms, facilitating easier data management and reducing operational overhead. These updates aim to streamline detection engineering workflows, enhance endpoint visibility, and support a more seamless migration to modern SIEM solutions.