Elastic Security: Announcing Agentic Query validation, Attack Discovery persistence, and automated scheduling and actions

Elastic Security continues our mission to make security operations smarter, safer, and more efficient with the power of AI. The latest updates to Attack Discovery and Elastic AI Assistant deliver better reliability, increased automation, and a more seamless investigation experience for every analyst.

Elastic Security 8.19 and 9.1 is available now on Elastic Cloud, our managed Elasticsearch offering, serverless, and as part of the self-managed Elastic Stack. With these updates, customers can accelerate detection, reduce manual effort, and gain deeper insight into their security data.

When it comes to query building, even a small error can throw a wrench into an investigation, or worse, produce results you can’t trust. That’s why the latest update to our AI Assistant includes an agentic validation workflow for Elasticsearch Query Language (ES|QL) queries.

Now, every query generated by the AI Assistant goes through a built-in checkpoint. If it spots a syntax issue or realizes a query just won’t work against your data, it goes back and corrects itself. By the time you see a suggested query, it’s already been checked and fine-tuned for your cluster.

What does this mean for you? Less time spent troubleshooting; less risk of something breaking mid-investigation; and more room for analysts to focus on what matters. You get functional queries every time without memorizing every detail of the language or spending hours going over related documents.

Security never clocks out, and neither do your questions about what’s happening now or who should handle it. With this release, the AI Assistant takes a leap forward — it’s now fully time aware.

What does that mean in practice? You can add your team’s on-call rotation to the knowledge base, and you can instantly ask, “Who’s on call right now?” or “Who’s covering next weekend?” and get an up-to-date answer every time.

No more digging through spreadsheets, Slack threads, or old emails. Whether it’s assigning incidents, escalating an alert, or just figuring out who to ping, the AI Assistant is ready with the right name right when you need it.

This update transforms the AI Assistant into a real-time teammate, cutting out the back-and-forth and letting your experts focus on solving problems instead of searching for schedules.

Investigations rarely happen all at once. Analysts need to pause, pivot, or hand things off; having your findings stay with you, even when you need to rerun a scan, keeps the investigation moving forward. That’s why Attack Discovery now keeps your findings around for as long as you need them. Historical results are saved, organized, and ready to revisit whether you’re running a new scan, reviewing older threats, or piecing together long-term patterns. Updated filtering and navigation tools help you home in on exactly what you’re looking for no matter how deep your timeline goes.

And if you need to loop in a colleague, sharing is built right in. Team members can see, sort, and analyze the same data, removing barriers and making collaboration feel natural, not forced.

Manual scans don’t scale, especially when threats don’t wait for business hours. With the new scheduling and automated actions for Attack Discovery, you set the rules and let the system handle the rest.

With Attack Discovery, you get to decide how often scans should run, tailor schedules for your team, and trigger real responses the instant something is found. The routine work moves to the background and frees up your experts to do what they do best: investigate, solve problems, and respond to what matters most.

This isn’t just about efficiency. It’s also about turning your security workflows into a true safety net — one that’s always watching, always ready, and always moving at the speed your organization needs.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. 

Elastic, Elasticsearch, and associated marks are trademarks, logos, or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.