By: Udayasimha Theepireddy, Senior Principal Solutions Architect – Elastic
By: Ganesh Ramesh Shenoy, Solutions Architect – AWS
By: Srinivas Pendyala, Senior Partner Solutions Architect – AWS

elastic

As cloud-native architectures grow in complexity, your security analysts and site reliability engineers (SREs) need faster ways to correlate events, investigate incidents, and resolve issues. The manual hand-offs between tools pivoting across consoles, copying data, deciding next steps are where response time goes. That gap widens the moment an attacker or incident moves faster than the analyst watching the screen.

Elastic’s AI-powered features, powered by Amazon Bedrock, close that gap. Instead of stopping at detection, the platform investigates and acts, so your team moves from alert to resolution faster. Analysts reclaim the hours they spent on correlation and triage and redirect them to strategic threat hunting and operational improvements that require human judgment.

In this post, you learn how these capabilities accelerate security and observability workflows through conversational agents, automated workflows, and custom AI agents and how to get started on AWS.

Elastic’s AI-powered features on Amazon Bedrock

Elastic has evolved its AI-powered capabilities from conversational assistance to full workflow automation. What started as Elastic AI Assistant, a conversational interface for querying threat intelligence and analyzing logs, has grown into a comprehensive platform that combines intelligent agents with automated workflows.Today, Elastic’s AI-powered features include three core capabilities:

• Elastic AI Assistant – The conversational AI foundation that helps you query data in natural language, summarize alerts, and receive investigation guidance
• Elastic Workflows – A declarative automation engine that orchestrates multi-step processes across Elasticsearch, Kibana, and external systems like Slack, Jira, and PagerDuty. You define workflows in YAML with triggers, conditional logic, and AI steps that run automatically
• Elastic Agent Builder – A framework for building custom, context-driven AI agents grounded in your data. You define agent instructions, assign tools, and deploy agents that reason across your indices to provide accurate, actionable answers via chat, API, MCP, or A2A

These capabilities work together. Agents can invoke workflows when action is required. Workflows can invoke agents when investigation or reasoning is needed. Amazon Bedrock provides the scalable foundation model layer, delivering managed access to foundation models with security and compliance built in. The default chat experience in Elastic is now powered by Agent Builder, providing an agentic interface for interactive investigation and automation. AI Assistant remains available for features such as knowledge base integration, data anonymization, and chat sharing.

You can choose the foundation model that best fits your needs. Elastic handles authentication, routing, and optimization through the Elastic-managed LLM connector, which by default uses Amazon Bedrock with Claude models. As new models become available on Amazon Bedrock, you can adopt them without disrupting your existing workflows.

Accelerating security operations

With these capabilities, you automate the full lifecycle of security investigation and response. Here is how the capabilities work together in a typical security workflow. When a security alert fires, Elastic Workflows can automatically trigger an investigation. The workflow invokes an AI agent built with Agent Builder that is grounded in your security playbooks and threat intelligence. The agent analyzes the alert context, correlates signals across indices, and surfaces findings. Based on those findings, the workflow continues with structured response actions: creating a case, notifying your team through Slack, enriching the alert with context, or triggering remediation. For interactive investigation, you use Elastic AI Assistant to ask questions in natural language. For example, you can ask: “Show me all failed login attempts from unusual geographic locations in the last 48 hours that correlate with data exfiltration patterns.” The assistant analyzes event patterns and provides recommended next steps.

Key capabilities across security operations:

• Attack discovery – Automatically identifies and prioritizes coordinated threats across your environment, reducing alert noise and surfacing the incidents that matter most
• Automated investigation – Workflows trigger AI agents on alert, enabling immediate triage without waiting for an analyst
• Alert summarization and triage – Generates natural language summaries so you can quickly understand severity and prioritize your response
• Incident response automation – Workflows orchestrate response actions across Jira, Slack, PagerDuty, and internal systems based on AI findings
• Custom security agents – Build agents tailored to your SOC with specific instructions, tools, and security profiles using Agent Builder

This approach shifts your SOC from reactive, manual investigation to automated, AI-driven response. Analysts focus on decisions that require human judgment while automation handles the repetitive correlation and triage work.

Optimizing application performance and observability

As a site reliability engineer, use Elastic’s AI capabilities to diagnose and respond to performance issues across complex microservices architectures. The same agent and workflow patterns apply to observability use cases. When an observability alert fires, a workflow can invoke an AI agent to correlate signals from logs, metrics, and traces. The agent identifies the likely root cause, and the workflow orchestrates next steps: notifying the on-call engineer, creating an incident ticket, or triggering a remediation runbook. For interactive troubleshooting, you ask questions in plain language. For example: “What’s causing the latency spike in our payment service over the last hour?” Elastic AI Assistant pinpoints the root cause and recommends next steps.

Key capabilities across observability:

• Root cause analysis – AI agents correlate application traces, logs, and metrics to identify performance bottlenecks across distributed services
• Automated remediation – Workflows run predefined response actions when specific conditions are met, closing the loop between detection and resolution
• Log analysis and interpretation – Explains error messages and log patterns in natural language, reducing time spent on manual analysis
• Query assistance – Helps you write ES|QL queries for specific observability use cases, accelerating data exploration

The platform analyzes logs, metrics, and traces simultaneously, providing insights that are difficult and time consuming to gather manually. With workflows automating the response path, you can resolve issues before they affect end users.

Solution architecture

The architecture on AWS combines multiple services to deliver a scalable, secure, and high-performing solution. The following diagram shows an end-to-end AI-powered threat detection and automated remediation architecture.

A compromised IAM credential triggers unusual API activity. AWS CloudTrail, VPC Flow Logs, and AWS Security Hub stream these security events into Elastic Cloud on AWS, where they are enriched with threat intelligence and correlated by Attack Discovery – powered by Amazon Bedrock through AWS PrivateLink – to surface a high-confidence threat alert. Elastic AI Assistant helps the security analyst investigate in natural language, while Agent Builder runs deeper automated analysis. Based on the findings, Elastic Workflows automatically revoke credentials, isolate affected resources, and notify the team through Slack, PagerDuty, and Jira – reducing mean time to detect and respond from hours to minutes.

Figure 1 – End-to-end AI-powered threat detection and automated remediation architecture

Core components:

• Elastic Cloud on AWS – Provides the search and analytics foundation with automatic scaling
• Elastic-managed LLM – Connector that by default uses Amazon Bedrock with Claude models, handling authentication and model management automatically
• Amazon Bedrock – Delivers managed access to foundation models with security and compliance
• Elastic Workflows – Automation engine that orchestrates actions across Elastic and external systems
• Elastic Agent Builder – Framework for deploying custom AI agents grounded in your Elasticsearch data

This architecture supports data privacy and security while delivering sub-second response times. You benefit from continuous model improvements and optimizations without manual intervention, reducing time to value.

Organizations using this approach have reduced mean time to respond by up to 99% and cut critical incidents by 95%.

Conclusion

Elastic combines its search expertise with Amazon Bedrock’s foundation models to automate security and observability workflows. With AI Assistant for conversational investigation, Workflows for automated response, and Agent Builder for custom AI agents, you get a complete platform for moving from detection to resolution faster. You can get started today and grow into these capabilities as your needs evolve.

Getting started

Elastic Cloud on AWS is available through AWS Marketplace, offering a path to deployment with integrated billing. With Elastic Cloud on AWS, focus on analyzing data instead of managing infrastructure.

After deployment, enable AI Assistant for conversational investigation, create workflows for automated response, and build custom agents with Agent Builder. The Elastic-managed LLM connector comes pre-configured to use Amazon Bedrock by default, requiring minimal setup.

To learn more, explore Elastic Security and Elastic Observability. To discuss how this solution fits your environment, contact an AWS representative.

Elastic – AWS Partner Spotlight

Elastic is an AWS Advanced Technology Partner with AWS Competencies in Security, Data & Analytics, Financial Services, Government, AI Software, and Education. Elastic participates in the AWS ISV Accelerate Program and the AWS ISV Workload Migration Program. The Elastic Search AI Platform helps everyone find the answers they need in real time, using all their data, at scale. Solutions for search, observability, security, and generative AI are used by thousands of companies, including more than 50% of the Fortune 500.

Contact Elastic | Partner Overview | AWS Marketplace