MDR partner · Elastic Security

MDR on Elastic Security: open SIEM/XDR with custom ESQL detection.

The Fortgale European SOC 24·7·365 on the Kibana console. Custom ESQL/EQL detection rules on European TTPs, ~11 min median containment, response via Elastic Defend and integrations.

Request the Report How it works
~11 minMedian containment
24·7·365European SOC
Open dataESQL · EQL · KQL
Fortgale × Elastic
MDR · live
Elastic sensor activeEndpoint · cloud · identity telemetry
Elastic
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
Multi-domain AI tier-zeroNoise reduced by 94%
Fortgale
Native Elastic responseMedian host isolation ~8 s
Live
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live — Elastic + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Elastic Security
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Elastic

The open SIEM/XDR platform, governed with proprietary CTI.

Elastic Security is the most flexible open SIEM/XDR on the market: data-first model, native multi-petabyte search, no EPS limits. Fortgale operates it with European analysts who develop custom ESQL detection rules on European TTPs.

01 ·

Elastic SIEM/XDR · open data

SIEM + XDR + Endpoint + Cloud Security in single platform. ESQL, EQL, KQL for any detection. Resource-based pricing, no EPS limits. Open ML detection jobs.

02 ·

European SOC 24·7·365

L2/L3 analysts develop custom ESQL/EQL rules tuned on European TTPs. Triage <15 min on Elastic alerts. Threat hunting on the open data lake using proprietary CTI.

03 ·

Native response + IR

Containment via Elastic Defend (host isolation, process kill) + integrations (firewall, AD, EDR third-party). Direct escalation to Fortgale IR. Full NIS2 national CSIRT notification support.

How it works · architecture

Four blocks, one MDR cycle on Elastic.

From Elastic Agent ingestion to Defend response — all governed by Fortgale with European analysts and proprietary CTI on European markets.

01 ·
01 · Ingestion

Elastic Agent + Fleet active

Elastic Cloud or on-prem cluster with Elastic Agent + Fleet on endpoints, cloud, third-party integrations. Open data lake, no ingestion limits.

02 ·
02 · Tier-zero

Custom ESQL detection + ML

Pre-built rules + custom ESQL/EQL rules tuned by Fortgale on European actor TTPs. ML jobs for behavioural anomalies. False positives reduced by 94%.

03 ·
03 · Analysts

Our L2/L3 on Kibana

European SOC specialised on Elastic. Triage on alerts, hunting via Elastic Search/ESQL, attribution to actor. Decisions in your business language.

04 ·
04 · Response

Defend + cross-tool

Containment via Elastic Defend (host isolation, process kill) + cross-tool playbooks. Direct escalation to Fortgale IR for critical incidents.

Proof · service metrics

Four numbers that hold MDR on Elastic up.

Metrics measured on real customer telemetry — Q1 2026, updated quarterly.

~11 min
Median containment
from confirmed Elastic alert
94 %
Noise reduced
by ESQL + ML detection
Open
Data lake ownership
no ingestion limits
12 days
Full onboarding
Elastic Security + Fleet
What the service includes

MDR on Elastic, in detail.

Every component designed to leverage Elastic Security flexibility with European SOC governance and proprietary CTI.

01

Managed Elastic Security

Elastic Cloud or on-prem licensing (or existing instance). Cluster, Fleet, integrations, detection rules managed by Fortgale. Continuous tuning.

02

Custom ESQL/EQL detection

Custom ESQL/EQL rules MITRE ATT&CK-mapped, tuned on European actor TTPs. ML jobs for behavioural anomalies. New rules deployed monthly.

03

Proprietary CTI in Elastic

34,000+ IoCs per week from Fortgale OpenCTI auto-imported into Elastic Threat Intelligence. Indicator match rules for native detection.

04

Elastic Defend response

Containment via Elastic Defend: host isolation, process kill, ransomware behavior protection. Cross-tool playbooks for AD lockout, firewall block, third-party EDR.

05

Reporting & governance

Executive reports with MTTD, MTTR, alert volume, risk trend. Custom Kibana dashboards. NIS2/ISO 27001/GDPR audit documentation.

06

Threat hunting on Elastic

Monthly hunting on the Elastic data lake using proprietary CTI + Sigma rules. Focus on silent lateral movement, persistence, data staging not covered by automatic detections.

For whom · two angles

Same MDR on Elastic, two angles.

The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.

For the CISO

A named runbook per actor, on the Elastic stack.

Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Elastic Security telemetry.

  • Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
  • Elastic runbookLive MITRE-mapped playbooks, executable on the Elastic Security console.
  • Board-ready reportingRisk · impact · decision. No slideware technology.
Request the threat briefing →
For the IT lead

Zero translator handover. European analysts on your Elastic console.

When the Elastic alert is real, decision time is containment time. Our L2/L3 analysts know the Elastic Security console and have a mandate to decide.

  • Median containment ~11 minFrom confirmed alert to remediation in production.
  • Native Elastic responseProcess kill, host isolation, network containment via Elastic Security API.
  • End-to-end integrationElastic telemetry ingested into our multi-domain data fabric.
See a real runbook →
FAQ · frequently asked

Everything to know before talking to our analysts.

What is the MDR service on Elastic Security?

Combines Elastic Security (SIEM + XDR + Endpoint) with the Fortgale European SOC 24·7·365. L2/L3 analysts monitor the Kibana console, develop custom ESQL/EQL detection rules, apply MITRE-mapped runbooks and trigger response via Elastic Defend and integrations.

What advantages does Elastic offer over traditional SIEMs?

Elastic has a data-first model: no ingestion limits (resource-based pricing, not EPS), native multi-petabyte search, ability to develop detection rules in ESQL/EQL/KQL on any schema. Ideal for those who want flexibility and ownership of the security data lake.

Do I need to already have Elastic?

No. Fortgale handles the full cycle: Elastic Cloud or on-prem licensing, cluster deployment, Fleet integrations, detection rules development, tuning. Available both on existing instance or as part of the service.

Is the service NIS2-compliant?

Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications. Elastic's configurable retention supports NIS2 log retention requirements.

Does Elastic also cover endpoint and cloud?

Yes. Elastic Security includes: SIEM (log correlation), XDR (cross-domain analytics), Endpoint Security (Elastic Defend agent), Cloud Security Posture, Container Workload Protection. The Fortgale MDR service covers all these domains.

Talk to the outpost

One meeting. One NDA. One real runbook on Elastic.

We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Elastic Security console.

Tempo di risposta: < 1 giorno lavorativo.

Questo sito è protetto da reCAPTCHA e si applicano la Privacy Policy e i Termini di servizio di Google.