elasticsearch▌

Implement User and Entity Behavior Analytics using Elasticsearch/OpenSearch to build behavioral baselines, calculate anomaly scores, perform peer group analysis, and detect insider threat indicators such as data exfiltration, privilege abuse, and unauthorized access patterns.

Authenticate to an Elasticsearch cluster using any supported authentication realm that is already configured. This skill covers all built-in realms, credential verification, and the full API key lifecycle.

Diagnose and resolve common Elasticsearch security issues. This skill provides a structured triage workflow for authentication failures, authorization errors, TLS problems, API key issues, role mapping mismatches, Kibana login failures, and license-expiry lockouts.

Stream-based ingestion and transformation of large data files (NDJSON, CSV, Parquet, Arrow IPC) into Elasticsearch.

Execute ES|QL queries against Elasticsearch.

elasticsearch-best-practices

Enable and configure security audit logging for Elasticsearch via the cluster settings API. Audit logs record security events such as authentication attempts, access grants and denials, role changes, and API key operations — essential for compliance and incident investigation.

Manage Elasticsearch role-based access control: native users, roles, role assignment, and role mappings for external realms.