Elastic Workflows brings native automation directly into Elastic Security with no separate SOAR tool required

Elastic (NYSE: ESTC), the Search AI Company, announced that Elastic Workflows, a native automation capability with direct access to alerts, cases, and investigation data, is now built directly into Elastic Security. By bringing native automation to the agentic security operations platform that already includes unified SIEM and XDR, Elastic is eliminating the “SOAR automation tax” by removing the need for a separate SOAR to turn insights into action.

Traditionally, security teams have relied on a standalone SOAR to automate investigation and response. This adds complexity, requiring extra vendors, integrations, and ongoing maintenance. In a security landscape where adversaries are using AI to execute attacks in minutes, organizations can no longer rely on a response workflow stitched together across several vendors. Elastic Workflows embeds automation directly within Elastic Security, giving teams the ability to act on alerts and security data quickly, all without the need for additional tools or extra add-ons.

"Using Workflows enabled our SOC to spend so much more time on the things that matter. On a daily basis, we ran through 500 alerts, spending 3 hours creating cases and enriching them manually. Using Workflows, this is all done automatically, saving up to 2.5 hours a day." – SOC leader, European government agency.

“If you’re not using AI to fight AI, you’re already behind, and if you’re still relying on separate SOAR tools, you’re even further,” said Mike Nichols, general manager, Security at Elastic. “Elastic Workflows brings AI-driven automation directly to where data lives with no extra tools or integration overhead.”

Elastic Workflows allows analysts to execute scripted playbooks for consistent, repeatable responses alongside AI agents that reason through complex investigations. A single Workflow combines scripted automation with AI reasoning, helping teams respond effectively when an investigation doesn’t match a known pattern.

Built on the proven Elasticsearch Platform

Workflows gets its agentic capabilities through integration with Agent Builder, a native feature of Elasticsearch designed for building custom AI agents. Because Elastic Security is built on the Elasticsearch data and AI platform, agents reason with superior context, delivering more accurate results.

Availability

Elastic Workflows is available in tech preview, with general availability coming soon. Get started with an Elastic Cloud trial.

Additional Materials

• Elastic blog: Native automation with Elastic Workflows - No SOAR required

About Elastic

Elastic (NYSE: ESTC), the Search AI Company, integrates its deep expertise in search technology with artificial intelligence to help everyone transform all of their data into answers, actions, and outcomes. Elastic's Search AI Platform — the foundation for its search, observability, and security solutions — is used by thousands of companies, including more than 50% of the Fortune 500. Learn more at elastic.co.

Elastic and associated marks are trademarks or registered trademarks of elasticsearch B.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260323722876/en/