Elastic strengthens AI security integration with Microsoft Azure AI Foundry Model Catalog

Elastic partners with Microsoft to provide integration with the Azure AI Foundry Model Catalog. This collaboration significantly enhances the choices available to security analysts, providing access to a diverse array of powerful large language models (LLMs) that are native to the Azure cloud ecosystem. This partnership underscores Elastic's commitment to delivering cutting-edge cyber defenses for Microsoft Azure customers, using their existing cloud infrastructure and investments.
The integration with the Azure AI Foundry Model Catalog is meticulously designed to optimize security operations. It aims to substantially reduce analyst burnout by automating mundane security tasks and providing swift, highly reliable responses for comprehensive threat detection, in-depth investigation, and effective remediation. This empowers security teams to operate with greater efficiency and focus on critical strategic initiatives.
Elevating Elastic AI Assistant and Attack Discovery with leading Azure AI models
A cornerstone of this integration is the significant capabilities of Attack Discovery, Elastic's feature that utilizes generative AI to intelligently triage and prioritize security alerts. By harnessing the advanced LLMs accessible through the Azure AI Foundry Model Catalog, security teams can leverage models specifically recognized for their superior performance in identifying and analyzing attacks.
The Elastic AI Assistant, powered by Azure AI models, directly assists security analysts. It can:
Summarize alerts: Quickly distill complex alert information into concise summaries.
Provide context: Answer natural language questions about alerts, threats, security posture based on your specific environment's data, and any other data provided to the assistant as a knowledge source.
Suggest next steps/recommendations: Guide analysts through investigations and recommend remediation actions.
- Generate ES|QL queries: Generate complex, validated ES|QL queries based on a user's environment context and natural language request.
Model options
Based on detailed performance evaluations for Attack Discovery, the following models available within the Azure AI Foundry Model Catalog offer exceptional capabilities:
GPT-4.1 Series (including GPT-4.1, GPT-4.1-nano, GPT-4.1-mini): These models, also from Azure OpenAI, are rated as Excellent for attack discovery, showcasing strong analytical and problem-solving strengths.
Mistral-Small-3.1-24B-Instruct-2503: From Mistral AI, this model provides Good performance for attack discovery, offering a robust open source option for various security scenarios.
The Azure AI Foundry Model Catalog provides access to a broad spectrum of models from leading providers, such as Microsoft, OpenAI, DeepSeek, Mistral, Meta, xAI, Cohere, Core42, and AI21 Labs. This rich selection ensures that Elastic's Attack Discovery can tap into state-of-the-art AI to analyze and comprehend threats more effectively, leading to timely and precise threat responses and thorough risk mitigation. The automation afforded by this integration dramatically reduces the time spent on manual triage and investigation and presents a clear, interactive visualization of attack sequences with detailed threat summaries.
For more detailed insights into the performance of various large language models in attack discovery, refer to the Elastic large language model performance matrix.
Ongoing security innovation
Elastic is dedicated to continuous innovation in partnership with the Microsoft Azure AI Foundry Model Catalog. We are actively developing and optimizing detection rules specifically tailored for these powerful AI technologies, ensuring the ongoing advancement of Attack Discovery and the Elastic AI Assistant for Security functionalities meet evolving threat landscapes. Dive deeper into how Attack Discovery uses these powerful models to triage hundreds of alerts and take immediate follow-up actions.
Learn why Elastic was recognized as a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025, start your free trial now on Azure, or visit the Azure Marketplace.
The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.
In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.
Elastic, Elasticsearch, and associated marks are trademarks, logos, or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos, or registered trademarks of their respective owners.