Collection, aggregation and normalization of related logs from various security sources such as firewalls, DLP, IDS/IPS, anti-virus software, etc. Raising awareness events additional data such as geolocation and external threats, including the falsification of IP-addresses and domain names.
The full functionality of a traditional SIEM is often not implemented in full due to licensing restrictions on the software and/or the use of proprietary hardware. In turn, the Elastic Stack as OpenSource product similar problems (restrictions) is not experiencing and gives the user greater freedom of action.
Elastic Stack allows you to log any security-related data. This gives the opportunity to produce a more complete security analysis.
Traditional SIEM, generally use their own embedded or relational database that imposes restrictions on performance, the amount of processed data and the flexibility of their sample.