You're designing your Elastic Security deployment architecture. You've got multiple domains, security zones, or network segments. The customers architect's logical thought process goes something like this: "We don't want agents from Domain A directly connecting to our Elasticsearch cluster. Let's put Fleet servers in each domain, combine them with Logstash for event forwarding, and create a nice segmented architecture." On paper, this looks clean. Agents stay in their domains

Use the Azure REST API to consume Sentinel alerts and incidents and send them to Elastic

Your organization has deployed EDR across all endpoints. Maybe you've even upgraded to XDR, correlating signals across endpoints, network, and cloud. Your coverage looks good. Your dashboards show green. You've got behavioral analytics, machine learning, automated response capabilities—the works. So you're secure, right? Not quite. Don't get us wrong: EDR/XDR is absolutely essential. If you don't have robust endpoint protection in modern threat landscape, you're already behin