diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py
index 119871420..c7b0f5219 100644
--- a/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py
+++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_tests/data_endpoints.py
@@ -12,6 +12,7 @@ def test_open_data_endpoints(telemetry_json):
     services = telemetry_json["data"]["machine"]["services"]
     current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json['monkey_guid'])
     found_http_server_status = STATUS_POSITIVE
+    found_elastic_search_server = STATUS_POSITIVE
 
     events = [
         Event.create_event(
@@ -41,6 +42,17 @@ def test_open_data_endpoints(telemetry_json):
                 ),
                 event_type=EVENT_TYPE_ISLAND
             ))
+        if service_name in 'elastic-search-9200':
+            found_elastic_search_server = STATUS_CONCLUSIVE
+            events.append(Event.create_event(
+                title="Scan telemetry analysis",
+                message="Service {} on {} recognized as an open data endpoint! Service details: {}".format(
+                    service_data["display_name"],
+                    telemetry_json["data"]["machine"]["ip_addr"],
+                    json.dumps(service_data)
+                ),
+                event_type=EVENT_TYPE_ISLAND
+            ))
 
     Finding.save_finding(
         test=TEST_DATA_ENDPOINT_HTTP,
@@ -48,6 +60,12 @@ def test_open_data_endpoints(telemetry_json):
         events=events
     )
 
+    Finding.save_finding(
+        test=TEST_DATA_ENDPOINT_ELASTIC,
+        status=found_elastic_search_server,
+        events=events
+    )
+
     Finding.save_finding(
         test=TEST_MALICIOUS_ACTIVITY_TIMELINE,
         status=STATUS_INCONCLUSIVE,