Description
If you're using Elasticsearch, you have the option to integrate that with ConcealBrowse. This allows metrics and data collected by Conceal can be seamlessly transferred into Elasticsearch. This article will guide you through setting getting Elasticsearch prepped for integration.
Procedure
Create an Index in Elasticsearch:
- In your web browser, navigate and login to your Elasticsearch.
- Open the hamburger menu on the top left and choose Integrations
- On the Integrations page, type “API” into the search bar. Select option labeled API - Add search to your application with Elasticsearch’s robust APIs.
- On the New search index page, make sure “Use the API” option is selected on the lefthand side.
- In the Index Name field type your desired index name.
- Click Create Index.
Copy your URL (You will need this for your ConcealBrowse integration)
- On your newly created Index, copy the URL that follows the text "curl -X POST", this is highlighted in the image below
- Save this URL as you will need this in order to integrate with ConcealBrowse.
Create an API Key for your newly created Index:
- In the same Indices section, select the button labeled Manage API Keys -> Create a new API key
- Name your API Key and then click Generate API Key.
- Copy and/or download the API Key immediately – you will need this in order to integrate with ConcealBrowse.
ConcealBrowse configuration
- In your browser login to the Conceal dashboard at https://dashboard.conceal.io and go to the Integrations section.
- Select the SIEM / SOAR tab and locate the Elasticsearch tile and click Configure
-
You should have retrieved your URL when setting up your Index in Elasticsearch, please locate that saved URL.
- Copy this URL beginning with either http:// or https:// and you will only need to copy URL up until the port number
- An example Host URL would look like: https://ea85930285869403.us-central.les.cloud.us.io:443 - Paste this URL into the ElasticSearch Host URL in your dashboard.
Elasticsearch Index
- You should have retrieved your ElasticSearch Index when setting up your Index in Elasticsearch, locate and paste this into the ElasticSearch Index field in your dashboard.
Example Index: browse-conceal-demo
Elasticsearch API Key
-
You should have retrieved your API Key when setting up your Index in Elasticsearch, please locate that saved API Key. Paste this URL into the ElasticSearch API Key in your dashboard.
- Check the checkbox labeled Enabled
- Click Save Settings. You may have to scroll down to get the Save Settings button to show.
Reading data in Elasticsearch
- In Elasticsearch, open the hamburger menu on the left and choose Discover.
- Click under the hamburger menu on the button (label may vary) with a dropdown arrow
- Click the option Create Data View
- In the Name field type your desired data view name
- In the Index Pattern field enter an Index Pattern that matches one or more of the data sources listed on the right.
- Optional – Advanced Settings can be configured here – this is not required for Conceal setup.
- Click Save data view to Kibana
If you run into issues, your firewall could be blocking certain IP addresses needed to send the data. Whitelist the following IP addresses if necessary:
18.214.63.36, 44.214.127.25, 44.209.215.8, 3.233.223.50, 34.232.55.106, 52.86.27.48, 3.216.48.116
*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.
Was this article helpful?
Articles in this section
- Setting up Alerts through ConcealBrowse
- ConcealBrowse & Crowdstrike Solutions Brief
- Integrating SentinelOne Singularity Data Lake with ConcealBrowse
- Fortinet FortiGate integration with ConcealBrowse
- Integrating Wazuh with ConcealBrowse
- Integrating Syslog with ConcealBrowse
- Integrating Azure Sentinel with ConcealBrowse
- Integrating Devo with ConcealBrowse
- AlienVault integration with ConcealBrowse
- Enabling SIEM integrations through Webhooks