Use the Elasticsearch API to ingest seedata.io alerts

Elasticsearch is a distributed search and analytics engine at the heart of the Elastic Stack.

Developers and communities leverage Elasticsearch for a wide range of use cases, from application search and website search, to logging, infrastructure monitoring, APM, and security analytics.

Adding our Elasticsearch integration will enable us to send alerts for any events against your seeds into your Elasticsearch tenant (cloud or on-prem) and have them ingested as a document. You can them search these and enable further processing by rules and analysis playbooks.

Step 1 - Get your Elastic Endpoint

This is the destination that your Elasticsearch API is listening on. You will need this later within the seedata.io form that configures your new integration.

  1. Go to the Kibana web interface configured for your Elasticsearch instance

  2. In the top right hand corner click the link for Endpoints & API keys

  3. Copy the URL to a temporary store.

Step 2 - Get an API key

You may choose to use an existing API key, or create a new one specifically for seedata.io to use.

  1. Go to Endpoints & API keys link in the top right previously used

  2. Click on the New API key button

  3. Provide a name for your new API key

  4. Set Expires = Never (or whatever your security policy requires)

  5. Click Create API key

  6. Copy the new key to a temporary store

Step 3 - Get your Index name

If you don't already have one, you'll need to create an index to receive seedata.io alerts on (you can skip this first step if you already have an index you want to use).

  1. Go to Elasticsearch / Indices and click Create a new index.

  2. Give it a name, and click Create index.

  3. Copy this index name, as you will use it in a later step.

Step 4 - Configure your integration on seedata.io

Log into your seedata.io tenant, and take the following steps to add a new Elasticsearch integration

  1. Go to Integrations from the menubar

  2. Find the Elasticsearch tile and click Install

  3. Complete the form providing the information requested

    • Name and Description simply allow you identify this specific integration amongst other similar integrations

    • Opt-in for baseline events if you wish to receive alerts for events that are considered trusted

    • Copy over the information from your Elasticsearch instance as requested. When copying your API key, only select the encoded value, inside the quotes

  4. Configure any changes required to the payload of the document to be ingested. You may already have a specific schema you wish our alerts to align to, or additional values you wish to pass. This field must contain valid JSON before the integration can be created.

  5. Click Submit

Last updated