Skip to main content
 

This guide helps you connect your Elasticsearch installation with the Expel Workbench.

Step 1: Enable console and API access

  1. Open Kibana and use the User Creation Wizard to to create a user for Expel with a role that grants Read privileges to the Indices that host your security logs. For instructions, see: https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html#security-create-roles

    Elasticsearch_Kibana_IndexPrivileges.png
  2. Make note of the Username and Password for later use.

Step 2: Configure the technology in Workbench

Now that we have all the correct access configured and noted the credentials, we can integrate with Workbench.

  1. In a new browser tab, login to https://workbench.expel.io/settings/security-devices?setupIntegration=generic_elasticsearch.

    Elasticsearch_WB_AddSecDev.png
  2. For Where is your device? select Cloud or On-prem.

  3. Fill in the other fields like this:

    • For Assembler, select your Assembler from the dropdown list. (N/A for Cloud.)

    • For Name and Location, type in a unique name and describe the general physical location of the server.

    • For Username and Password, type in the credentials you created in Step 1.

    • For Server address, copy-paste the Elasticsearch endpoint. Be sure to use the Elasticsearch endpoint and not the Kibana endpoint.

      Elasticsearch_Kibana_ServerAddress.png
    • For Index, type in where the security logs are hosted on the server.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Comments

0 comments

Article is closed for comments.