This article helps you connect your Elasticsearch installation with the Expel Workbench.
Step 1: Enable console and API access
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
Open Kibana and use the User Creation Wizard to to create a user for Expel with a role that grants Read privileges to the Indices that host your security logs. For instructions, see: https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html#security-create-roles
-
Make note of the Username and Password for later use.
Step 2: Configure the technology in Workbench
-
In a new browser tab, login to https://workbench.expel.io/settings/security-devices?setupIntegration=generic_elasticsearch.
-
For Where is your device? select Cloud or On-prem.
-
Fill in the other fields like this:
-
For Assembler, select your Assembler from the list. (On-prem only.)
-
For Name and Location, type in a unique name and describe the general physical location of the server.
-
For Username and Password, type in the credentials you created in Step 1.
-
For Server address, copy/paste the Elasticsearch endpoint. Be sure to use the Elasticsearch endpoint and not the Kibana endpoint.
-
For Index, type in where the security logs are hosted on the server.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
Comments
0 comments
Article is closed for comments.