Request a Demo

Elastic

Elastic makes data usable in real time and at scale for search, logging, security, and analytics use cases.

Specialties

Integrations

Elastic Security

With the Elastic Security integration users are able to utilize Kibana SIEM threat detection features with endpoint prevention and response capabilities. The Elastic Security integration consists of a Playbook and a Service app which will allow customers to interact with the Elastic Security API's alert, case, and detection endpoints. While the service app allows for retrieving detection alerts on a set schedule.

The following actions are available:

  • Get Alert - Retrieve an alert by its alert ID.
  • Update Alert Status - Update an existing alert.
  • Create Detection Rule - Create a new detection rule. Rules run periodically and search for source events or machine learning job anomaly scores that meet their criteria. When a rule’s criteria are met, a detection alert is created.
  • Update Detection Rule - Update an existing detection rule's fields.
  • Delete Detection Rule  - Delete a detection rule.
  • Get Detection Rule - Retrieve a detection rule by its ID.
  • Add Case Comment - Adds a comment to an existing case.
  • Create Case - Create a new case.
  • List Cases - Return a list of all cases

This app can be found in the ThreatConnect App Catalog under the name: Elastic Security

Keep Reading

Built By ThreatConnect

ElasticSearch

With the ElasticSearch integration, you can execute a search query and get back search hits that match the query. While the service app retrieves the executed search query on a set schedule returning hits that match the query. This integration supports Lucene, Query DSL, and EQL languages.

The following actions are available:

  • Query Index

This app can be found in the ThreatConnect App Catalog under the name: Elasticsearch

Keep Reading

Built By ThreatConnect

Looking for an
integration not shown?