Elastic Security
- 01 May 2023
- 1 Minute to read
- DarkLight
Elastic Security
- Updated on 01 May 2023
- 1 Minute to read
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Elastic Security is a security solution offered by Elastic NV and designedto provide advanced threat detection, investigation, and response capabilities. It's built on top of the Elastic stack, including Elasticsearch, Logstash, and Kibana.
Create an Elastic Security trigger integration in Torq
Perform the following steps in Torq.
- Go to Integrations > Triggers, search for the Elastic Security card, and click Add.
- Give the integration a meaningful name.
- Copy the authentication header secret and save it. You'll need it to create a Torq connector in Kibana.
- Click Add.
- Copy the integration endpoint to use in Kibana.
Create a Torq connector in Kibana
Perform the following steps in Kibana.
- Go to Stack Management > Connectors.
- Select Create connector.
- Locate and select the Torq connector.
- Configure the Torq connector:
- Give the connector a meaningful name.
- Provide the secret you copied in the previous section as the Torq integration token.
- Provide the integration endpoint you copied in the previous section as the Torq endpoint URL.
- Click Save & test.
- In the Create an action section, enter a valid JSON for the connector to send to Torq.
- In the Run and test section, click Run.
- Check the Last Event column on the Elastic Security integrations page to verify that the integration you created got an event.
Use Elastic Security to trigger a workflow in Torq
- Use the Torq connector as an action in Elastic Security rules.
- Modify the action body according to your needs.
- Create a workflow in Torq and set the Elastic Security integration you created as the trigger.
- When the rule criteria are met, the action body will be sent to Torq, and the workflow you created will be triggered.
Create a steps Elastic Security integration in Torq
Perform the following steps in Torq.
- Go to Integrations > Steps, search for the Elastic Security card, and click Add.
- Enter your Kibana account username and password.
- Log in to Kibana and copy the host and port from your browser address. If the port isn't specified, use the default port. For example localhost:5601
Available steps
These are the public steps for Elastic Security. Don't see the step you need? No problem; you can easily create a custom step.
- Add a comment to a case
- Create a case
- Delete a case
- Delete a comment
- Delete all case comments
- Delete multiple cases
- Find cases
- Get a comment
- Get case information
- Get case user activity
- Update a case
- Update a comment
Was this article helpful?