Login
Contents x
Elastic Security
  • 01 May 2023
  • 1 Minute to read
  • Dark
    Light
Contents

Elastic Security

  • Updated on 01 May 2023
  • 1 Minute to read
  • Dark
    Light
Article Summary

Elastic Security is a security solution offered by Elastic NV and designedto provide advanced threat detection, investigation, and response capabilities. It's built on top of the Elastic stack, including Elasticsearch, Logstash, and Kibana.

Create an Elastic Security trigger integration in Torq

Perform the following steps in Torq.

  1. Go to Integrations > Triggers, search for the Elastic Security card, and click Add.
  2. Give the integration a meaningful name.
  3. Copy the authentication header secret and save it. You'll need it to create a Torq connector in Kibana.
    Create an Elastic Security trigger integration
  4. Click Add.
  5. Copy the integration endpoint to use in Kibana.

Create a Torq connector in Kibana

Perform the following steps in Kibana.

  1. Go to Stack Management > Connectors.
  2. Select Create connector.
    Create a connector in Elastic
  3. Locate and select the Torq connector.
  4. Configure the Torq connector:
    • Give the connector a meaningful name.
    • Provide the secret you copied in the previous section as the Torq integration token.
    • Provide the integration endpoint you copied in the previous section as the Torq endpoint URL.
      Create a Torq connector
  5. Click Save & test.
  6. In the Create an action section, enter a valid JSON for the connector to send to Torq.
    Test the Torq connector
  7. In the Run and test section, click Run.
  8. Check the Last Event column on the Elastic Security integrations page to verify that the integration you created got an event.
    Elastic Security trigger integration event

Use Elastic Security to trigger a workflow in Torq

  1. Use the Torq connector as an action in Elastic Security rules. 
  2. Modify the action body according to your needs.
  3. Create a workflow in Torq and set the Elastic Security integration you created as the trigger.
  4. When the rule criteria are met, the action body will be sent to Torq, and the workflow you created will be triggered.
    Trigger a Torq workflow when the rule criteria is met

Create a steps Elastic Security integration in Torq

Perform the following steps in Torq.

  1. Go to Integrations > Steps, search for the Elastic Security card, and click Add.
    Create an Elastic Security steps integration
  2. Enter your Kibana account username and password. 
  3. Log in to Kibana and copy the host and port from your browser address. If the port isn't specified, use the default port. For example localhost:5601
    Kibana host and port

Available steps

These are the public steps for Elastic Security. Don't see the step you need? No problem; you can easily create a custom step.

  • Add a comment to a case
  • Create a case
  • Delete a case
  • Delete a comment
  • Delete all case comments
  • Delete multiple cases
  • Find cases
  • Get a comment
  • Get case information
  • Get case user activity
  • Update a case
  • Update a comment
Was this article helpful?
What's Next
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout