SIEM Integration
Elasticsearch
To set up Real-Time notifications with an Elasticsearch instance, select Elasticsearch Notification driver on the dropdown box and click on the add button.
Fields marked with * are mandatory
Configure the following parameters according to your elasticsearch set up:
- Title: Name of this integration
- Uri: Network endpoint of your elasticsearch instance (must be publicly available)
- Accept All Certificates: turn-on to allow self-signed certificates
- Username/Password: client authorization to the elastic search instance
- Request Timeout (milliseconds): maximum amount of time waiting for the request to be completed
- Max. Number of Retries: number of times the service attempts to deliver the Real-Time Notification once the first attempt fails
- Elasticsearch Index: name of the elasticsearch index where your notifications will be grouped
- Elasticsearch Type: name of the elasticsearch type
When you are done, click on the create button to validate and store the configured elasticsearch integration.
At any time, you can make changes or remove the elasticsearch integrations.
Webhook
To set up Real-Time notifications with a Webhook, select Webhook Notification driver on the dropdown box and click on the add button.
Fields marked with * are mandatory
Configure the following parameters according to your SIEM (should be capable of receiving http(s) requests):
- Title: Name of this integration
- Endpoint to send a POST Request: Network endpoint of your http(s) server instance (must be publicly available)
- Basic Authentication Username/Password: client authorization to the http(s) server
- Support Self Signed Certificates: turn-on to allow self-signed certificates
- Max. Number of Retries: number of times the service attempts to deliver the Real-Time Notification once the first attempt fails
When you are done, click on the create button to validate and store the configured webhook integration.
At any time, you can make changes or remove the webhook integrations.