Skip to main content

Elastic Cloud

Elastic Cloud

Description

Elastic Cloud is an ElasticSearch service accessible in the Cloud.

Configuration

The Elastic Cloud is able to retrieve logs from the Logstash (enabled in every simulation). No configuration of the SIEM itself is needed on the Mantis' side.

How to enable

You need both:

  • a Cloud ID of Elastic cloud and
  • an API key of Elastic cloud.

Usage

As explained, you need to provide a Cloud ID and an API key. First, log in your Elastic Cloud account. Navigate to your My deployments tab. Here you can see your Cloud ID.

However, for the API key, you need to generate one with the corrects rights. You can choose to generate it directly from the web page (see the next picture) or from the dev tools.

The rights for the API key have to be the next ones:

POST /_security/api_key
{
"name": "logstash-api-key",
"role_descriptors": {
    "logstash_writer": {
    "cluster": ["monitor"],
    "index": [
        {
        "names": ["*"],
        "privileges": ["auto_configure", "write"]
        }
    ]
    }
},
"metadata": {
    "app": "logstash"
    }
}

You are now ready to start the simulation. You can then observe your logs by clicking on the Observability tab in Elastic Cloud.

Last update:
Contributors: Frédéric Guihery
Copyright © 2024 AMOSSYS