Activate and configure the Elasticsearch - Incident Enrichment integration The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including Elasticsearch - Incident Enrichment integration. Before you beginRole required: adminNote: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method. Procedure Access Elasticsearch and obtain the API Base URL under your Elasticsearch profile. Navigate to Security Operations > Integrations > Integration Configurations. The available security integrations appear as a series of cards. In the Elasticsearch - Incident Enrichment card, click Install Plugin. In the Install Elasticsearch integration dialog box, review the plugin details and click Activate. When the activation is complete, click Close & Reload Form. The Security Integration screen reloads and the Configure button for the integration is available. Click Configure. Enter the Elasticsearch API Base URL you acquired from the Elasticsearch site. [Optional] Enter the Link URL - links to a Kibana instance, when available. Enter your Username Enter your Password Enter the Max Rows - the maximum number of rows you want to search. Enter the Earliest Result (days) - the earliest results you want to see in number of days. Click Submit. Related ConceptsElasticsearch - Incident Enrichment integration setupRelated ReferenceComponents installed with the Elasticsearch - Incident Enrichment integration
Activate and configure the Elasticsearch - Incident Enrichment integration The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including Elasticsearch - Incident Enrichment integration. Before you beginRole required: adminNote: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method. Procedure Access Elasticsearch and obtain the API Base URL under your Elasticsearch profile. Navigate to Security Operations > Integrations > Integration Configurations. The available security integrations appear as a series of cards. In the Elasticsearch - Incident Enrichment card, click Install Plugin. In the Install Elasticsearch integration dialog box, review the plugin details and click Activate. When the activation is complete, click Close & Reload Form. The Security Integration screen reloads and the Configure button for the integration is available. Click Configure. Enter the Elasticsearch API Base URL you acquired from the Elasticsearch site. [Optional] Enter the Link URL - links to a Kibana instance, when available. Enter your Username Enter your Password Enter the Max Rows - the maximum number of rows you want to search. Enter the Earliest Result (days) - the earliest results you want to see in number of days. Click Submit. Related ConceptsElasticsearch - Incident Enrichment integration setupRelated ReferenceComponents installed with the Elasticsearch - Incident Enrichment integration
