System Integrations
Cyber Incident Monitoring Integration Procedure
Go to > Cyber Incident Monitoring
Microsoft 365
Microsoft Office 365 integration currently supports user, admin, system, and policy actions...
GitHub
Introduction The GitHub integration collects events from the GitHub API. https://docs.g...
Add Windows Integrations
Introduction The Windows integration allows you to monitor the Windows OS, services, applicatio...
Sysmon for Linux
Introduction The Sysmon for Linux integration allows you to monitor the Sysmon for Linux, which...
1 Password Integrations
Introduction With 1Password Business, you can send your account activity to your security infor...
Atlassian Bitbucket Integrations
Introduction The Bitbucket integration collects audit logs from the audit log files or the audi...
AWS Cloudtrails Integrations
Introduction The AWS CloudTrail integration allows you to monitor AWS CloudTrail Reference: h...
AWS GuardDuty Integrations
Introduction The Amazon GuardDuty integration collects and parses data from Amazon GuardDuty Fi...
AWS Security Hub Integrations
Introduction The AWS Security Hub integration collects and parses data from AWS Security Hub RE...
AWS Integrations
Introduction This document shows information related to AWS Integration. The AWS integration...
CISCO Meraki Integrations
Introduction Cisco Meraki offers a centralized cloud management platform for all Meraki devices...
CISCO Secure Endpoint Integrations
Introduction Secure Endpoint offers cloud-delivered, advanced endpoint detection and response a...
CISCO Umbrella Integrations
Introduction Cisco Umbrella is a cloud security platform that provides an additional line of de...
Cloudflare Integration
Introduction Cloudflare integration uses Cloudflare's API to retrieve audit logs and traffic lo...
Crowdstrike Integrations
Introduction This integration is for CrowdStrike products. It includes the following datasets f...
Dropbox Integrations
Introduction Connecting Dropbox Use the Workplace Search Dropbox connector to automatically c...
F5 Integrations
Introduction This document shows information related to F5 Integration. The F5 BIG-IP integr...
Fortinet-Fortigate Integrations
Introduction This integration is for Fortinet FortiGate logs sent in the syslog format. Pre...
GitLab Integrations
Introduction Introduced in GitLab Starter 8.4. Support for Amazon Elasticsearch was introduced ...
Google Workspace Integrations
Introduction Google Workspace (formerly G Suite) is a suite of cloud computing, productivity an...
Jumpcloud Integrations
Introduction The JumpCloud integration allows you to monitor events related to the JumpCloud Di...
Mimecast Integrations
Introduction The Mimecast integration collects events from the Mimecast API. Assumpti...
MongoDB Integrations
Introduction This integration is used to fetch logs and metrics from MongoDB. Assumpt...
OKTA Integrations
Introduction The Okta integration collects events from the Okta API, specifically reading from ...
Pulse Connect Secure Integrations
Introduction This integration is for Pulse Connect Secure. https://www.ivanti.com/pro...
Slack Integrations
Introduction Slack is used by numerous organizations as their primary chat and collaboration to...
System Integrations
Introduction The System integration allows you to monitor servers, personal computers, and more...
Team Viewer Integrations
Remote File Copy via TeamViewer Identifies an executable or script file remotely downloaded vi...
Z Scaler Integrations
Introduction This integration is for Zscaler Internet Access logs. It can be used to receive lo...
VMware vSphere Integration
This integration periodically fetches logs and metrics from vSphere vCenter servers. Compatibi...
SentinelOne Integrations
The SentinelOne integration collects and parses data from SentinelOne REST APIs. This integration...
Custom Windows Event Logs - Integration
Custom Windows Event Logs Collect and parse logs from any Windows event log channel with Elastic...
Windows Event Forwarding to Linux server using Nxlog
Introduction Windows Event Forwarding (WEF) allows the collection of event logs from multiple Wi...
Windows Event Forwarding to Linux server using Powershell script
Overview This PowerShell script forwards Windows event logs to a Linux server using the syslog p...
Sophos Integration
Overview The Sophos Central integration allows you to monitor Alerts and Events logs. Sophos Cen...
Atlassian Bitbucket Integrations (New)
Introduction The Bitbucket integration collects audit logs from the audit log files or the audi...
Palo Alto Cortex XDR Integration
Palo Alto Cortex XDR Integration Using the Cortex XDR APIs, you can integrate Cortex XDR with th...
Active Directory Integrations
Introduction Elastic Stack security features can be configured to authenticate users through Ac...
Microsoft SQL Server Integration
The Microsoft SQL Server integration package allows you to search, observe, and visualize the SQL...
Azure Logs Integration
Introduction This document shows information related to Azure Active Directory Integration.The A...
ESET Protect Integration
ESET PROTECT allows you to efficiently manage ESET products across workstations and servers withi...
ESET Threat Intelligence Integrations
ESET Threat Intelligence provides advanced, real-time insights into global cybersecurity threats,...
AQUILA CSPM - Azure Integration
This manual explains how to get started monitoring the security posture of your Azure CSP using t...
Resource Manager Endpoint Integration
The Azure Resource Manager (ARM) endpoint is the primary entry point for interacting with the Azu...
CISCO Secure Email Gateway Integrations
The Cisco Email Security Appliance (ESA) integration is a comprehensive solution for managing and...
CISCO Nexus Integrations
Overview The Cisco Nexus integration allows users to monitor Errors and System Messages. The Cis...
BitDefender Integrations
BitDefender GravityZone supports SIEM integration using "push notifications", which are JSON mess...
Bitwarden Integrations
Overview The Bitwarden integration allows users to monitor collections, events, groups, members ...
Forwarding logs from rsyslog client to a remote rsyslogs server
Introduction This guide will walk you through setting up Rsyslog for log forwarding between a cl...
Palo Alto Next Generation Firewall
Configure Syslog Monitoring STEP 1 - Configure a Syslog server profile. Select Device-->...
Cisco Meraki - Configuring a Syslog Server
Method 1: Using GUI Configure log forwarding Sign in to the Meraki Dashboard with adminis...
CyberArk PAM
Configure the Vault to Forward syslog Messages to PTA The system logger of the Vault must be con...
Cato Networks - Configuring Event Log Forwarding with Two Windows Servers
How to Configure Windows Event Forwarding for User Awareness Cato Networks’ User...
Nutanix
How to Send Logs to a Remote Syslog Server Summary: This article briefly describes how to confi...
ManageEngine
Log Forwarder EventLog Analyzer's Syslog Forwarder transmits logs from various sources to a dest...
Forescout
Method 1: Network logs forwarding The Network logs forwarding page ("Settings" > "System Setti...
CISCO Secure Endpoint - Secure Endpoint API
Authentication The Secure Endpoint API requires access via an authenticated and authorized acco...
AQUILA - Microsoft Office 365 Integration
Overview This integration with Microsoft Office 365 supports the ingestion of user, administrato...
Azure Integration - Microsoft Entra ID Logs
Step 1: Create an Event Hub for Microsoft Entra ID Logs Go to Azure Portal > Event Hubs > Cr...
Azure Integration -Blob Storage Leasing
Here are the necessary steps to resolve the issue. Step 1: Go to your Azure Portal and log in...
CSPM-AWS Integration
Get started with CSPM for AWS Overview This page explains how to get started monitoring t...
Cato Networks - Using Cato API for ELK Stack Integration
To fully integrate the Cato Networks API with the Elastic Stack (ELK Stack), you can follow this ...
Fortinet FortiGate - Syslog Setting and Syslog Filter
Please follow these instructions: Step 1: Log in to your Fortinet FortiGate Admin portal and n...
Azure Application Insights Integration
The Application Insights Integration allows users to collect metrics from Azure Application Insig...
Google Cloud Platform (GCP) Audit Logs Integration - using Pub/Sub
Requirements To integrate with Google Cloud Platform (GCP), you need to set up the following: ...
AQUILA CSPM - AWS Integration
Overview This page explains how to get started monitoring the security posture of your cloud ass...
Azure Application Insights Integration
Overview The Application Insights Integration allows users to retrieve application insights metr...
GitHub Integration - Elastic
GitHub Integration The GitHub integration collects events from the GitHub API(external, opens in...
GCP - How to enable Cloud Asset API
Please refer to these instructions to enable Cloud Asset API. To enable the Cloud Asset API fo...
GCP - How to Add a Role
Go to the Google Cloud Console. Navigate to IAM. Click on "IAM & Admin" in the left...
GCP - Setup a Log Sink
Setup Log Sink Using Google Cloud Console Navigate to "Logging" > "Log Router" > "Create Sin...
GCP and CSPM-GCP Integration
This Google Cloud integration collects and analyzes a wide range of logs and metrics to provide c...
Phishing Campaign - Setting Up Microsoft o365
Why Whitelist in Office 365? Whitelisting ensures the CyTech - AQUILA Phishing Simulation(PS) Mo...
Whitelist Microsoft Office 365
Why Whitelist in Office 365? Whitelisting ensures the CyTech - AQUILA Phishing Simulation(PS) Mo...
CrowdStrike Integration - using API
Steps to Get Client ID and Client Secret in CrowdStrike Falcon Log in to the Falcon Console ...
Whitelist Cisco IronPort (ESA)
Whitelist Cisco IronPort (ESA) for CyTech – AQUILA Phishing Simulation Why Whitelist in Cisco Ir...
Automatically Fetch User Accounts without Manually Importing for OneLogin (via SCIM)
OneLogin (via SCIM) Introduction: OneLogin gives users the ability to access the applications...
Automation on fetching user accounts for Azure
To automatically fetch user accounts into Azure (e.g., for Azure Active Directory / Microsoft Ent...
Palo Alto Firewall Syslog Filter Documentation
1. Introduction This guide outlines how to configure Syslog filters on Palo Alto Networks firewa...
Automation on fetching user accounts for Okta
To automatically fetch user accounts into Okta without needing to manually import them, you shoul...
Automatically Fetch User Accounts without Manually Importing for JumpCloud
JumpCloud Intoduction JumpCloud allows you to automate user account creation and syncing withou...
CrowdStrike to SIEM alerts and ruling
Introduction This guide explains how to send security alerts from CrowdStrike Falcon to your Sec...
Automatically fetch user accounts ( Google IAM )
STEP 1: Enable APIs You’ll need access to one of the following APIs: Cloud Identity API (fo...
Set Up Integration from SonarQube
SonarQube Introduction SonarQube is a self-hosted or cloud-enabled tool that scans source code ...
Digital Guardian Integration
Requirements You Must Have Why You Need It Elastic Agent installed ...
Setup Integration from Qualys
Qualys Vulnerability Management, Detection and Response (VMDR) This Qualys VMDR (external, opens...
Varonis (DLP)
Purpose This document outlines the procedure to integrate Varonis DatAlert or DatAdvantage with ...
Cisco AMP for Endpoints API Integration
To integrate Cisco AMP for Endpoints (now part of Cisco Secure Endpoint) with Elastic, follow the...
Secureworks to Elastic Integration
STEP 1: Enable Log Sending from Secureworks This step happens inside your Secureworks dashboard....
KnowBe4
1. Overview This document explains how to integrate KnowBe4 with a SIEM solution using the KnowB...
CyTech - AQUILA EDR Full Installation
Endpoint Detection and Responce (EDR) - Manual Installation Endpoint Detection and Response (E...
CyTech - AQUILA EDR
Endpoint Detection and Responce (EDR) - Manual Installation Endpoint Detection and Response (EDR...
AQUILA EDR Connection Issues - Windows
When Elastic Agent installs Endpoint, they connect locally to share status and updates. If this c...
GitHub Integration(Elastic)
GitHub Integration Introduction Elastic’s GitHub integration allows you to ingest GitHub logs, ...
AQUILA CSPM - GCP Integration
Authentication To use this CSPM Google Cloud Platform (GCP) integration, you need to set up a ...
AQUILA GCP Integration
This Google Cloud integration collects and analyzes a wide range of logs and metrics to provide c...
AQUILA - Cloudflare Integration
Cloudflare Logs Integration Manual Cloudflare logs provide detailed insights into client connect...
AQUILA - 1Password Integration
1Password Events Reporting Integration Manual With 1Password Business, you can forward account a...
AQUILA - SonicWall Firewall Integration
This integration collects syslog messages from SonicWall firewalls. It has been tested with Enhan...
AQUILA - Cisco Meraki Integration
Cisco Meraki provides a centralized cloud management platform for devices like MX Security Applia...