Elastic Cloud
Visualize Elastic Cloud Search Account, Users, Clusters, Nodes, Backup, Roles and Service Accounts changes through queries and alerts.
- Installation guide
- Elastic Cloud data model
- Elastic Cloud types
Installation Guide
Info
User needs to create an instance per deployment.
Requirements
To Configure the integration, ensure you have the following:
- Elastic Cloud Account ID
- Elasticsearch API Key
- Elasticsearch Cloud ID (generated in your Elastic Cloud account)
Configuration in Elastic Cloud
Creating an Elasticsearch API Key
- Log in to your Elastic Cloud Account.
- Select your deployment from the dashboard.
- Select the Search app.
- Copy the Elasticsearch Endpoint
displayed on the homepage. - Click Manage.
- Select Create New API Key.
- Provide an API Key Name for identification.
- Choose User API Key as the type.
- Specify the Expiry date for the API Key.
- Enable Control Security Privileges.
- Click Create API Key
. - Copy the generated Elasticsearch API Key.
- Click on your profile icon and select Organization
- Copy organization ID.
Configuration in JupiterOne
From the top navigation bar of the J1 Search homepage, go to Integrations.
Search for Elastic Cloud and select it.
Click the Add Instance button and configure the following settings:
- Elastic Cloud Account ID: Paste the Organization ID copied from Elastic Cloud.
- Elastic Search Endpoint: Paste the Elasticsearch Endpoint copied from Elasticsearch.
- Elastic Search API Key: Paste the Elasticsearch API Key generated earlier.
- Account Name: Provide a name to identify this Elastic Cloud instance in JupiterOne. When the Tag with Account Name option is checked, ingested entities will store this value in
tag.AccountName. - Description: Add a description to assist your team in identifying this integration instance.
- Polling Interval (optional): Select a polling interval that fits your monitoring needs. If unsure, leave this as
DISABLEDand manually execute the integration.
Click Create Configuration to save your settings.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | ec_account | Account |
| Backup | ec_backup | Backup |
| Cluster | ec_cluster | Cluster |
| Cluster Node | ec_cluster_node | Host |
| Role | ec_role | AccessRole |
| Service Account | ec_service_account | User |
| User | ec_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
ec_account | HAS | ec_cluster |
ec_account | HAS | ec_role |
ec_account | HAS | ec_user |
ec_cluster | HAS | ec_backup |
ec_cluster | CONTAINS | ec_cluster_node |
ec_cluster | USES | ec_role |
ec_user | ASSIGNED | ec_role |
Ec Account
ec_account inherits from Account
Ec Cluster
ec_cluster inherits from Cluster
| Property | Type | Description | Specifications |
|---|---|---|---|
nodeCount * | number | ||
successfulNodeCount * | number | ||
failedNodeCount * | number | ||
primaryShards * | number | ||
totalShards * | number | ||
indicesCount * | number | ||
docsCount * | number | ||
storeSize | string | ||
availableDiskSpace | string | ||
totalDiskSpace | string | ||
jvmThreads * | number | ||
ingestPipelines * | number |
Ec Cluster Node
ec_cluster_node inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
roles * | array of strings | ||
region | string | ||
instanceConfiguration | string | ||
availabilityZone | string | ||
serverName | string | ||
clusterName | string | ||
initialMasterNodes | string | ||
managedPolicies | array of strings | ||
processors | string | ||
dataTier | string | ||
diskWriteSpeed | string | ||
diskReadSpeed | string | ||
networkBandwidth | string | ||
isxPackInstalled | boolean | X-Pack is an Elastic Stack plugin providing advanced features like security, monitoring, and machine learning. | |
dataPath | string | ||
logsPath | string | ||
homePath | string | ||
httpSslEnabled | boolean | ||
transportSslEnabled | boolean | ||
httpPort | string | ||
machineLearningEnabled | boolean | ||
monitoringEnabled | boolean |
Ec User
ec_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
roles | array of strings | ||
fullName | string |
Ec Backup
ec_backup inherits from Backup
| Property | Type | Description | Specifications |
|---|---|---|---|
repository | string | ||
versionId | number | ||
version | string | ||
status | string | ||
startedOn | number | ||
completedOn | number | ||
duration | number | ||
indices | array of strings | ||
dataStreams | array of strings | ||
featureStates | array of strings | ||
totalShards | number | ||
successfulShards | number | ||
failedShards | number | ||
includeGlobalState | boolean |
Ec Role
ec_role inherits from AccessRole
| Property | Type | Description | Specifications |
|---|---|---|---|
clusterPrivilegeNames | array of strings |
Ec Service Account
ec_service_account inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
clusterPrivilege | array of strings |