Channel Integrations is the fourth sub-section of Workspace Manager.
This section is used to integrate external services with AccuKnox and export logs based on triggers.
Choose "ElasticSearch" services and click the Integrate Now button.
1. Integration of ElasticSearch:¶
- ElasticSearch Host / ELK should be up and running for this Integration.
- [Note]: Please refer this link to create ELK Integration link
b. Steps to Integrate:¶
- Goto Channel Integration URL
- Click the Integrate Now button -> ElasticSearch
- Here you'll be able to see these entries:
- Integration Name: Enter the name for the integration. You can set any name.
- Elasticsearch Host: Enter your ElasticSearch Host here.
- Mount Path: Enter your logs mount path that will be passed to FileBeat as input.
- Once you fill every field then click the button this will test whether your integration is working or not.
- Click the Save button.
2. Configuration of Alert Triggers:¶
- On the Logs page, after choosing specific log filter click on 'Create Trigger' button.
- The below fields needs to be entered with appropriate data:
- Name: Enter the name for the trigger. You can set any name without special characters.
- When to Initiate: The frequency of the trigger as Real Time / .
- Status: Enter the severity for the trigger.
- Search Filter Data : The filter log chosen in automatically populated here.This is optional.
- Predefined queries: The list of predefined queries for this workspace is shown as default.
- Notification Channel: Select the integration channel that needs to receive logs. This should be Elastic. (Note: Channel Integration is done on the previous step)
- Save: Click on Save for the trigger to get stored in database.
3. Logs Forwarding:¶
- For each Enabled Trigger, please check the Kibana to view the logs.
- Based on Frequency (Real Time / Once in a Day / Week)
- The Rule Engine matches the real time logs against the triggers created.