Hi, I'm a legit noob when it comes to ELK so my questions might not make sense or will probably have some obvious answers to it.
Getting straight to the point, I want to pull the logs from my on premises Elasticsearch solution and send it to my Alien Vault USM Anywhere console.
I have read the API documentation and I am absolutely lost. I don't know how I am meant to connect the two platforms together.
To give some context, The USM Anywhere platform offers a custom alien app feature which allows its user to create a custom alien app that connects to third party platforms using API/OAuth2/Basic Auth. I have tried using the API key in Elastic Search and I have tried to put in the API URL (which I'm not even sure on how it's supposed to look like) and I failed miserably.
I would appreciate if someone could enlighten me on this matter. I might have used the API in the wrong way, so do point out any fault or errors in my actions.
Without wanting to dismiss your queries this does seem like more of an alien vault issue, as you want to tell it that it needs to grab data from Elasticsearch (Elasticsearch cannot push data out to alien vault). I had a bit of a web search but couldn't find anything that I can point you to to help unfortunately.
Just to clarify because like I had mentioned before, I am a beginner when it comes to dealing with APIs. Is it possible to pull logs from Elastic Search into another platform? for example: using the GET request like the one mentioned in the REST API documentation.
Or is my understanding wrong on the usage of the APIs? Do enlighten me on this and point out any faults.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
