Push Logs from Elastic Search to Alien Vault USM Anywhere

Hi, I'm a legit noob when it comes to ELK so my questions might not make sense or will probably have some obvious answers to it.

Getting straight to the point, I want to pull the logs from my on premises Elasticsearch solution and send it to my Alien Vault USM Anywhere console.

I have read the API documentation and I am absolutely lost. I don't know how I am meant to connect the two platforms together.

To give some context, The USM Anywhere platform offers a custom alien app feature which allows its user to create a custom alien app that connects to third party platforms using API/OAuth2/Basic Auth. I have tried using the API key in Elastic Search and I have tried to put in the API URL (which I'm not even sure on how it's supposed to look like) and I failed miserably.

I would appreciate if someone could enlighten me on this matter. I might have used the API in the wrong way, so do point out any fault or errors in my actions.

Thank you.

Welcome to our community! :smiley:

Without wanting to dismiss your queries this does seem like more of an alien vault issue, as you want to tell it that it needs to grab data from Elasticsearch (Elasticsearch cannot push data out to alien vault). I had a bit of a web search but couldn't find anything that I can point you to to help unfortunately.

Just to clarify because like I had mentioned before, I am a beginner when it comes to dealing with APIs. Is it possible to pull logs from Elastic Search into another platform? for example: using the GET request like the one mentioned in the REST API documentation.

Or is my understanding wrong on the usage of the APIs? Do enlighten me on this and point out any faults.

Thank you.

Yep, you need to pull data out of Elasticsearch via the APIs as it will not send data from itself to another system using the APIs.

Understood and thank you for the clarification Mark :smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.