ElasticSearch V7

elastic elasticsearch 7 the elasticsearch v7 connector allows users to manage and query documents within their elasticsearch indices directly from swimlane elasticsearch v7 is a powerful, open source search and analytics engine capable of handling a wide variety of use cases by integrating with swimlane turbine, users can automate document creation, deletion, and complex search operations within elasticsearch directly from the swimlane platform this connector streamlines security analytics by enabling rapid data manipulation and retrieval, enhancing incident response and threat hunting capabilities the seamless interaction with elasticsearch v7 through swimlane turbine empowers users to leverage real time search and indexing features to bolster their security posture prerequisites to effectively utilize the elasticsearch v7 connector with swimlane, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for your elasticsearch instance username your elasticsearch username credential password your elasticsearch password credential search action if the elasticsearch security features are enabled, you must have the read https //www elastic co/guide/en/elasticsearch/reference/current/security privileges html#privileges list indices for the target data stream, index, or alias for cross cluster search, see https //www elastic co/guide/en/elasticsearch/reference/current/remote clusters privileges html#remote clusters privileges ccs to search a https //www elastic co/guide/en/elasticsearch/reference/current/point in time api html for an alias, you must have the read index privilege for the alias’s data streams or indices create document action if the elasticsearch security features are enabled, you must have the create doc , create , index , or write https //www elastic co/guide/en/elasticsearch/reference/current/security privileges html#privileges list indices capabilities this connector provides the following capabilities search data stored in elasticsearch indices and data streams add a json document to the specified data stream or index delete a json document by index and id actions setup add document please see the https //www elastic co/guide/en/elasticsearch/reference/current/api conventions html#time units if you want to use the timeout configuration notes https //www elastic co/guide/en/elasticsearch/reference/current/docs index html https //www elastic co/guide/en/elasticsearch/reference/current/search html https //www elastic co/guide/en/elasticsearch/reference/current/api conventions html#time units https //www elastic co/guide/en/elasticsearch/reference/current/security privileges html#privileges list indices https //www elastic co/guide/en/elasticsearch/reference/current/remote clusters privileges html#remote clusters privileges ccs https //www elastic co/guide/en/elasticsearch/reference/current/point in time api html configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create document creates a new document in the specified index with a unique id in elasticsearch v7, requiring both 'index' and 'id' path parameters endpoint url {{index}}/ doc/{{id}} method post input argument name type required description path parameters index string required parameters for the create document action path parameters id string required parameters for the create document action input example {"json body" {"test" "test"},"path parameters" {"index" " internal alerts security alerts default 000001","id" "test123"}} output parameter type description status code number http status code of the response reason string response reason phrase index string output field index id string unique identifier version number output field version result string result of the operation shards object output field shards shards total number output field shards total shards successful number whether the operation was successful shards failed number output field shards failed seq no number output field seq no primary term number output field primary term output example {"status code" 201,"response headers" {"location" "/ internal alerts security alerts default 000001/ doc/test123","x elastic product" "elasticsearch","content type" "application/json","content length" "189"},"reason" "created","json body" {" index" " internal alerts security alerts default 000001"," id" "test123"," version" 1,"result" "created"," shards" {"total" 2,"successful" 1,"failed" 0}," seq no" 3306," primary term" 7}} delete document removes a specified document from an elasticsearch v7 index using the provided index and document id endpoint url {{index}}/ doc/{{id}} method delete input argument name type required description path parameters index string required parameters for the delete document action path parameters id string required parameters for the delete document action input example {"path parameters" {"index" " internal alerts security alerts default 000001","id" "test123"}} output parameter type description status code number http status code of the response reason string response reason phrase index string output field index id string unique identifier version number output field version result string result of the operation shards object output field shards shards total number output field shards total shards successful number whether the operation was successful shards failed number output field shards failed seq no number output field seq no primary term number output field primary term output example {"status code" 200,"response headers" {"x elastic product" "elasticsearch","content type" "application/json","content length" "189"},"reason" "ok","json body" {" index" " internal alerts security alerts default 000001"," id" "test123"," version" 2,"result" "deleted"," shards" {"total" 2,"successful" 1,"failed" 0}," seq no" 3307," primary term" 7}} search index performs a search query on a specified index in elasticsearch v7 using path and query parameters endpoint url {{index}}/ search method get input argument name type required description path parameters index string required parameters for the search index action parameters q string optional parameters for the search index action parameters index string required parameters for the search index action input example {"parameters" {"q" "test","index" " internal alerts security alerts default 000001"},"path parameters" {"index" " internal alerts security alerts default 000001","id" "test123"}} output parameter type description status code number http status code of the response reason string response reason phrase took number output field took timed out boolean output field timed out shards object output field shards shards total number output field shards total shards successful number whether the operation was successful shards skipped number output field shards skipped shards failed number output field shards failed hits object output field hits hits total object output field hits total hits total value number value for the parameter hits total relation string output field hits total relation hits max score number score value hits hits array output field hits hits hits hits index string output field hits hits index hits hits id string unique identifier hits hits score number score value hits hits source object output field hits hits source hits hits source kibana version string output field hits hits source kibana version hits hits source kibana alert rule category string output field hits hits source kibana alert rule category hits hits source kibana alert rule consumer string output field hits hits source kibana alert rule consumer hits hits source kibana alert rule execution uuid string unique identifier hits hits source kibana alert rule name string name of the resource hits hits source kibana alert rule producer string output field hits hits source kibana alert rule producer output example {"status code" 200,"response headers" {"x elastic product" "elasticsearch","content type" "application/json","content length" "72165"},"reason" "ok","json body" {"took" 905,"timed out"\ false," shards" {"total" 1,"successful" 1,"skipped" 0,"failed" 0},"hits" {"total" {},"max score" 3 5640192,"hits" \[]}}} response headers header description example content length the length of the response body in bytes 189 content type the media type of the resource application/json location the url to redirect a page to / internal alerts security alerts default 000001/ doc/test123 x elastic product http response header x elastic product elasticsearch