Skip to main content
Elastic Security

Leverage Elastic Security's advanced threat detection by integrating with Torq for automated workflow triggers and responses.

Updated over 7 months ago

Elastic Security is a security solution offered by Elastic NV and designed to provide advanced threat detection, investigation, and response capabilities. It's built on the Elastic stack, including Elasticsearch, Logstash, and Kibana.

Create an Elastic Security Trigger Integration in Torq

Perform the following steps in Torq.

  1. Go to Build > Integrations > Triggers > Elastic Security and click Add.

  2. Give the integration a meaningful name.

  3. Copy the authentication header secret and save it. You'll need it to create a Torq connector in Kibana.

    Create an Elastic Security trigger integration
  4. Click Add.

  5. Copy the integration endpoint to use in Kibana.

Create a Torq Connector in Kibana

Perform the following steps in Kibana.

  1. Go to Stack Management > Connectors.

  2. Select Create connector.

    Create a connector in Elastic
  3. Locate and select the Torq connector.

    Create a Torq connector
  4. Configure the Torq connector:

    1. Give the connector a meaningful name.

    2. Provide the secret you copied in the previous section as the Torq integration token.

    3. Provide the integration endpoint you copied in the previous section as the Torq endpoint URL.

      Test the Torq connector
  5. Click Save & test.

  6. In the Create an action section, enter a valid JSON for the connector to send to Torq.

  7. In the Run and test section, click Run.

  8. Check the Last Event column on the Elastic Security integrations page to verify that the integration you created got an event.

    Elastic Security trigger integration event

Use Elastic Security to Trigger a Workflow in Torq

  1. Use the Torq connector as an action in Elastic Security rules.

  2. Modify the action body according to your needs.

  3. Create a workflow in Torq and set the Elastic Security integration you created as the trigger.

  4. When the rule criteria are met, the action body will be sent to Torq, and the workflow you created will be triggered.

    Trigger a Torq workflow when the rule criteria is met

Create a Steps Elastic Security Integration in Torq

Perform the following steps in Torq.

  1. Go to Build > Integrations > Steps > Elastic Security and click Add.

    Create an Elastic Security steps integration
  2. Enter your Kibana account username and password.

  3. Log in to Kibana and copy the host and port from your browser address. If the port isn't specified, use the default port. For example localhost:5601

    Kibana host and port

Premade Steps

These are the public steps for Elastic Security. Don't see the step you need? No problem; you can easily create a custom step.

  • Add a comment to a case

  • Create a case

  • Delete a case

  • Delete a comment

  • Delete all case comments

  • Delete multiple cases

  • Find cases

  • Get a comment

  • Get case information

  • Get case user activity

  • Update a case

  • Update a comment

Did this answer your question?