Connectors

edit

Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Actions are instantiations of a connector that are linked to rules and run as background tasks on the Kibana server when rule conditions are met. Kibana provides the following types of connectors:

Amazon Bedrock

Send a request to Amazon Bedrock.

Cases

Add alerts to cases.

CrowdStrike

Send a request to CrowdStrike.

D3 Security

Send a request to D3 Security.

Google Gemini

Send a request to Google Gemini.

Email

Send email from your server.

IBM Resilient

Create an incident in IBM Resilient.

Index

Index data into Elasticsearch.

Jira

Create an incident in Jira.

Microsoft Teams

Send a message to a Microsoft Teams channel.

Observability AI Assistant

Add AI-driven insights and custom actions to your workflow.

OpenAI

Send a request to OpenAI.

Opsgenie

Create or close an alert in Opsgenie.

PagerDuty

Send an event in PagerDuty.

SentinelOne

Send a request to SentinelOne.

ServerLog

Add a message to a Kibana log.

ServiceNow ITSM

Create an incident in ServiceNow.

ServiceNow SecOps

Create a security incident in ServiceNow.

ServiceNow ITOM

Create an event in ServiceNow.

Slack

Send a message to a Slack channel or user.

Swimlane

Create an incident in Swimlane.

TheHive

Create cases and alerts in TheHive.

Tines

Send events to a Tines Story.

Torq

Trigger a Torq workflow.

Webhook

Send a request to a web service.

Webhook - Case Management

Send a request to a Case Management web service.

xMatters

Send actionable alerts to on-call xMatters resources.

Some connector types are paid commercial features, while others are free. For a comparison of the Elastic subscription levels, go to the subscription page.

Managing connectors

edit

Rules use connectors to route actions to different destinations like log files, ticketing systems, and messaging tools. While each Kibana app can offer their own types of rules, they typically share connectors. Stack Management > Connectors offers a central place to view and manage all the connectors in the current space.

Example connector listing in the Rules UI

Required permissions

edit

Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to Security.

Connector networking configuration

edit

Use the action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.

Connector list

edit

In Stack Management > Connectors, you can find a list of the connectors in the current space. You can use the search bar to find specific connectors by name and type. The Type dropdown also enables you to filter to a subset of connector types.

Filtering the connector list by types of connectors

You can delete individual connectors using the trash icon. Alternatively, select multiple connectors and delete them in bulk using the Delete button.

Deleting connectors individually or in bulk

You can delete a connector even if there are still actions referencing it. When this happens the action will fail to run and errors appear in the Kibana logs.

Creating a new connector

edit

New connectors can be created with the Create connector button, which guides you to select the type of connector and configure its properties.

Connector select type

After you create a connector, it is available for use any time you set up an action in the current space.

For out-of-the-box and standardized connectors, refer to preconfigured connectors.

You can also manage connectors as resources with the Elasticstack provider for Terraform. For more details, refer to the elasticstack_kibana_action_connector resource.

Importing and exporting connectors

edit

To import and export connectors, use the Saved Objects Management UI.

Connectors import banner

If a connector is missing sensitive information after the import, a Fix button appears in Connectors.

Connectors with missing secrets

Monitoring connectors

edit

The Task Manager health API helps you understand the performance of all tasks in your environment. However, if connectors fail to run, they will report as successful to Task Manager. The failure stats will not accurately depict the performance of connectors.

For more information on connector successes and failures, refer to the Event log index.