What is Elastic Cloud? #
Elastic Cloud includes Elastic Enterprise Search, Elastic Observability, Elastic Security, and Elastic Stack. Elastic Stack includes Elasticsearch, Kibana, Beats, and Logstash. Elastic Cloud runs in the public cloud of your choice.
Why Should You Use the Elastic Cloud Connector? #
The Elastic Cloud connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Elastic Cloud REST API and ingests only metadata about Elastic Cloud devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
Field |
Description |
Example |
---|---|---|
Profile Name |
Name of this configuration |
Lucidum connector |
Cloud ID |
Unique ID automatically assigned to the Elasticsearch cluster. You can find this value in the Elastic Cloud web console. |
Lucidum_Test:dXMtY2********GU0NA== |
API Key ID |
Unique ID for an Elastic Cloud API key. |
VuaCfGcBCdbkQm-e5aOx |
API Key |
Unique Key for for an Elastic Cloud API key. |
ui2lp2axTNmsyakw9tvNnw |
Asset Data Index |
Elasticsearch index where asset data is stored |
lucidum-assets |
Asset Data Query |
Query in Query DSL format, usually a “match” query. |
{“match”: {“message”: “Please disable this account”}} |
Asset Data Mapping |
Maps field values from Elastic to a fields in the Lucidum Asset Database. |
“Lucidum Asset Name”->Asset_Name |
User Data Index |
Elasticsearch index where user data is stored |
lucidum-users |
User Data Query |
Query in Query DSL format, usually a “match” query. |
{“match”: {“message”: “Please disable this account”}} |
User Data Mappings |
Maps field values from Elastic field to a field in the Lucidum User database. |
“user.roles”->Role_Name |
Asset Data Mapping #
Lucidum has populated the Asset Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.
To create a mapping:
-
You can map only the Lucidum fields (values to the right of ->) that are already included in the Asset Data Mapping field. Currently, uou cannot add new mappings.
-
Put your cursor in the Asset Data Mapping field.
-
Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).
-
Enter
“Elastic field name”->Lucidum field name.
where:
-
“Elastic field name” is a field name used in Elastic Cloud
-
Lucidum_Field_Name is the name of the field in the Lucidum Asset database.
-
-
Press Enter.
-
The new mapping appears in the Asset Data Mapping field.
User Data Mapping #
Lucidum has populated the User Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.
To create a mapping:
-
You can map only the Lucidum fields (values to the right of ->) that are already included in the User Data Mapping field. Currently, you cannot add new mappings.
-
Put your cursor in the User Data Mapping field.
-
Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).
-
Enter
“Elastic field name”->Lucidum field name.
where:
-
“Elastic field name” is a field name used in Elastic Cloud
-
Lucidum_Field_Name is the name of the field in the Lucidum Asset database.
-
-
Press Enter.
-
The new mapping appears in the User Data Mapping field.
Source Documentation #
Creating Credentials #
Contact your Lucidum Sales Representative for help with creating credentials.
To find your Cloud ID:
-
Log in to the Elastic Cloud Console.
-
Click on the name of your deployment.
-
Click on the Search tile.
-
The Cloud ID is displayed in the Home Page.
To create an API Key ID and API Key, see:
https://www.elastic.co/guide/en/cloud/current/ec-api-authentication.html#ec-api-keys
To view existing API Key IDs and API Keys, see:
https://www.elastic.co/guide/en/cloud/current/ec-api-authentication.html#ec-api-keys
Required Permissions #
To create API Keys, you must be an Organization Owner.
API Documentation #
https://www.elastic.co/guide/en/cloud/current/ec-restful-api.html