What is Elastic Cloud? #
Elastic Cloud includes Elastic Enterprise Search, Elastic Observability, Elastic Security, and Elastic Stack. Elastic Stack includes Elasticsearch, Kibana, Beats, and Logstash. Elastic Cloud runs in the public cloud of your choice.
Why Should You Use the Elastic Cloud Connector? #
The Elastic Cloud connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Elastic Cloud REST API and ingests only metadata about Elastic Cloud devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
Field |
Description |
Example |
---|---|---|
Profile Name |
Name of this configuration |
Lucidum connector |
Cloud ID |
Unique ID automatically assigned to the Elasticsearch cluster. You can find this value in the Elastic Cloud web console. |
Lucidum_Test:dXMtY2********GU0NA== |
API Key ID |
Unique ID for an Elastic Cloud API key. |
VuaCfGcBCdbkQm-e5aOx |
API Key |
Unique Key for for an Elastic Cloud API key. |
ui2lp2axTNmsyakw9tvNnw |
Asset Data Index |
Elasticsearch index where asset data is stored |
lucidum-assets |
Asset Data Query |
Query in Query DSL format, usually a “match” query. |
{“match”: {“message”: “Please disable this account”}} |
Asset Data Mapping |
Maps field values from Elastic to a fields in the Lucidum Asset Database. |
“Lucidum Asset Name”->Asset_Name |
User Data Index |
Elasticsearch index where user data is stored |
lucidum-users |
User Data Query |
Query in Query DSL format, usually a “match” query. |
{“match”: {“message”: “Please disable this account”}} |
User Data Mappings |
Maps field values from Elastic field to a field in the Lucidum User database. |
“user.roles”->Role_Name |
Asset Data Mapping #
Lucidum has populated the Asset Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.
To create a mapping:
-
You can map only the Lucidum fields (values to the right of ->) that are already included in the Asset Data Mapping field. Currently, uou cannot add new mappings.
-
Put your cursor in the Asset Data Mapping field.
-
Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).
-
Enter
“Elastic field name”->Lucidum field name.
where