Integrations - Overview

Topics

• Plugin Overview

• Integration Deployment Options

• One Click Installation Process

• Detailed One Click Procedure

The Integrations plugin automates the process of uploading integrations to your infrastructure. It simplifies deployment of custom integrations within Energylogserver, providing a user-friendly interface. Designed to accelerate development workflows, this plugin allows you to validate integrations directly into the Energylogserver environment, eliminating the need for command-line interaction. Plugin works only for licenses that support siem-plan.

The plugin offers two deployment integration options:

• One Click

• Advance

Integration Architecture

Energylogserver SIEM integration architecture supports multiple deployment patterns:

Push-Based Integrations:

• ELS Network Node (Network Probe) Input Plugins - For receiving data from external sources.

• RESTful API Endpoints - For external systems to send data to Energylogserver.

• Webhook Receivers - For real-time notifications and event-driven integrations.

Pull-Based Integrations:

• Scheduled Data Collection - From external APIs using automated polling.

• File-Based Imports - With automated processing through configured pipelines.

• Database Connections - Direct queries to external data sources.

Bi-Directional Integrations:

• Two-Way Data Exchange - With external security platforms.

• Alert Forwarding and Case Synchronization - For enhanced alerting.

• Enrichment Services - With external threat intelligence and context providers.

Built-in Integrations Plugin

Plugin Overview

The Integrations plugin automates the process of uploading integrations to your infrastructure. It simplifies deployment of custom integrations within Energylogserver, providing a user-friendly interface. Designed to accelerate development workflows, this plugin allows you to validate integrations directly into the Energylogserver environment, eliminating the need for command-line interaction.

Plugin Requirements:

• Energylogserver SIEM license with siem-plan support.

• ELS Console access with integration management permissions.

• Network connectivity to integration targets.

• Plugin enabled in the configuration.

Integration Deployment Options

The Integrations plugin offers two deployment integration options:

1. One Click Installation - Automated deployment with default configurations.

2. Advanced Installation - Selective component deployment with customization options.

One Click Installation Process

The One-Click Installation process is the easiest and fastest way to deploy a selected integration. Using this method, the user simply selects the desired integration and the plugin automatically creates ingest pipelines, imports dashboards and alert rules, and provides direct access to download compatible agents via the built-in wizard.

Follow the steps below to install the integration:

1. Open the Integrations tab in the sidebar.

2. Select the integration you are interested in from the list.

3. Simply press the One Click button to allow the wizard to install all the content.

4. Select the Agents that are compatible with your device and download them (with configuration files if necessary), to your local machine. Then perform the installation process.

Detailed One Click Procedure

1. Access Integration Management

   • Navigate to the Integrations tab in the ELS Console sidebar.

   • Review available integration categories organized by technology type.

2. Select Target Integration

   • Browse available integrations by category or use the search functionality.

   • Click on the desired integration to view detailed information.

   • Review integration description, requirements, and included components.

3. Review Integration Details

   • Examine integration description and technical requirements.

   • Review included components: pipelines, dashboards, alerts, and agents.

   • Verify compatibility with your current Energylogserver configuration.

4. Execute One-Click Deployment

   • Click the One Click button to initiate automated installation.

   • Monitor deployment progress in real-time through the progress indicator.

   • Verify successful installation of all components.

5. Agent Download and Configuration

   • Select compatible agents for your target systems from the agent list.

   • Download pre-configured agents with custom YML configuration files.

   • Follow platform-specific installation instructions provided by the wizard.