Advance Installation Process

Topics

• Detailed Advanced Procedure

• Integration Management Features

• Available Integrations

The Advanced Installation option provides greater control over the components being installed. It allows users to selectively choose specific pipelines, dashboards, alerts, and agents according to their needs. This method is ideal for more experienced users who require a customized setup or want to fine-tune which elements are deployed as part of the integration.

Follow the steps below to install the integration with Advanced mode:

1. Open the Integrations tab in the sidebar.

2. Select the integration you are interested in from the list.

3. Click the Advanced button.

4. Select the pipeline on which you want your integrations to be installed.

5. Select Dashboards from the list.

6. Select the Alerts you are interested in.

7. Select the Agents that are compatible with your device and download them (with configuration files if necessary), to your local machine. Then perform the installation process.

Please note that certain integrations may not offer all options. The range of components available, such as pipelines, dashboards, alerts and agents, can vary depending on the integration selected.

Detailed Advanced Procedure

1. Initiate Advanced Mode

   • Select the target integration from the available list.

   • Click the Advanced button to access detailed configuration options.

   • Review the granular component selection interface.

2. Pipeline Configuration

   • Select the target pipeline for integration deployment.

   • Review pipeline configuration and data routing options.

   • Configure pipeline-specific settings and data transformation rules.

3. Dashboard Selection

   • Choose specific dashboards from the available list based on your monitoring requirements.

   • Preview dashboard layouts and visualizations before installation.

   • Customize dashboard titles and descriptions if needed.

4. Alert Configuration

   • Select alerts that match your security monitoring requirements.

   • Customize alert thresholds and notification settings.

   • Configure integration with existing alerting workflows.

5. Agent Deployment

   • Select compatible agents for your target platforms.

   • Download customized configuration files tailored to your infrastructure.

   • Review installation requirements and platform-specific procedures.

Integration Management Features

Overwrite The integration wizard allows you to overwrite your installed components using the Overwrite switch. This enables you to install dashboards and alerts even when they are already installed in your application. This feature is particularly helpful when you want to restore the initial settings for a specific component.

Beats Integration Beats integration requires a Beats agent to be installed on the reporting machines. The Integrations plugin enables you to download preconfigured Beats agents, with a custom YML configuration file that is automatically generated based on your infrastructure. Please note that, to ensure proper operation, this configuration file must replace the default .yml file in the agent directory before installation.

Configuration Requirements:

• Replace the default .yml file in the agent directory before installation.

• Ensure network connectivity from Beats agents to ELS Data Node.

• Configure appropriate firewall rules for data transmission on required ports.

• Verify authentication credentials match the user management setup.

Available Integrations

Details of each integration can be found here

List of selected available integrations:

• OP5 - Naemon logs

• OP5 - Performance data

• OP5 Beat

• The Grafana instalation

• The Beats configuration

• 2FA authorization with Google Auth Provider (example)

• 2FA with Nginx and PKI certificate

• Embedding dashboard in iframe

• Integration with AWS service

• Integration with Azure / o365

• Google Cloud Platform

• F5

• Aruba Devices

• Sophos Central

• FreeRadius

• Microsoft Advanced Threat Analytics

• CheckPoint Firewalls

• WAF F5 Networks Big-IP

• Infoblox DNS Firewall

• CISCO Devices

• Microsoft Windows Systems

• Linux Systems

• AIX Systems

• Microsoft Windows DNS, DHCP Service

• Microsoft IIS Service

• Apache Service

• Microsoft Exchange

• Microsoft AD, Radius, Network Policy Server

• Microsoft MS SQL Server

• MySQL Server

• Oracle Database Server

• Postgres Database Server

• VMware Platform

• VMware Connector

• Network Flows

• Citrix XenApp and XenDesktop

• Sumologic Cloud SOAR

• Microsfort System Center Operations Manager

• JBoss

• Energy Security Feeds

The built-in Integrations plugin includes a comprehensive library of pre-built integrations categorized as follows:

Infrastructure Monitoring:

• OP5 - Naemon logs and performance data

• Grafana installation and configuration

• VMware Platform and VMware Connector

• Microsoft System Center Operations Manager

Security Platforms:

• F5 WAF Networks Big-IP

• CheckPoint Firewalls

• Sophos Central

• Infoblox DNS Firewall

• Microsoft Advanced Threat Analytics

Network Devices:

• CISCO Devices

• Aruba Devices

• Network Flows analysis

Operating Systems:

• Microsoft Windows Systems

• Linux Systems

• AIX Systems

Applications and Services:

• Microsoft Windows DNS, DHCP Service

• Microsoft IIS Service

• Apache Service

• Microsoft Exchange

• Microsoft AD, Radius, Network Policy Server

Databases:

• Microsoft MS SQL Server

• MySQL Server

• Oracle Database Server

• Postgres Database Server

Cloud Platforms:

• AWS service integration

• Azure / Office 365 integration

• Google Cloud Platform

Authentication and Security:

• 2FA authorization with Google Auth Provider

• 2FA with Nginx and PKI certificate

• FreeRadius integration

Specialized Integrations:

• Citrix XenApp and XenDesktop

• Sumologic Cloud SOAR

• JBoss application server

• Energy Security Feeds