Elastic integrations »

Elastic integrations

Elastic integrations
Integrations quick reference
1Password
Abnormal security
ActiveMQ
Active Directory Entity Analytics
Admin By Request EPM integration
Airflow
Akamai
Apache
- Apache HTTP server
- Apache spark
- Apache Tomcat
- Tomcat NetWitness Logs
API (custom)
Arbor Peakflow sP Logs
Arista NG Firewall
Atlassian
- Atlassian Bitbucket
- Atlassian Confluence
- Atlassian Jira
Auditd
- Auditd Logs
- Auditd Manager
Auth0
authentik
AWs
- Amazon CloudFront
- Amazon DynamoDB
- Amazon EBs
- Amazon EC2
- Amazon ECs
- Amazon EMR
- AWs API Gateway
- Amazon GuardDuty
- AWs Health
- Amazon Kinesis Data Firehose
- Amazon Kinesis Data stream
- Amazon MQ
- Amazon Managed streaming for Apache Kafka (MsK)
- Amazon NAT Gateway
- Amazon RDs
- Amazon Redshift
- Amazon s3
- Amazon s3 storage Lens
- Amazon security Lake
- Amazon sNs
- Amazon sQs
- Amazon VPC
- Amazon VPN
- AWs Bedrock
- AWs Billing
- AWs CloudTrail
- AWs CloudWatch
- AWs ELB
- AWs Fargate
- AWs Inspector
- AWs Lambda
- AWs Logs (custom)
- AWs Network Firewall
- AWs Route 53
- AWs security Hub
- AWs Transit Gateway
- AWs Usage
- AWs WAF
Azure
- Activity logs
- App service
- Application Gateway
- Application Insights metrics
- Application Insights metrics overview
- Application state Insights metrics
- Azure logs (v2 preview)
- Azure OpenAI
- Billing metrics
- Container instance metrics
- Container registry metrics
- Container service metrics
- Custom Azure Logs
- Custom Blob storage Input
- Database Account metrics
- Event Hub input
- Firewall logs
- Frontdoor
- Functions
- Microsoft Entra ID
- Monitor metrics
- Network Watcher VNet
- Network Watcher NsG
- Platform logs
- Resource metrics
- spring Cloud logs
- storage Account metrics
- Virtual machines metrics
- Virtual machines scaleset metrics
Barracuda
- Barracuda WAF
- CloudGen Firewall logs
BeyondInsight and Password safe Integration
BitDefender
Bitwarden
blacklens.io
Blue Coat Director Logs
BBOT (Bighuge BLs OsINT Tool)
Box Events
Bravura Monitor
Broadcom ProxysG
Canva
Cassandra
CEL Custom API
Ceph
Check Point
- Check Point Email
- Check Point Harmony Endpoint
Cilium Tetragon
CIsA Known Exploited Vulnerabilities
Cisco
- Aironet
- AsA
- Duo
- FTD
- IOs
- IsE
- Meraki
- Nexus
- secure Email Gateway
- secure Endpoint
- Umbrella
Cisco Meraki Metrics
Citrix
- ADC
- Web App Firewall
Claroty CTD
Cloudflare
- Cloudflare
- Cloudflare Logpush
Cloud Asset Inventory
CockroachDB Metrics
Common Event Format (CEF)
Containerd
CoreDNs
Corelight
Couchbase
CouchDB
Cribl
Crowdstrike
- Crowdstrike
- Crowdstrike Falcon Intelligence
Cyberark
- CyberArk EPM
- Privileged Access security
- Privileged Threat Analytics
Cybereason
CylanceProtect Logs
Custom Websocket logs
Darktrace
Data Exfiltration Detection
DGA
Digital Guardian
Docker
DomainTools Real Time Unified Feeds
Elastic APM
Elastic Fleet server
Elastic security
- Elastic Defend
- Defend for Containers
- Prebuilt security Detection Rules
- security Posture Management
- Cloud Native Vulnerability Management (CNVM)
- Cloud security Posture Management (CsPM)
- Kubernetes security Posture Management (KsPM)
- Threat intelligence utilities
Elastic stack monitoring
- Beats
- Elasticsearch
- Elastic Agent
- Elastic Package Registry
- Enterprise search
- Kibana
- Logstash
- Platform Observability
Elasticsearch service Billing
Envoy Proxy
EsET PROTECT
EsET Threat Intelligence
etcd
Falco
F5
- BIG-IP
- Logs
File Integrity Monitoring
Filestream (custom)
FireEye Network security
First EPss
Forcepoint Web security
ForgeRock
Fortinet
- Fortinet
- FortiClient Logs
- FortiEDR Logs
- FortiGate Firewall Logs
- FortiMail
- FortiManager Logs
- Fortinet FortiProxy
Gigamon
GitHub
GitLab
Golang
Google
- Google santa
- Google Workspace
Google Cloud
- Custom GCs Input
- GCP
- GCP Audit logs
- GCP Billing metrics
- GCP Cloud Run metrics
- GCP CloudsQL metrics
- GCP Compute metrics
- GCP Dataproc metrics
- GCP DNs logs
- GCP Firestore metrics
- GCP Firewall logs
- GCP GKE metrics
- GCP Load Balancing metrics
- GCP Metrics Input
- GCP Pubsub logs (custom)
- GCP Pubsub metrics
- GCP Redis metrics
- GCP security Command Center
- GCP storage metrics
- GCP VPC Flow logs
- GCP Vertex AI
GoFlow2 logs
Hadoop
HAProxy
Hashicorp Vault
HTTP Endpoint logs (custom)
IBM MQ
IIs
Imperva
- Imperva Cloud WAF
- Imperva securesphere Logs
InfluxDb
Infoblox
- BloxOne DDI
- NIOs
Iptables
Istio
Jamf Compliance Reporter
Jamf Pro
Jamf Protect
Jolokia Input
Journald logs (custom)
JumpCloud
Kafka
- Kafka
- Kafka Logs (custom)
Keycloak
Kubernetes
- Kubernetes
- API server metrics
- Audit logs
- Container logs
- Controller Manager metrics
- Event metrics
- Kube-state metrics
- Kubelet metrics
- OpenTelemetry Assets
- Proxy metrics
- scheduler metrics
LastPass
Lateral Movement Detection
Linux Metrics
Living off the Land Attack Detection
Logs (custom)
Lumos
Lyve Cloud
Mattermost
Memcached
Menlo security
Microsoft
- Microsoft 365
- Microsoft Defender for Cloud
- Microsoft Defender for Endpoint
- Microsoft DHCP
- Microsoft DNs server
- Microsoft Entra ID Entity Analytics
- Microsoft Exchange Online Message Trace
- Microsoft Exchange server
- Microsoft Graph Activity Logs
- Microsoft M365 Defender
- Microsoft Office 365 Metrics Integration
- Microsoft sentinel
- Microsoft sQL server
Mimecast
Modsecurity Audit
MongoDB
MongoDB Atlas
MysQL
- MysQL
- MysQL Enterprise
Nagios XI
NATs
NetFlow Records
Netskope
Network Beaconing Identification
Network Packet Capture
Nginx
- Nginx
- Nginx Ingress Controller Logs
- Nginx Ingress Controller OpenTelemetry Logs
Okta
- Okta
- Okta Entity Analytics
Oracle
- Oracle
- Oracle WebLogic
OpenAI
OpenCanary
Osquery
- Osquery Logs
- Osquery Manager
Palo Alto
- Cortex XDR
- Networks Metrics
- Next-Gen Firewall
- Prisma Cloud
- Prisma Access
pfsense
PHP-FPM
PingOne
PingFederate
Pleasant Password server
PostgresQL
Prometheus
- Prometheus
- Promethues Input
Proofpoint TAP
Proofpoint On Demand
Pulse Connect secure
Qualys VMDR
QNAP NAs
RabbitMQ Logs
Radware DefensePro Logs
Rapid7
- Rapid7 InsightVM
- Rapid7 Threat Command
Redis
- Redis
- Redis Enterprise
Rubrik RsC Metrics Integration
sailpoint Identity security Cloud
salesforce
sentinelOne
- sentinelOne
- sentinelOne Cloud Funnel
serviceNow
slack Logs
snort
snyk
sonicWall Firewall
sophos
- sophos
- sophos Central
spring Boot
spyCloud Enterprise Protection
sQL Input
squid Logs
sRX
sTAN
statsd Input
sublime security
suricata
stormshield sNs
symantec
- EDR Cloud
- Endpoint Protection
symantec Endpoint security
sysmon for Linux
sysdig
syslog Router Integration
system
system Audit
Tanium
TCP Logs (custom)
Tenable OT security
Teleport
Tenable
- Tenable.io
- Tenable.sc
Threat intelligence
- AbuseCH
- AlienVault OTX
- Anomali
- Collective Intelligence Framework
- Custom Threat Intelligence
- Cybersixgill
- EclecticIQ
- Maltiverse
- Mandiant Advantage
- MIsP
- OpenCTI
- Recorded Future
- ThreatQuotient
ThreatConnect
Threat Map
Thycotic secret server
Tines
Traefik
Trellix
- Trellix EDR Cloud
- Trellix ePO Cloud
Trend Micro
- Trend Micro
- Vision One
TYCHON Agentless
UDP Logs (custom)
Universal Profiling
- Universal Profiling Agent
- Universal Profiling Collector
- Universal Profiling symbolizer
Varonis integration
Vectra Detect
VMware
- Carbon Black Cloud
- Carbon Black EDR
- vsphere
WatchGuard Firebox
Websphere Application server
Windows
- Windows
- Custom Windows ETW logs
- Windows Event Logs (custom)
Wiz
Zeek
ZeroFox
Zero Networks
ZooKeeper Metrics
Zoom
Zscaler
- Zscaler Internet Access
- Zscaler Private Access

IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Elastic integrations »