Search with Kibana#
As an alternative, you can search Elasticsearch indices directly using Kibana.
Access Kibana#
Access Kibana by going to https://${platform_host}/private/kibana/app/kibana#.
Make sure that you’ve already logged into EclecticIQ Intelligence Center.
For example: https://ic-playground.eclecticiq.com/private/kibana/app/kibana#
Note
Kibana is usually provided with your IC installation.
Make sure that the kibana service is running and can connect to your Elasticsearch instance.
Index patterns#
To start using Kibana to work with IC data, you must set up one or more index patterns, which you can then use in Discover.
Kibana uses index patterns to allow you to search and filter records across multiple indices.
To create index patterns, see Elastic: Create an index pattern.
Common index patterns for working with intelligence on EclecticIQ Intelligence Center:
Index pattern |
Description |
|---|---|
|
Aggregates for audit log indices. |
|
Aggregates relation indices. |
|
Aggregates indices containing observables and their metadata. |
|
Aggregates indices containing entities and their metadata. |
Search for entities or observables#
Once you have your index patterns set up, you can search for entities and observables in Discover
See Search query syntax for more information on fields available when searching for and filtering entities and observables.