Search with Kibana#
As an alternative, you can search Elasticsearch indices directly using Kibana.
Access Kibana#
Access Kibana by going to https://${platform_host}/private/kibana/app/kibana#.
Make sure that you’ve already logged into EclecticIQ Intelligence Center.
For example: https://ic-playground.eclecticiq.com/private/kibana/app/kibana#
Note
Kibana is usually provided with your EclecticIQ Intelligence Center installation.
Make sure that the kibana service is running and can connect to your Elasticsearch instance.
Index patterns#
To start using Kibana to work with EclecticIQ Intelligence Center data, you must set up one or more index patterns, which you can then use in Discover.
Kibana uses index patterns to allow you to search and filter records across multiple indices.
To create index patterns, see Elastic: Create an index pattern.
Common index patterns for working with intelligence on EclecticIQ Intelligence Center:
Index pattern |
Description |
|---|---|
|
Aggregates for audit log indices. |
|
Aggregates relation indices. |
|
Aggregates indices containing observables and their metadata. |
|
Aggregates indices containing entities and their metadata. |
Search for entities or observables#
Once you have your index patterns set up, you can search for entities and observables in Discover
See Search query syntax for more information on fields available when searching for and filtering entities and observables.
Warning
Entities from Intelligence Center 3.2 and older
or from feeds that do not support TLP 2.0 mappings may have TLP:WHITE
assigned instead of TLP:CLEAR in Kibana.
You may need to include both WHITE and CLEAR to ensure you find the
entities that are assigned either TLP color when searching with Kibana.