In this complete guide to Elastic out of the box content we show you the different ways to consume Elastic Stack content like Kibana dashboards, Machine learning configurations, alerting rules and much more. Elastic offers a lot of content for many different technologies like Kubernetes, Palo Alto, Apache, Nginx. To get this assets into your Elasticsearch cluster you can follow different ways depending on your architecture and deployment model.

Elastic Agent integrations

The Elastic Agent integrations are the recommended way to add content to your ELK cluster. They are well integrated within Kibana, can get activated with just a few clicks and configure everything you need to start.

You can find an overview about these integration on https://docs.elastic.co/en/integrations.

In November 2021 the list of Elastic Agent integrations looks like this:

  • Apache
  • Elastic APM
  • Auditd
  • AWS
  • AWS Billing
  • AWS Cloudtrail
  • AWS CloudWatch
  • AWS DynamoDB
  • AWS EBS
  • AWS EC2
  • AWS ELB
  • AWS Lambda
  • AWS NATGateway
  • AWS RDS
  • AWS S3
  • AWS SNS
  • AWS SQS
  • AWS Transit Gateway
  • AWS Usage
  • AWS VPC Flow
  • AWS VPN
  • Azure Logs
  • Azure activity logs
  • Azure Active Directory logs
  • Azure platform logs
  • Azure Spring Cloud logs
  • Azure resource metrics
  • Azure Application Insights metrics
  • Azure Application State Insights metrics
  • Azure Application Insights Metrics Overview
  • Azure Virtual Machines metrics
  • Azure Virtual Machines Scaleset metrics
  • Azure Container Instance metrics
  • Azure Container Registry metrics
  • Azure Container Service metrics
  • Azure Database Account metrics
  • Azure Monitor metrics
  • Azure Storage Account metrics
  • Barracuda
  • Blue Coat Director

  • VMware Carbon Black EDR
  • CEF
  • Check Point
  • Cisco
  • Cloudflare
  • CrowdStrike
  • Cyber-Ark – Deprecated
  • CyberArk Privileged Access Security
  • CylanceProtect
  • Container-logs

Docker

  • Elastic Agent
  • Endpoint Security
  • F5
  • Fleet Server
  • Fortinet
  • Google Cloud Platform (GCP)
  • Google Workspace
  • HAProxy
  • Hashicorp Vault
  • IIS
  • Imperva SecureSphere
  • Infoblox NIOS
  • Iptables

Juniper

  • Kafka
  • Kubernetes
  • Kubernetes Events
  • kube-apiserver
  • kube-controller-manager
  • kube-proxy
  • kube-scheduler
  • kube-state-metrics
  • Kubelet

Linux

Logs, custom aka from any application that produces logs

  • Microsoft
  • MongoDB
  • MySQL
  • NATS
  • NetFlow
  • Arbor Peakflow SP
  • Network Traffic
  • Nginx
  • Nginx Ingress Controller
  • Office 365
  • Okta
  • Osquery Log Collection
  • Osquery Manager
  • Palo Alto Networks
  • Palo Alto Cortex XDR
  • PostgreSQL
  • Prometheus
  • Proofpoint Email Security
  • RabbitMQ
  • Radware DefensePro
  • Redis
  • Google Santa
  • Prebuilt Security Detection Rules
  • Sonicwall-FW
  • Sophos
  • Squid
  • STAN
  • Suricata
  • Symantec AntiVirus/Endpoint Protection
  • Elastic Synthetics
  • System
  • Apache Tomcat
  • Traefik
  • Windows
  • Custom Windows event logs
  • Zeek
  • ZeroFox
  • ZooKeeper
  • Zoom
  • Zscaler NSS

Beat Modules

Beat modules were built over the last couple of years to distribute out of the box content from Elastic to the users. However to setup the modules you had to install everything or nothing in Kibana. Which makes it usually very uncomfortable starting with them Thatswhy the Elastic Agent got introduced to make it easier for users.

On the other hand there are still beat modules that including nice dashboards for many products where no Elastic Agent integration is available at the moment. The Elastic Agent integrations are built on top of the beats modules. So only look here if you not find the integration you are looking for in the Elastic Agent section.

Here you can find an overview about all the Beat modules that exist: https://www.elastic.co/de/integrations

The November 2021 version beat modules list looks like this:

Abuse.ch Malware & URL Threat Intel
ActiveMQ
Aerospike
AlienVault Open Threat Exchange (OTX)
Amazon CloudWatch
Amazon DynamoDB
Amazon EBS
Amazon EC2
Amazon RDS
Amazon SNS
Amazon SQS
Amazon VPC
Amazon VPC NAT Gateway
AMQP
Anomali ThreatStream
Apache Thrift
Apache Tomcat
auditd
AWS Billing
AWS CloudTrail
AWS Elastic Load Balancing
AWS Lambda
AWS Transit Gateway
AWS Usage
AWS VPN
Azure Activity Logs
Azure Application Insights
Azure Audit Logs
Azure Billing
Azure Container Instance
Azure Container Registry
Azure Container Service
Azure Database Account
Azure Event Hub
Azure Monitor
Azure Sign-In Logs
Azure Storage
Azure VM
Azure VM Scale Sets
Barracuda
Barracuda Spam Firewall
Beats
Blue Coat Director
Cassandra
Check Point
Cisco Advanced Malware Protection (AMP)
Cisco ASA
Cisco Firepower Threat Defense
Cisco IOS
Cisco Meraki
Cisco Nexus
Cisco Umbrella
Cloud Foundry
CockroachDB
collectd
Common Event Format (CEF)
Confluence Cloud
Confluence Server
Couchbase
CrowdStrike Falcon
Custom API sources
Cyberark Privileged Access Security
Cylance
DHCP
DNS
Dropbox
Dropbox Paper
Dropwizard
Elastic Agent
Elastic APM Server
Elastic App Search
Elasticsearch
Email
Endpoint Security
F5 BIG-IP Access Policy Manager
F5 BIG-IP Advanced Firewall Manager
File Integrity
Fleet Server
Fluentd
Forcepoint
Fortinet
Fortinet Forticlient Endpoint Protection
Fortinet FortiMail
Fortinet FortiManager
GitHub
Gmail
Go Expvar
Google Cloud
Google Cloud Anthos
Google Cloud Audit
Google Cloud Billing
Google Cloud Compute
Google Cloud Firewall
Google Cloud Functions
Google Cloud Load Balancing
Google Cloud Pub/Sub
Google Cloud Stackdriver
Google Cloud Storage
Google Cloud VPC
Google Drive
Google Santa
Google Workspace
Graphite
Hadoop
HTTP Check
IBM Resilient
Icinga
ICMP
ICMP Check
Imperva Secure Sphere
Infoblox
iptables
Istio
Jaeger
JavaScript
Jira Cloud
Jira Server
JMS
JMX Jolokia
journald
Juniper Junos OS
Juniper Netscreen
Juniper SRX Series
Kubernetes
Kubernetes API Server
Kubernetes Controller Manager
Kubernetes Events
Kubernetes Metrics Service
Kubernetes Proxy
Kubernetes Scheduler
Linux
Linux Audit Framework
Linux systemd journals
Log files (Generic)
Logstash
Malware Information Sharing Platform (MISP)
Memcached
Microsoft 365 (Office 365)
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft DHCP Server
Microsoft IIS
Microsoft OneDrive
Microsoft SQL Server
Microsoft Teams
MQTT
Munin
NATS Streaming
NetFlow
Netscout Arbor Sightline
Network File System
Okta
OpenMetrics
OpenTelemetry
OpenTracing
Osquery
Osquery Manager
Palo Alto Networks
Pensando
PHP FPM
PostgreSQL
PowerShell
Prebuilt Security Detection Rules
Prometheus
Proofpoint Email Security
RabbitMQ
Radware DefensePro
Recorded Future
Redis Enterprise
Salesforce
Salesforce Sandboxes
ServiceNow SIR
SharePoint Online
SIP
SNMP
Snort
Snyk
Sonicwall Firewalls
Sophos UTM
Sophos XG Firewall
Squid Proxy Server
StatsD
Suricata
Swimlane SOAR
syslog
Sysmon
System Audit
TCP
TCP Check
ThreatQuotient Threat Intel Platform
TLS
Twitter
UDP
VMware vSphere
Web Crawler
Webhook
X.509 SSL/TLS Certificate Check
Zeek (Bro)
Zendesk
ZooKeeper
Zoom
ZScaler

Integrated in Kibana

The last option to get content into your cluster that has been built by Elastic you can Kibana itself. You can load templates in Canvas, load the pre built detection engine rules in the Security alerts section. You can also add sample data and load the stack monitoring alerts.

All of that is available within Kibana so that you can access it at anytime.

content share admin

About the author: Creator of the Elastic Content Share.

Leave a Reply

Your email address will not be published.