Setup Requirements

Data Collection Setup

External Network Access needs to be setup for the RESTful API Port. Depending on your deployment, this API maybe set for local access only. For Further information see:

Enabling External Network Access

In the /etc/elasticsearch/elasticsearch.yml set the to _site_ _site_

Network Requirements

Port: 9200 (TCP) Default Port
This is configurable for 9200-9300

Least Privilege User

By default Elasticsearch does not have Authentication supported. When using X-Pack use the elastic user security principle.

Supported Versions

Elasticsearch Versions: 5.x, 6.x, 7.x

Connection Parameters






The Elasticsearch Node to connect to.


The port for communication to Elasticsearch.


The username for authenticating to the Elasticsearch Node.


The password for the given user.

SSL Configuration

The SSL mode to use when connecting to the target. Can be configured to not use SSL (No SSL), use SSL but do not verify the target's certificate (No Verify), and use SSL and verify the target's certificate (Verify).

Connection Timeout

The timeout in seconds for an API call.