Cloud

Connect Elastic

Reads Elastic cluster health plus aggregate alerting and Elastic Security detection summaries where available, without storing raw logs or event bodies.

What you'll need

An Elastic base URL and either an API key or username/password with read-only cluster monitor and alert/security summary permissions.

Credential

Read-only API key or basic auth

Requested scopes

cluster monitor, alerting read, security detections read

Powers

Cloud Health, Security Readiness

What it pulls

Cluster health, one bounded alert-rule page, and size-zero detection aggregations by severity when Elastic Security is available.

What you’ll enter

The exact fields the connect form asks for — and where to find each value.

Elastic base URL
Your Elasticsearch or Kibana-compatible base URL. The connector validates cluster health and uses aggregate alert/detection reads when available.
API keyoptional
Preferred auth method. Use a read-only key for cluster monitor, alerting, and detection summaries.
Usernameoptional
Optional fallback if you do not use an API key.
Passwordoptional
Optional fallback paired with Username.

Step-by-step setup

  1. 1

    Enter the base URL

    Use the Elasticsearch/Kibana-compatible root URL that exposes cluster health and optional alert APIs.

  2. 2

    Provide read auth

    Use a read-only API key, or basic auth with read permissions for cluster monitor and alert/detection summaries.

  3. 3

    Connect

    Click Connect. We validate cluster health, then read only aggregate health, alert, and detection-summary data.

Create an Elastic API key → Connect in the app

Read-only adapter implemented with mocked-fetch coverage; detection endpoints are optional and omitted when unavailable.