Cannot get this plugin to connect. I used the elasticsearch URL + creds , ( verified this works if browsed to it ) and it just errors out on test
py3.6.egg/komand_elasticsearch/actions/cluster_health/action.py", line 28, in test
r = helpers.test_auth(self.logger, host, username, password)
File "/usr/local/lib/python3.6/site-packages/elasticsearch_rapid7_plugin-2.0.5-py3.6.egg/komand_elasticsearch/util/helpers.py", line 27, in test_auth
raise Exception("Call failed: unknown error")
Exception: Call failed: unknown error
Hey @Brian_rapid7, sorry about the error you’re encountering. We definitely need to improve the error handling on this integration as what it’s returning is not useful at all. We’ll take a look at that. In the meantime, I have a few questions:
Are you providing a full URL in the connection input with https:// or http:// and port, if not using the defaults for https (443) or http (80) e.g. https://example.com:1234?
Is that URL accessible from the orchestrator? Can you curl it with a successul response if logged into the orchestrator?
What authentication type is configured on your ES system?
Thanks @Brian_rapid7, we have a ticket created and assigned to engineering. I will update you when we release a fix.
Outside of this defect, is there additional functionality that you would like to see in the ElasticSearch plugin? Were there actions or features that you used in your previous SOAR solution’s Elastic plugin?
@Brian_rapid7 What version of ElasticSearch are you testing against? Also, are there any specific modules installed (e.g. around authentication) that may affect operation?
We have tested internally with 7.13.2 and it’s succeeding.
@Brian_rapid7 We don’t, we’re spinning up a lab with that configuration and will test the plugin against and update as necessary. I’ll follow back up with additional questions or findings and when we release a new version (we have a PR up with some improvements already).
Hey @Brian_rapid7, we made a large update to the ElasticSearch plugin which includes better error handling, SSL/TLS verification, testing against 7.8 with X-Pack module for HTTPS, and updated documentation among other things. Let me know if this resolves your issue and if you have any feedback we’re all ears.