Skip to content

Theeye Integrations

TheEye official Dashboard compatible with Kibana 6.7.2

Steps of activation of the integration

  • Go to Settings, then Integrations, activate Kibana and Elasticsearch.
  • In both cases you must configure the URL of the services.
  • Check that Elasticsearch is receiving information.
  • Then import (kibanaTheEyeDefaultDashboard.json) to display the official dashboard kibanaTheEye.

json Kibana

Elastic Search Kibana (ELK stack)

TheEye logs

Events and actions performed by users and resources are constantly being saved and in some cases also notified. The records are saved in ElasticSearch by the Supervisor for further analysis through Kibana (Web UI).

Data sent to ELK by Event

Every event that is logged in ELK can be identified by common fields as: - Date and time - Hostname - Organization (Customer) - Operation (e.g. CRUD) - Index (event type description)

Data is consistenly organized in different indexes (tasks, monitors, hosts, file and agent).

Events that are actually stored

CRUD Events

Every time a CRUD action is performed (POST, PUT, DELETE) a record is saved as described herunder:

The signature matches to API-crud, where API is the endpoint name that has the notification (data injection) implemented. For example, you'll find a monitor action in ELK data as a monitor-crud topic.

Non-CRUD Events

This events can be identified as follows:

  • agent-version: every time the agent version is updated.
  • host-stats: every time host-status is updated**
  • monitor-execution: every time the agent sends an update for a monitor execution **
  • monitor-state: every time a monitor status changes (failure, recovery, stop, change-file) **
  • triggered-webhook: every time a webhook is played **
  • task-execution: every time a task is played
  • task-result: every time a task excution ends

Topics configuration:



Every CRUD event previously described is also notified as prefered by the user.