Integration with Elastic

RST Cloud offers seamless integration of threat intelligence knowledge into Elastic solution. This integration enhances your security posture by leveraging threat intelligence reports and indicators of compromise directly within the Elastic platform.

Data from RST Cloud is automatically downloaded and converted into ECS format. Standard Elastic Agent configuration allows to ingest the converted data from a directory of choice into Elastic indexes. It is recommended to install the scripts on a Linux system.

Prerequisites

  • Network access to RST Cloud services API.
  • An active subscription to RST Report Hub for threat intelligence reports and RST Threat Feed for indicators of compromise and valid API key.
  • Elastic Stack deployed and configured.

Integration Steps

1. Download the RST Cloud integration package

Navigate to this link to download the RST Cloud Downloader scripts.

Extract the contents of the downloaded file. Follow the README*.TXT files instructions to configure the scripts and Elastic Agent integration.

2. Installation and Configuration

  • Install the python scripts on a system with access to your Elastic Stack.
  • Create directories to hold data for RST Threat Feed and RST Report Hub
  • Populate RST Cloud credentials into the conf files to authenticate and access threat intelligence data
  • Configure Elastic Agent to monitor the directories and ingest into Elasticsearch in ECS format.

3. Automated Data Retrieval

  • Set up the agent to run regularly using cron or any scheduling mechanism of your choice.
  • The scripts will automatically retrieve updates of indicators of compromise and threat intelligence reports from RST Cloud.

4. Loading Data into Elastic

  • The data is loaded into Elastic in ESC Threat Data format for seamless integration.
  • Ensure that you update the mapping accordingly to your use cases.

For the fields mapping refer to the Elastic documentation.

By integrating RST Cloud threat intelligence into your Elastic environment, you empower your security operations with up-to-date insights and proactive threat detection capabilities. Stay ahead of emerging threats and bolster your defences with actionable intelligence from RST Cloud.