Elastic Agent integration Airlock Digital

[kalramani]

We would like to see an Elastic Agent integration Airlock Digital# support case - #01360297.Internal enhancement request (ref. #18580

From our research, this will require Elastic Agent to Airlock Digital as this uses JSON over HTTPS, which can be collected by Splunk's HEC and elastics HTTP input (https://www.elastic.co/guide/en/logstash/current/plugins-inputs-http.html).
You can then follow the 'HEC' setup process as documented here:

Reference links:
https://www.airlock.com/en/secure-access-hub/feature/reporting-and-siem-integration

Can someone please advise,

[JoshSchwarz]

@kalramani Can you clarify, do you mean Airlock Digital (https://www.airlockdigital.com/) or Airlock Secure Access Hub (https://www.airlock.com/)

If you are talking about Airlock Digital, you can send logs to Elastic in a range of formats as follows:

1. Log into the Airlock interface;
2. Click the Settings tab;
3. In the Log Receiver drop-down, select one of the logging options and click Receiver Settings
4. Complete the required information (IP, Port, etc.)
5. Click Save
6. Select 'Enable External Logging
7. Click 'Configure Events and enable the event types you wish to log to Splunk
8. Click Save

[kalramani]

Airlock Secure Access Hub please.
Reference links:
https://www.airlock.com/en/secure-access-hub/feature/reporting-and-siem-integration