Kibana connectors
These Kibana connectors are used to connect to external services for GenAI, alerting, and case management use cases.
To learn about connectors for syncing data to Elasticsearch for search use cases, refer to content connectors.
Connectors provide a central place to store connection information for services and integrations with Elastic or third-party systems.
If you're using connectors for alerting or case management, you can create rules and add actions that use connectors to send notifications when conditions are met.
Kibana provides connectors for LLM providers, Elastic Stack features, and third-party alerting and case management platforms.
Access to connectors is granted based on your privileges to alerting-enabled features. For more information, go to Security.
Kibana provides the following connectors, grouped by category.
Generative AI
- AI Connector: Connect to third-party LLM services including Amazon Bedrock, Azure, Google Gemini, OpenAI, and Elastic Inference Service.
- Amazon Bedrock: Send a request to Amazon Bedrock.
- Elastic Managed LLMs: Send a request to Elastic Managed LLMs.
- Google Gemini: Send a request to Google Gemini.
- OpenAI: Send a request to OpenAI.
External MCP Server
- MCP: Connect to MCP servers and call their tools.
Elastic Stack
- Cases: Add alerts to Cases.
- Index: Index data into Elasticsearch.
- Observability AI Assistant: Send alerts to the AI Assistant.
- ServerLog: Add a message to a Kibana log.
Alerting and case management
- XSOAR: Create an incident in Cortex XSOAR.
- CrowdStrike: Send a request to CrowdStrike.
- D3 Security: Send a request to D3 Security.
- Email: Send email from your server.
- IBM Resilient: Create an incident in IBM Resilient.
- Jira: Create an incident in Jira.
- Jira Service Management: Create or close an alert in Jira Service Management.
- Microsoft Defender for Endpoint: Send requests to Microsoft Defender-enrolled hosts.
- Microsoft Teams: Send a message to a Microsoft Teams channel.
- Opsgenie: Create or close an alert in Opsgenie.
- PagerDuty: Send an event in PagerDuty.
- SentinelOne: Send a request to SentinelOne.
- ServiceNow ITSM: Create an incident in ServiceNow.
- ServiceNow ITOM: Create an event in ServiceNow.
- ServiceNow SecOps: Create a security incident in ServiceNow.
- Slack: Send a message to a Slack channel or user.
- Swimlane: Create an incident in Swimlane.
- TheHive: Create cases and alerts in TheHive.
- Tines: Send events to a Tines Story.
- Torq: Trigger a Torq workflow.
- Webhook: Send a request to a web service.
- Webhook - Case Management: Send a request to a Case Management web service.
- xMatters: Send actionable alerts to on-call xMatters resources.
Data and context sources
Third-party search
- Amazon S3: List and download content from AWS S3 buckets.
- Brave Search: Search the web using the Brave Search API.
- Firecrawl: Scrape, search, map, and crawl the web using the Firecrawl API.
- Figma: Browse design files, inspect structure, render nodes as images, and explore team projects in Figma.
- Jina Reader: Convert web pages into markdown from their URL and search the web for better LLM grounding.
- Gmail: Search and read emails from Gmail.
- GitHub: Search code, issues, and pull requests, and access repository contents and metadata from GitHub.
- Google Calendar: Search and access events and calendars in Google Calendar.
- Google Drive: Search and access files and folders in Google Drive.
- Jira Cloud: Search issues with JQL, retrieve project and issue details, and look up users in Jira Cloud.
- Microsoft Teams: Search messages and browse teams, channels, and chats in Microsoft Teams.
- Notion: Explore content and databases in Notion.
- Salesforce: Query and retrieve data from your Salesforce org using SOQL and the REST API.
- ServiceNow: Search and retrieve records from ServiceNow.
- PagerDuty (MCP): Access incidents, escalation policies, schedules, on-calls, users, and teams in PagerDuty.
- Sharepoint online: Search across SharePoint sites, pages, and content using the Microsoft Graph API.
- Slack (v2): Search and send messages in Slack.
- Tavily: Search the web and extract content from web pages.
- Zoom: Access Zoom meetings, recordings, transcripts, and participants.
- Zendesk: Search and retrieve Zendesk tickets, users, organizations, and Help Center articles using the Zendesk API.
Identity management
- 1Password: Manage users in 1Password Enterprise Password Manager — list, get, suspend, and reactivate users.
Threat intelligence
- AbuseIPDB: Check IP reputation and report abusive IPs.
- AlienVault OTX: Retrieve community-driven threat intelligence.
- GreyNoise: Detect and classify Internet scanning noise.
- Shodan: Perform Internet-wide asset discovery and vulnerability scanning.
- URLVoid: Check domain and URL reputation using multi-engine scanning.
- VirusTotal: Perform file scanning, URL analysis, and threat intelligence lookups.
Some connector types are paid commercial features, while others are free. For a comparison of the Elastic subscription levels, go to the subscription page.
In Stack Management > Connectors, you can find a list of the connectors in the current space. You can use the search bar to find specific connectors by name and type. The Type dropdown also enables you to filter to a subset of connector types.
You can delete individual connectors using the trash icon. Alternatively, select multiple connectors and delete them in bulk using the Delete button.
You can delete a connector even if there are still actions referencing it. When this happens the action will fail to run and errors appear in the Kibana logs.
New connectors can be created with the Create connector button, which guides you to select the type of connector and configure its properties.
After you create a connector, it is available for use any time you set up an action in the current space.
For out-of-the-box and standardized connectors, refer to preconfigured connectors.
You can also manage connectors as resources with the Elasticstack provider for Terraform. For more details, refer to the elasticstack_kibana_action_connector resource.
Rules use connectors to route actions to different destinations like log files, ticketing systems, and messaging tools. While each Kibana app can offer their own types of rules, they typically share connectors. Stack Management > Connectors offers a central place to view and manage all the connectors in the current space.
If you are running Kibana on-prem, you can preconfigure a connector to have all the information it needs prior to startup by adding it to the kibana.yml file. Refer to preconfigured connectors for more information.
Use the action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.
To import and export connectors, use the Saved Objects Management UI.
If a connector is missing sensitive information after the import, a Fix button appears in Connectors.
The Task Manager health API helps you understand the performance of all tasks in your environment. However, if connectors fail to run, they will report as successful to Task Manager. The failure stats will not accurately depict the performance of connectors.
For more information on connector successes and failures, refer to the Event log index.