# Elasticsearch {% hint style="info" %} Elasticsearch is an SIEM integration. SIEM integrations are used to perform analysis of any SIEM generated alerts, and/or to use generated data as part of investigation analysis. {% endhint %} The Dropzone platform integrates with the [Elasticsearch](https://www.elastic.co/elasticsearch) security SIEM. Many customers ingest other alert sources into Elasticsearch (e.g. IDPs) and integrate Dropzone into Elasticsearch rather than the source systems. ## Create an API Key and Obtain a Cloud ID Elasticsearch requires an API Key and an Elasticsearch Cloud ID to enable. {% hint style="info" %} If you are using the Elasticsearch Serverless Projects-Based Model or an On-premise Elasticsearch using the Dropzone connector, you will not need to provide a Cloud ID. {% endhint %} To obtain an API Key, do the following: * Navigate to your [Elastic Cloud home page](https://cloud.elastic.co/home) or deployment * Under the Hosted Deployments section, locate the deployment you wish Dropzone.AI to be able to access * Click "Open"

Click Manage

* In the Deployment overview page, click "Management" in the bottom left corner * Click the icon next to Stack Management * Navigate to API keys

Navigate to API keys

* Click "Create an API key"

Click "Create an API key"

* Name the API key something memorable, such as Dropzone.AI * Under type, select User API key * Click "Create API Key"

Create an API key>

* Copy the API key generated for use later in the Dropzone UI, where it is called "API Key"

Copy the key

To obtain your Elasticsearch Cloud ID, do the following: * Navigate to your [Elastic Cloud home page](https://cloud.elastic.co/home) * Under the Hosted Deployments section, locate the deployment you wish Dropzone.AI to be able to access * Click "Open"

Click Open

* In the upper right of the Overview page, click "Endpoint & API Keys"

Click Endpoint & API Keys

* Check "Show Cloud ID" * Copy the value shown for use later in the Dropzone UI, where it is called "Elasticsearch Cloud ID"

Copy the Elasticsearch Cloud ID

## Enable Elasticsearch To enable the Data Source integration, you will need the following information: | Dropzone Field | Source | | ---------------------- | --------------------------------------------------------------------------------------------------- | | Elasticsearch Cloud ID | The cloud ID value copied earlier. Only necessary if you have an Elastic Cloud Hosted deployment | | Elasticsearch Server | The server for your Elasticsearch project, e.g. | | API Token | The API token value generated earlier | To enable the Data Source integration, do the following: * Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app * In the bottom left hand corner, navigate to Settings > Integrations

Integrations Dropdown

* Click "Available"

Click Available

* In the Search bar, search Elasticsearch, then click "Configure"

The Elasticsearch Tile

* Under the Data Source heading, if your Elasticsearch integration is behind an [On-premise Dropzone Connector](https://docs.dropzone.ai/platform/settings/connector), select your connector from the dropdown * If you have a Cloud deployment, check the box labeled "Connect with Elastic Cloud ID," then input the Elasticsearch Cloud ID and API Key

The Elasticsearch Data Configuration (pt 1)

* Otherwise, input the Elasticsearch Server, Port, and API Key

The Elasticsearch Data Configuration (pt 2)

* If you want Dropzone to only use [remote clusters](https://www.elastic.co/docs/deploy-manage/remote-clusters) when making queries, check the box labeled "Search Remote Indices" * Click "Test & Save" to finish

The Elasticsearch Data Configuration (pt 3)

If you have any errors engage your Dropzone AI support representative. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dropzone.ai/integrations/data/elasticsearch_data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.