Integrating Zoho Vault with Elastic

Integrating Zoho Vault with Elastic

  1. Log in to your Elastic console.
  2. Navigate to Project Settings located in the bottom-left corner of the dashboard.
  3. Under Project Settings, go to Stack Management and select API keys.
  4. Enter a name for your API key and click Create API key.

Configuring Elastic details in Vault 

  1. Log in to your Zoho Vault account as a super admin.
  2. In the Settings menu, select SIEM Integration, then click Edit Configurations under Elastic.
  3. Enter the Collector Hostname and Port details provided by Elastic, then click Save Configuration.
  4. Select the list of audit trails to be sent to your SIEM service from Zoho Vault under Manage Syslog Configuration.
  5. For the Hostname, use your Elasticsearch hostname. You can also find it by navigating to Developer tools, selecting the POST method, and using Copy as curl—the hostname will be visible in the copied command.

Accessing Zoho Vault logs from Elastic

To view all Zoho Vault audit logs in Elastic:
  1. Log in to your Elastic account.
  2. Navigate to Discover and select Data View. Enter the event name that was used in Zoho Vault when setting up the Elastic configuration.