BlogSupportDocumentation
TigerTrust
Back to Integrations
Monitoring
Available

ELK Stack Integration

TigerTrust integrates with the ELK Stack (Elasticsearch, Logstash, Kibana) for comprehensive certificate log management, analysis, and visualization.

Key Features

Logstash Integration
Kibana Dashboards
Elasticsearch Search
Alerts
Index Templates
ILM Policies
Machine Learning

Benefits

Centralized certificate audit logging
Powerful search and analysis capabilities
Pre-built Kibana visualizations
Machine learning anomaly detection
Long-term log retention with ILM

Common Use Cases

Auditing certificate lifecycle events

Investigating certificate-related incidents

Compliance reporting with search capabilities

Detecting anomalous certificate patterns

ELK Stack Integration with TigerTrust

TigerTrust integrates with the Elastic Stack for comprehensive certificate log management and analysis.

Logstash Configuration

Configure Logstash to receive TigerTrust events:

input {
  http {
    port => 8080
    codec => json
    tags => ["tigertrust"]
  }
}

filter {
  if "tigertrust" in [tags] {
    date {
      match => ["timestamp", "ISO8601"]
    }

    mutate {
      add_field => {
        "[@metadata][index]" => "tigertrust-certificates"
      }
    }
  }
}

output {
  if "tigertrust" in [tags] {
    elasticsearch {
      hosts => ["elasticsearch:9200"]
      index => "%{[@metadata][index]}-%{+YYYY.MM}"
    }
  }
}

Index Template

Create an optimized index template:

{
  "index_patterns": ["tigertrust-*"],
  "template": {
    "settings": {
      "number_of_shards": 2,
      "number_of_replicas": 1
    },
    "mappings": {
      "properties": {
        "timestamp": {"type": "date"},
        "event_type": {"type": "keyword"},
        "certificate": {
          "properties": {
            "common_name": {"type": "keyword"},
            "issuer": {"type": "keyword"},
            "serial_number": {"type": "keyword"},
            "expiry_date": {"type": "date"},
            "days_until_expiry": {"type": "integer"}
          }
        },
        "environment": {"type": "keyword"},
        "user": {"type": "keyword"},
        "action": {"type": "keyword"},
        "result": {"type": "keyword"}
      }
    }
  }
}

Kibana Dashboards

Import pre-built Kibana dashboards:

  • Certificate Overview: Inventory, status distribution, expiration timeline
  • Audit Trail: All certificate operations with filters
  • Compliance Report: Policy violations, non-compliant certificates
  • Trend Analysis: Certificate counts, renewal rates over time

Kibana Queries

Search certificate data with KQL:

# Find expiring production certificates
certificate.environment: "production" AND certificate.days_until_expiry < 30

# Search for specific issuer
certificate.issuer: "DigiCert*"

# Find failed renewals
event_type: "renewal" AND result: "failure"

# Audit trail for specific certificate
certificate.common_name: "api.example.com"

Index Lifecycle Management

Configure ILM for certificate logs:

{
  "policy": {
    "phases": {
      "hot": {
        "actions": {
          "rollover": {
            "max_size": "50GB",
            "max_age": "30d"
          }
        }
      },
      "warm": {
        "min_age": "30d",
        "actions": {
          "shrink": {"number_of_shards": 1},
          "forcemerge": {"max_num_segments": 1}
        }
      },
      "cold": {
        "min_age": "90d",
        "actions": {
          "freeze": {}
        }
      },
      "delete": {
        "min_age": "365d",
        "actions": {
          "delete": {}
        }
      }
    }
  }
}

Watcher Alerts

Set up alerting for certificate events:

{
  "trigger": {
    "schedule": {"interval": "1h"}
  },
  "input": {
    "search": {
      "request": {
        "indices": ["tigertrust-*"],
        "body": {
          "query": {
            "bool": {
              "filter": [
                {"term": {"event_type": "expiration_warning"}},
                {"range": {"timestamp": {"gte": "now-1h"}}}
              ]
            }
          }
        }
      }
    }
  },
  "condition": {
    "compare": {"ctx.payload.hits.total.value": {"gt": 0}}
  },
  "actions": {
    "email_admin": {
      "email": {
        "to": "[email protected]",
        "subject": "Certificate Expiration Warning",
        "body": "{{ctx.payload.hits.total.value}} certificates expiring soon"
      }
    }
  }
}

Achieve comprehensive certificate analytics with ELK Stack and TigerTrust.

Getting Started

1

Configure Logstash to receive TigerTrust events

2

Set up Elasticsearch index templates

3

Import Kibana dashboards and visualizations

4

Configure Index Lifecycle Management

5

Set up Watcher alerts for critical events

Related Integrations

Datadog

Send certificate metrics, expiration alerts, and audit events to Datadog for comprehensive monitoring.

Splunk

Forward certificate lifecycle events and audit logs to Splunk for security analytics and compliance reporting.

New Relic

Monitor certificate health and performance metrics in New Relic with real-time alerting.

Ready to Integrate ELK Stack?

Get started with TigerTrust and automate your certificate lifecycle management today.