Persona logoPersona Help Center
ArticlesCommunityAcademyDeveloper DocsSystem Status
Menu icon

Articles

Getting started
Solutions
Inquiries
Verifications
Accounts
Transactions
Reports
Cases
Workflows
Graph
Marketplace and 3rd-Party Integrations
AI
ATS
Authentication
Communication
CRM
Crypto
Data Enrichment
HRIS
Productivity
Ticketing
Workforce
Using Workforce integrations
Ashby
Cisco Duo
Elastic
Fountain
Greenhouse
Intercom
Microsoft Entra
Okta
OneLogin
PeopleHR
Recruitee
ServiceNow
Workday
Yardstik
Zendesk
Zoom
Other Platform Products
Admin
For end users

Get help now

Submit a request
Marketplace and 3rd-Party Integrations
Workforce
Elastic

Elastic integration overview

Overview

Elastic is a search, observability, and security platform used to ingest, analyze, and act on large volumes of operational and business data across cloud and on-premises environments.

Persona’s Elastic integration lets teams create cases in Kibana through Persona Workflows, so you can route key events into Elastic without leaving Persona.

Benefits

Centralized Investigation Tracking: Create Kibana cases with consistent titles, descriptions, tags, and ownership so investigations are easier to organize and find.

Flexible Routing: Choose which Kibana app “owns” each case—Stack Management, Observability, or Elastic Security—based on the team that will manage the work.

Configurable Case Context: Set severity, category, and (optionally) assignees to match how your team triages and prioritizes cases in Elastic.

Integration Features

Persona’s Elastic integration enables case creation in Kibana. Key capabilities include:

  • Create Cases: Create a new Kibana case with a title, description, tags, and optional metadata like severity and category.
  • Set Case Ownership: Route cases to Stack Management, Observability, or Elastic Security by selecting the case owner.
  • Assign Case Owners: Add up to 10 assignees to a case to clarify responsibility from the moment it’s created.
  • Configure Connectors: Create a case with a selected connector type (including the option to create a case with no connector).
  • Control Alert Syncing: Turn alert syncing on or off via case settings.

Setting up the Elastic integration

Prerequisites

To set up the Elastic integration, ensure you have:

  • Admin access to your Elastic account
  • Necessary API permissions to access Elastic credentials

Setting up the Elastic Credentials

  1. In the Persona Dashboard, go to Integrations > Marketplace and select Elastic.
  2. Click Add Credential.
  3. Enter a credential nickname and click Continue.
  4. Enter your Elastic Cloud deployment details (deployment ID, region, and cloud provider). These values determine the Kibana URL Persona connects to.
  5. Provide the Elastic username and password you want Persona to use when calling Kibana. Make sure this user has the required Kibana privileges for the Cases feature for the owner area you plan to create cases in.

Using the Elastic integration in a workflow

  1. Create a new workflow, or open an existing workflow you’d like to update.
  2. Add a new action step > Integrations.
  3. Select the Elastic integration and choose the Elastic credential you created.
  4. Select the Elastic action you want to run and configure the input fields.
  5. Save/publish the workflow.

Elastic Operations Overview

In addition to syncing field values, Persona can create cases, set ownership, and configure alert syncing using Elastic’s API. These actions support seamless two-way workflows, letting teams manage investigations without switching platforms. See below for a comprehensive list of available Workflow Action steps and possible configurations for the Elastic integration:

Create Case Workflow Action Step

Creates a new case in Kibana so teams can track and manage investigations in Elastic. When the case is created, Elastic returns details like the case ID, version, status, severity, connector, and timestamps, which you can use in downstream workflow steps if needed.

Configuration Steps:

  • Provide values for required fields:
    • XSRF Token header (must be set to any non-empty string value)
    • Title
    • Description
    • Tags (can be an empty array)
    • Owner (Stack Management, Observability, or Elastic Security)
    • Connector (including the option to create a case with no connector)
    • Settings: Sync Alerts (turn alert syncing on or off)
  • Optionally add:
    • Severity (low, medium, high, or critical)
    • Category
    • Assignees (up to 10 users, each identified by a user ID)

FAQs

What permissions are required in Elastic (Kibana)?

The Elastic user you connect should have all privileges for the Cases feature in Kibana, under the appropriate area (Management, Observability, or Security) based on the case owner you’re creating.

Do I need to use a connector to create a case?

No. Elastic supports creating a case without a connector (for example, if you only want the case recorded in Kibana without pushing to an external system).

How many assignees can I add to a case?

You can include up to 10 assignees when creating a case.

Are tags required?

Yes—tags are a required field, but Elastic allows the value to be an empty array if you don’t want to apply tags.