Comprehensive Guide to Installing Elasticsearch 8.12.0, Kibana, and Elastic AI Assistant on Windows (1° Part)
Introduction: This document provides a detailed guide on installing Elasticsearch version 8.12.0, Kibana, and exploring the installation steps for the Elastic AI Assistant on Windows.
New Features in Elastic Security 8.12.0:
1. Elastic AI Assistant:
With the 8.12.0 release, Elastic introduces the AI Assistant, providing real-time, personalized alert insights through natural language interactions. Security analysts can now ask complex questions and receive context-aware responses, improving the alert triage process and enabling more efficient security operations.
2. Unified Cloud Security Posture Management:
8.12.0 significantly simplifies cloud security management by seamlessly integrating Cloud Security Posture Management (CSPM) with major cloud service providers: AWS, Google Cloud, and Microsoft Azure.
3. Orchestrate Response Across Endpoint Vendors:
An innovative bidirectional integration with SentinelOne allows security analysts to seamlessly interact with the capabilities of a leading Endpoint Detection and Response (EDR) provider. This bidirectional response capability centralizes and consolidates security operations, enhancing security posture for mutual customers.
This guide aims to demonstrate the installation of the latest Elastic version on the Windows platform, along with detailed instructions on configuring and experiencing the AI Assistant.
Detailed Installation Guide for Elasticsearch 8.12.0:
Step 1: Downloading and Extracting Elasticsearch 8.12.0
- Download Elasticsearch Zip File:
- Visit the official Elastic website Download Elasticsearch | Elastic and download the Elasticsearch zip file for Windows.
Extraction and Placement:
- Extract the contents of the zip file to a directory of your choice (e.g., C:\elasticsearch-8.12.0).
Running from the Command Line (Not Recommended):
- Open a command prompt in the Elasticsearch folder and run Elasticsearch using the command
.bin\elasticsearch.bat
. However, this mode is not recommended for stable usage.
Step 2: Running Elasticsearch as a Windows Background Service
Service Installation:
- Open a command prompt in the Elasticsearch folder and run the command
.bin\elasticsearch-service.bat install
to install the Windows service.
Starting and Stopping the Service:
- Use the commands
.bin\elasticsearch-service.bat start
and.bin\elasticsearch-service.bat stop
to start and stop the service, respectively.
Service Uninstallation:
- To uninstall the service, use the command
.bin\elasticsearch-service.bat remove
.
Step 3: Resetting the ‘elastic’ User Password
Password Reset:
- Open a command prompt in the Elasticsearch folder and run
.bin\elasticsearch-reset-password.bat -i -u elastic
to reset the password of the 'elastic' user.
Step 4: Checking if Elasticsearch is Running
Accessing from a Browser:
- Open a web browser and visit the URL https://localhost:9200.
‘elastic’ User Credentials:
- Enter the credentials of the ‘elastic’ user.
Checking Database Details:
- If the Elasticsearch database details are displayed, it indicates that the database is running with the desired ‘elastic’ user credentials.
Changing the Data Storage Folder:
Default Data Folder:
- By default, Elasticsearch data is stored in the ‘data’ folder within the Elasticsearch directory.
Modification with elasticsearch.yml:
- Open the elasticsearch.yml file in the configuration folder and search for
path.data
. Set it to a single data folder or multiple data folder paths (e.g.,path.data: "C:\elasticsearch-8.12.0\data"
).
Disabling HTTPS (Optional):
Modification with elasticsearch.yml:
- Open the elasticsearch.yml file in the configuration folder. In the
xpack.security.http.ssl
section, setenabled: false
to disable HTTPS.
Detailed Installation Guide for Kibana:
Step 1: Downloading Kibana
Download Kibana Zip File:
- Download the Kibana zip file from Download Kibana Free | Get Started Now | Elastic
Step 2: Creating a Password for the ‘kibana_system’ User in Elasticsearch
Password Reset:
- In the Elasticsearch bin folder, run the command
elasticsearch-reset-password -i -u kibana_system
to reset the password for the "kibana_system" Elasticsearch user.
Step 3: Configuring Kibana
Extracting the Kibana Zip File:
- Extract the contents of the Kibana zip file to a directory of your choice (e.g., C:\Kibana-8.12.0).
Configuration of the kibana.yml File:
In the config folder, open the kibana.yml file and perform the following configurations:
- Set the username and password of the ‘kibana_system’ user in the
elasticsearch.username
andelasticsearch.password
fields. - Set the Elasticsearch URL in the
elasticsearch.hosts
field. - Keep
elasticsearch.ssl.verificationMode
asnone
to skip Elasticsearch SSL verification. - Set an encryption key
Rif. Secure saved objects | Kibana Guide [8.12] | Elastic
xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key"
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://localhost:9200"]
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "adminadmin"
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none
Step 4: Running Kibana from the Command Line
Starting from the Command Line:
- After configuring Elasticsearch connectivity, open a command prompt in the Kibana bin folder and run the command
kibana.bat
.
Verification in the Browser:
- Check if Kibana is working by opening a browser and visiting http://localhost:5601.
Final Automation Script Explanation:
@echo off
:: Navigate to the Elasticsearch bin directory
cd /d C:\elasticsearch-8.12.0\bin
:: Start Elasticsearch
start elasticsearch.bat
:: Wait for 1 minute (60 seconds)
timeout /t 60 /nobreak
:: Navigate to the Kibana bin directory
cd /d C:\kibana-8.12.0\bin
:: Start Kibana
start kibana.bat
:: Wait for an additional 2 minutes (120 seconds)
timeout /t 120 /nobreak
:: Open Chrome with the specified link
start chrome http://localhost:5601/login
Automation Script Explanation:
This script automates the startup process of Elasticsearch and Kibana, ensuring a streamlined and efficient way to launch both services. It navigates to the respective bin directories, starts Elasticsearch and Kibana, introduces delays to allow for proper initialization, and opens Google Chrome with the specified link to access Kibana.