Comprehensive Guide to Installing Elasticsearch 8.12.0, Kibana, and Elastic AI Assistant on Windows (1° Part)

Introduction: This document provides a detailed guide on installing Elasticsearch version 8.12.0, Kibana, and exploring the installation steps for the Elastic AI Assistant on Windows.

New Features in Elastic Security 8.12.0:

1. Elastic AI Assistant:

With the 8.12.0 release, Elastic introduces the AI Assistant, providing real-time, personalized alert insights through natural language interactions. Security analysts can now ask complex questions and receive context-aware responses, improving the alert triage process and enabling more efficient security operations.

2. Unified Cloud Security Posture Management:

8.12.0 significantly simplifies cloud security management by seamlessly integrating Cloud Security Posture Management (CSPM) with major cloud service providers: AWS, Google Cloud, and Microsoft Azure.

3. Orchestrate Response Across Endpoint Vendors:

An innovative bidirectional integration with SentinelOne allows security analysts to seamlessly interact with the capabilities of a leading Endpoint Detection and Response (EDR) provider. This bidirectional response capability centralizes and consolidates security operations, enhancing security posture for mutual customers.

This guide aims to demonstrate the installation of the latest Elastic version on the Windows platform, along with detailed instructions on configuring and experiencing the AI Assistant.

Detailed Installation Guide for Elasticsearch 8.12.0:

Step 1: Downloading and Extracting Elasticsearch 8.12.0

• Download Elasticsearch Zip File:
• Visit the official Elastic website Download Elasticsearch | Elastic and download the Elasticsearch zip file for Windows.

Extraction and Placement:

• Extract the contents of the zip file to a directory of your choice (e.g., C:\elasticsearch-8.12.0).

Running from the Command Line (Not Recommended):

• Open a command prompt in the Elasticsearch folder and run Elasticsearch using the command .bin\elasticsearch.bat. However, this mode is not recommended for stable usage.

Step 2: Running Elasticsearch as a Windows Background Service

Service Installation:

• Open a command prompt in the Elasticsearch folder and run the command .bin\elasticsearch-service.bat install to install the Windows service.

Starting and Stopping the Service:

• Use the commands .bin\elasticsearch-service.bat start and .bin\elasticsearch-service.bat stop to start and stop the service, respectively.

Service Uninstallation:

• To uninstall the service, use the command .bin\elasticsearch-service.bat remove.

Step 3: Resetting the ‘elastic’ User Password

Password Reset:

• Open a command prompt in the Elasticsearch folder and run .bin\elasticsearch-reset-password.bat -i -u elastic to reset the password of the 'elastic' user.

Step 4: Checking if Elasticsearch is Running

Accessing from a Browser:

• Open a web browser and visit the URL https://localhost:9200.

‘elastic’ User Credentials:

• Enter the credentials of the ‘elastic’ user.

Checking Database Details:

• If the Elasticsearch database details are displayed, it indicates that the database is running with the desired ‘elastic’ user credentials.

Changing the Data Storage Folder:

Default Data Folder:

• By default, Elasticsearch data is stored in the ‘data’ folder within the Elasticsearch directory.

Modification with elasticsearch.yml:

• Open the elasticsearch.yml file in the configuration folder and search for path.data. Set it to a single data folder or multiple data folder paths (e.g., path.data: "C:\elasticsearch-8.12.0\data").

Disabling HTTPS (Optional):

Modification with elasticsearch.yml:

• Open the elasticsearch.yml file in the configuration folder. In the xpack.security.http.ssl section, set enabled: false to disable HTTPS.

Detailed Installation Guide for Kibana:

Step 1: Downloading Kibana

Download Kibana Zip File:

• Download the Kibana zip file from Download Kibana Free | Get Started Now | Elastic

Step 2: Creating a Password for the ‘kibana_system’ User in Elasticsearch

Password Reset:

• In the Elasticsearch bin folder, run the command elasticsearch-reset-password -i -u kibana_system to reset the password for the "kibana_system" Elasticsearch user.

Step 3: Configuring Kibana

Extracting the Kibana Zip File:

• Extract the contents of the Kibana zip file to a directory of your choice (e.g., C:\Kibana-8.12.0).

Configuration of the kibana.yml File:

In the config folder, open the kibana.yml file and perform the following configurations:

• Set the username and password of the ‘kibana_system’ user in the elasticsearch.username and elasticsearch.password fields.
• Set the Elasticsearch URL in the elasticsearch.hosts field.
• Keep elasticsearch.ssl.verificationMode as none to skip Elasticsearch SSL verification.
• Set an encryption key
  Rif. Secure saved objects | Kibana Guide [8.12] | Elastic

xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key"
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://localhost:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "kibana_system"
elasticsearch.password: "adminadmin"

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none

Step 4: Running Kibana from the Command Line

Starting from the Command Line:

• After configuring Elasticsearch connectivity, open a command prompt in the Kibana bin folder and run the command kibana.bat.

Verification in the Browser:

• Check if Kibana is working by opening a browser and visiting http://localhost:5601.

Final Automation Script Explanation:

@echo off

:: Navigate to the Elasticsearch bin directory
cd /d C:\elasticsearch-8.12.0\bin
:: Start Elasticsearch
start elasticsearch.bat

:: Wait for 1 minute (60 seconds)
timeout /t 60 /nobreak

:: Navigate to the Kibana bin directory
cd /d C:\kibana-8.12.0\bin
:: Start Kibana
start kibana.bat

:: Wait for an additional 2 minutes (120 seconds)
timeout /t 120 /nobreak

:: Open Chrome with the specified link
start chrome http://localhost:5601/login

Automation Script Explanation:

This script automates the startup process of Elasticsearch and Kibana, ensuring a streamlined and efficient way to launch both services. It navigates to the respective bin directories, starts Elasticsearch and Kibana, introduces delays to allow for proper initialization, and opens Google Chrome with the specified link to access Kibana.

Link to 2° part:
Comprehensive Guide to Installing Elasticsearch 8.12.0, Kibana, and Elastic AI Assistant on Windows (2° Part) | by Giacomo Martino | Jan, 2024 | Medium