Connect Kibana to your AI agent
Kibana is a visualization and analytics platform for Elasticsearch, offering dashboards, data exploration, and monitoring capabilities for gaining insights from data
We set up the connection using your own Kibana account, with keys you control, and keep it running. Your agent picks it up and starts doing the work.
Actions
What your agent can do in Kibana
Each one is a real action the agent can take on its own, the same things a person clicking around Kibana could do. Read-only by default; write actions are confirmed against your policy.
- Delete Alerting Rule Tool to delete an alerting rule in Kibana. Use when you need to remove a specific alerting rule by its ID.
- Delete Connector Tool to delete a connector in Kibana. Use when you need to remove an existing connector.
- Delete Fleet Output Tool to delete a specific output configuration in Kibana Fleet. Use when you need to remove an existing output by its ID.
- Delete Fleet Proxy Deletes a Fleet proxy configuration by its unique identifier. Fleet proxies enable agents to communicate through proxy servers. Use this action to remove proxy configurations that are no longer needed. The proxy must no…
- Delete List Deletes a list. Use when you want to delete a list by its ID.
- Delete Osquery Saved Query Delete a saved Osquery query by its saved object ID. Use this to remove a specific Osquery saved query from Kibana. IMPORTANT: This action requires the 'saved_object_id' (UUID format), not the custom 'id' field. You can…
- Delete Saved Object Tool to delete a saved object in Kibana. Use when you need to remove a specific saved object like a visualization or dashboard.
- Find Kibana Alerts Tool to find and/or aggregate detection alerts in Kibana. Use this to retrieve a list of alerts, optionally filtering them with a query and performing aggregations.
- Get Action Types Retrieves all available connector types (actions) in Kibana. Connector types (also called action types) are integrations like Slack, Email, Webhook, ServiceNow, etc. that can be used with alerting rules, cases, and work…
- Get Alerting Rules Tool to retrieve a list of alerting rules in Kibana. Use when you need to get a paginated set of rules based on specified conditions.
- Get Rule Types Retrieves available rule types (alert types) in Kibana. Returns comprehensive metadata about each rule type including: - Available action groups and variables for action templates - License requirements and authorizatio…
- Get Cases Tool to retrieve a list of cases in Kibana. Use when you need to find or list existing security or operational cases, potentially filtering by various attributes like status, assignee, or severity.
- Get All Connectors Tool to retrieve a list of all connectors in Kibana. Use this tool when you need to get information about available connectors.
- Get Data Views Retrieves all data views (formerly known as index patterns) available in Kibana. Data views define which Elasticsearch indices you want to explore and are used throughout Kibana for features like Discover, Visualize, an…
- Find Detection Engine Rules Retrieves a paginated list of Kibana detection engine rules with flexible filtering and sorting options. Use this action to: - List all detection rules in your Kibana security solution - Search for specific rules using…
- Get Endpoint List Items Retrieves Elastic Endpoint exception list items with filtering, pagination, and sorting capabilities. Use this action to: - List all endpoint exceptions in the security solution - Filter exceptions by specific field val…
- Get Entity Store Engines Retrieves all entity store engines configured in Kibana. Entity store engines aggregate and manage entity data for different entity types (user, host, service). This action returns detailed configuration and status info…
- List Entity Store Entities Tool to list entity records in the entity store with support for paging, sorting, and filtering. Use when you need to retrieve a list of entities such as users, hosts, or services.
- Get Entity Store Status Retrieves the current status of the Kibana Entity Store and its configured engines. The Entity Store is a security feature that collects and organizes entity data (users, hosts, etc.) from various sources. This action r…
- Get Fleet Agent Policies Retrieves a paginated list of Fleet agent policies with filtering, sorting, and optional detailed information. Use this action to: - List all agent policies in your Fleet deployment - Filter policies using KQL queries (…
- Get Fleet Agents Available Versions Tool to retrieve the available versions for Fleet agents. Use when you need to get a list of all available Elastic Agent versions.
- Get Fleet Agents Setup Status Check Fleet setup readiness and identify missing requirements. Returns whether Fleet is ready (isReady), lists any missing prerequisites (missing_requirements), and shows optional feature availability. Use this to verif…
- Check Fleet Permissions Tool to check the permissions for the Fleet API. Use when you need to verify if the current user has the necessary privileges for Fleet operations.
- Get Fleet Enrollment API Key Tool to retrieve details of a specific enrollment API key by its ID. Use when you have the ID of an enrollment API key and need its details.
- Get Fleet Enrollment API Keys Tool to fetch a list of enrollment API keys. Use when you need to retrieve existing enrollment tokens for Kibana Fleet.
- Get Fleet EPM Categories Get all available package categories in the Elastic Package Manager (EPM) with package counts. Returns categories like Security, Observability, Cloud, etc., along with the number of packages in each category. Use this t…
- Get Fleet EPM Data Streams Tool to retrieve the list of data streams in the Elastic Package Manager. Use when you need to get a list of available data streams, optionally filtering by type, dataset, or categorization.
- Get Fleet EPM Package Details Retrieves comprehensive details for a specific Fleet integration package version from the Elastic Package Manager (EPM). Returns detailed information including: - Package metadata (name, title, description, version, typ…
- Get Fleet EPM Package File Retrieves a specific file from an Elastic Package Manager (EPM) package. Use this to access package metadata, documentation, changelogs, or configuration files. Common use cases: inspecting manifest.yml for package deta…
- Get Fleet EPM Packages Tool to fetch the list of available packages in the Elastic Package Manager. Use when you need to find available integrations or their details.
- Get Installed EPM Packages Tool to retrieve the list of installed packages in the Elastic Package Manager. Use this when you need to check which packages are currently installed in Fleet.
- Get Fleet EPM Packages (Limited) Retrieves a limited list of package names from the Elastic Package Manager (EPM) registry. Returns only package names (strings) without additional metadata, making it faster than the full packages endpoint. Useful for q…
- Get EPM Package Statistics Retrieves usage statistics for a specific Fleet package in Kibana, including the number of package policies and agent policies using the package. Use this to understand package adoption and usage across your Fleet-manag…
- Get Fleet Package Policies Retrieves a list of Fleet package policies (integration policies) in Kibana. Package policies define how integrations are configured and which agent policies they're associated with. Use this to list all package policie…
- Get Fleet Server Host Tool to fetch details of a specific Fleet server host by its item ID. Use when you need to get information about a particular Fleet Server host.
- Get Fleet Server Hosts Tool to retrieve the list of Fleet Server hosts. Use when you need to get information about the available Fleet Server hosts.
- Get Index Management Indices Tool to fetch information about indices managed by Kibana's Index Management feature. It queries the underlying Elasticsearch /_cat/indices API to retrieve index details. Use when you need to list or get details about o…
- Get Node Metrics Tool to retrieve statistics for nodes in an Elasticsearch cluster, often visualized in Kibana. Use when you need to monitor node health, performance, or resource usage. This action calls the Elasticsearch Nodes Stats AP…
- Get Reporting Jobs Tool to retrieve a list of reporting jobs in Kibana. Use when you need to see pending or completed reports. This uses an internal API endpoint, which might be subject to change without notice.
- Get Saved Objects Tool to retrieve a list of saved objects in Kibana based on specified criteria. Use when you need to find dashboards, visualizations, index patterns, or other saved entities.
- Get Kibana Status Tool to get the current status of Kibana. Use when you need to check if Kibana is healthy, monitor its state, or get information about the Kibana instance including version, UUID, and metrics.
- Create Alerting Rule Tool to create a new alerting rule in Kibana. Use when you need to define a new condition that, when met, triggers an alert and potentially executes predefined actions.
- Create Case Tool to create a new case in Kibana. Use when you need to open and track issues, incidents, or investigations. You can assign users, set severity levels, add tags, and configure external connectors for integration with…
- Create Kibana Connector Tool to create a new connector in Kibana. Use when you need to integrate Kibana with an external service.
- Create Dashboard Tool to create a new dashboard in Kibana. Use when you need to create a dashboard to visualize data. Dashboards can contain visualizations, saved searches, and other embeddable objects. Note: When using serverless Kiban…
- Create Data View Tool to create a new data view (index pattern) in Kibana. Use when you need to define which Elasticsearch indices to query and analyze in Kibana. Data views determine which fields are available in Discover, Visualize, a…
- Create or Update Saved Object Tool to create or update a saved object in Kibana. Use when you need to programmatically manage Kibana dashboards, visualizations, index patterns, etc.
Setup
How we connect it
- 1
Connect your account
You create a key in Kibana, a key you create and control, and paste it in once. It lives in a secrets store on your server, not with us.
- 2
Set the guardrails
Read-only by default. You choose which write actions the agent may take, and anything outside that policy gets confirmed with you first.
- 3
We keep it running
Health checks on every connection, updates handled for you, and we watch the first week of activity to make sure the work lands.
FAQ
Kibana questions, answered.
With a key you create and control. You paste it in once, it is stored in a secrets store on your server, permissions are scoped to the minimum the agent needs, and you can revoke it at any time.
The actions Kibana's API allows, the same things a person clicking around the app could do. Connections start read-only by default; write actions are confirmed against the policy you set before the agent takes them.
Connections are priced per tool on top of the base plan. Some are included, some are premium. See pricing for how connection charges work.
Standard tools are ready inside 7 business days of the setup call. We test the connection end to end, walk you through how the agent uses it, and watch the first week of activity.
Ready to put Kibana to work?
Tell us what your team runs on. We set up the connection, secure it, and your agent takes it from there.
All product names, logos, and brands are property of their respective owners; used for identification only. ZeroToClaw is not affiliated with or endorsed by Kibana.