Hi all,
It was suggested to me to share some of the projects and nodes I am working on in this forum.
I am using Node-Red as an example SOAR tool in combination with Elastic Security. Its running on GKE and uses Okta authentication.
I noted that the elasticsearch nodes available were quite old, not using APIs as best they could. So I forked one as a basis to learn writting node-red nodes, and pretty much rewrote all the nodes. It now uses the official elasticsearch js client lib, support all the features therein, such as proxies and authentication options.
I make heavy use of mustache so as little as possible (such as input field names) is hardcoded, but rather derived through mustache templates. To make automation logic easier most nodes with outputs have a fail and success output - so you don't have add other nodes to detect status.
You can find my package here:
I do plan to add more APIs and operations as I need them, I already added some basic index ops as nodes.
Other node packages I have on the go:
nrc-tjtoolkit-nodes - useful helper nodes (published)
nrc-elasticsearch-storage - Use elasticsearch as your flow storage (unpublished)
nrc-kibana-nodes - Accessing Kibana's API (unpublished)