Kibana

Learn how to use Kibana with Composio

Overview

SLUG: KIBANA

Description

Kibana is a visualization and analytics platform for Elasticsearch, offering dashboards, data exploration, and monitoring capabilities for gaining insights from data

Authentication Details

full
stringDefaults to https://localhost:5601Required
username
stringRequired
password
stringRequired
full
stringDefaults to https://localhost:5601Required
generic_api_key
stringRequired

Connecting to Kibana

Create an auth config

Use the dashboard to create an auth config for the Kibana toolkit. This allows you to connect multiple Kibana accounts to Composio for agents to use.

1

Select App

Navigate to Kibana.

2

Configure Auth Config Settings

Select among the supported auth schemes of and configure them here.

3

Create and Get auth config ID

Click “Create Kibana Auth Config”. After creation, copy the displayed ID starting with ac_. This is your auth config ID. This is not a sensitive ID — you can save it in environment variables or a database. This ID will be used to create connections to the toolkit for a given user.

Connect Your Account

Using Basic Auth

1from composio import Composio
2from composio.types import auth_scheme
3
4# Replace these with your actual values
5kibana_auth_config_id = "ac_YOUR_KIBANA_CONFIG_ID"
6user_id = "user@example.com"
7username = "your_kibana_username"
8password = "your_kibana_password"
9
10composio = Composio()
11
12# Create a new connected account for Kibana using Basic Auth
13connection_request = composio.connected_accounts.initiate(
14 user_id=user_id,
15 auth_config_id=kibana_auth_config_id,
16 config=auth_scheme.basic_auth(
17 username=username,
18 password=password
19 )
20)
21
22# Basic authentication is immediate - no redirect needed
23print(f"Successfully connected Kibana for user {user_id}")
24
25# You can verify the connection using:
26# connected_account = composio.connected_accounts.get(user_id=user_id, app_id="KIBANA")

Using API Key

1from composio import Composio
2
3# Replace these with your actual values
4kibana_auth_config_id = "ac_YOUR_KIBANA_CONFIG_ID" # Auth config ID created above
5user_id = "0000-0000-0000" # UUID from database/app
6
7composio = Composio()
8
9def authenticate_toolkit(user_id: str, auth_config_id: str):
10 # Replace this with a method to retrieve an API key from the user.
11 # Or supply your own.
12 user_api_key = input("[!] Enter API key")
13
14 connection_request = composio.connected_accounts.initiate(
15 user_id=user_id,
16 auth_config_id=auth_config_id,
17 config={"auth_scheme": "API_KEY", "val": user_api_key}
18 )
19
20 # API Key authentication is immediate - no redirect needed
21 print(f"Successfully connected Kibana for user {user_id}")
22 print(f"Connection status: {connection_request.status}")
23
24 return connection_request.id
25
26
27connection_id = authenticate_toolkit(user_id, kibana_auth_config_id)
28
29# You can verify the connection using:
30connected_account = composio.connected_accounts.get(connection_id)
31print(f"Connected account: {connected_account}")

Tools

Executing tools

To prototype you can execute some tools to see the responses and working on the Kibana toolkit’s playground

Python
1from composio import Composio
2from openai import OpenAI
3import json
4
5openai = OpenAI()
6composio = Composio()
7
8# User ID must be a valid UUID format
9user_id = "0000-0000-0000" # Replace with actual user UUID from your database
10
11tools = composio.tools.get(user_id=user_id, toolkits=["KIBANA"])
12
13print("[!] Tools:")
14print(json.dumps(tools))
15
16def invoke_llm(task = "What can you do?"):
17 completion = openai.chat.completions.create(
18 model="gpt-4o",
19 messages=[
20 {
21 "role": "user",
22 "content": task, # Your task here!
23 },
24 ],
25 tools=tools,
26 )
27
28 # Handle Result from tool call
29 result = composio.provider.handle_tool_calls(user_id=user_id, response=completion)
30 print(f"[!] Completion: {completion}")
31 print(f"[!] Tool call result: {result}")
32
33invoke_llm()

Tool List

Tool Name: Delete Action

Description

Tool to delete an action in kibana. use when you need to remove a specific action by its id, optionally within a specific space.

Action Parameters

action_id
stringRequired
space_id
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete Alerting Rule

Description

Tool to delete an alerting rule in kibana. use when you need to remove a specific alerting rule by its id.

Action Parameters

id
stringRequired
kbn_xsrf
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete Connector

Description

Tool to delete a connector in kibana. use when you need to remove an existing connector.

Action Parameters

id
stringRequired
space_id
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete Fleet Output

Description

Tool to delete a specific output configuration in kibana fleet. use when you need to remove an existing output by its id.

Action Parameters

elastic_api_version
stringDefaults to 2023-10-31
kbn_xsrf
stringDefaults to true
output_id
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete Fleet Proxy

Description

Tool to delete a specific fleet proxy configuration by its id. use when you need to remove an existing proxy setup.

Action Parameters

kbnXsrf
stringDefaults to true
proxyId
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete List

Description

Deletes a list. use when you want to delete a list by its id.

Action Parameters

delete_references
boolean
id
stringRequired
ignore_references
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete Osquery Saved Query

Description

Tool to delete a saved osquery query by its id. use when you need to remove a specific osquery saved query.

Action Parameters

id
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Delete Saved Object

Description

Tool to delete a saved object in kibana. use when you need to remove a specific saved object like a visualization or dashboard.

Action Parameters

force
boolean
id
stringRequired
kbn_xsrf
stringDefaults to true
type
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Find Kibana Alerts

Description

Tool to find and/or aggregate detection alerts in kibana. use this to retrieve a list of alerts, optionally filtering them with a query and performing aggregations.

Action Parameters

aggs
object
query
objectRequired
runtime_mappings
object
size
integer

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Action Types

Description

Tool to fetch the list of available action types (e.g., '.slack', '.email', '.webhook') in kibana. use this to discover the 'actiontypeid' needed when creating a new action.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Alerting Rules

Description

Tool to retrieve a list of alerting rules in kibana. use when you need to get a paginated set of rules based on specified conditions.

Action Parameters

default_search_operator
stringDefaults to OR
fields
array
filter
string
filter_consumers
array
has_reference
object
page
integerDefaults to 1
per_page
integerDefaults to 10
search
string
search_fields
array
sort_field
string
sort_order
string

Action Response

data
arrayRequired
error
string
page
integerRequired
per_page
integerRequired
successful
booleanRequired
total
integerRequired

Tool Name: Get Alert Types

Description

Tool to retrieve available alert types in kibana. use when you need to get a list of all possible alert types and their metadata.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Cases

Description

Tool to retrieve a list of cases in kibana. use when you need to find or list existing security or operational cases, potentially filtering by various attributes like status, assignee, or severity.

Action Parameters

assignees
array
defaultSearchOperator
string
from_date_param
string
owner
array
page
integerDefaults to 1
perPage
integerDefaults to 20
reporters
array
search
string
searchFields
array
severity
string
sortField
stringDefaults to createdAt
sortOrder
stringDefaults to desc
status
string
tags
array
to_date_param
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get All Connectors

Description

Tool to retrieve a list of all connectors in kibana. use this tool when you need to get information about available connectors.

Action Parameters

space_id
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Data Views

Description

Tool to retrieve a list of data views available in kibana. use when you need to get a list of available data views, optionally filtering by a name pattern.

Action Parameters

pattern
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Find Detection Engine Rules

Description

Retrieves a list of detection engine rules based on specified criteria. use this tool to find detection rules.

Action Parameters

fields
array
filter
string
gaps_range_end
string
gaps_range_start
string
page
integerDefaults to 1
per_page
integerDefaults to 20
sort_field
string
sort_order
stringDefaults to desc

Action Response

data
arrayRequired
error
string
page
integerRequired
perPage
integerRequired
successful
booleanRequired
total
integerRequired

Tool Name: Get Endpoint List Items

Description

Tool to retrieve all items from an endpoint exception list. use when you need to get a list of endpoint exceptions, for example, to check existing exceptions before adding a new one.

Action Parameters

filter
string
page
integer
per_page
integer
sort_field
string
sort_order
string

Action Response

data
arrayRequired
error
string
page
integerRequired
per_page
integerRequired
pit
string
successful
booleanRequired
total
integerRequired

Tool Name: Get Entity Store Engines

Description

Retrieves the list of engines from the entity store.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: List Entity Store Entities

Description

Tool to list entity records in the entity store with support for paging, sorting, and filtering. use when you need to retrieve a list of entities such as users, hosts, or services.

Action Parameters

entity_types
arrayRequired
filterQuery
string
page
integer
per_page
integer
sort_field
string
sort_order
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Entity Store Status

Description

Tool to retrieve the status of the entity store in kibana. use this to check if the entity store is operational.

Action Parameters

Action Response

data
object
error
string
successful
booleanRequired

Tool Name: Get Fleet Agents Available Versions

Description

Tool to retrieve the available versions for fleet agents. use when you need to get a list of all available elastic agent versions.

Action Parameters

elastic-api-version
stringDefaults to 2023-10-31

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Agents Setup Status

Description

Tool to check if the fleet agents are set up. use when you need to verify the fleet agent setup status.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Agent Policies

Description

Fetches a list of agent policies in fleet. use when you need to retrieve agent policy configurations.

Action Parameters

kuery
string
page
integer
perPage
integer
sortField
string
sortOrder
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Check Fleet Permissions

Description

Tool to check the permissions for the fleet api. use when you need to verify if the current user has the necessary privileges for fleet operations.

Action Parameters

elastic-api-version
stringDefaults to 2023-10-31
fleetServerSetup
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Data Streams

Description

Retrieves the list of data streams in fleet.

Action Parameters

datasetQuery
string
elastic-api-version
stringDefaults to 2023-10-31
sortOrder
string
type
string
uncategorisedOnly
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Enrollment API Key

Description

Tool to retrieve details of a specific enrollment api key by its id. use when you have the id of an enrollment api key and need its details.

Action Parameters

key_id
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Enrollment API Keys

Description

Tool to fetch a list of enrollment api keys. use when you need to retrieve existing enrollment tokens for kibana fleet.

Action Parameters

page
integer
perPage
integer

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet EPM Categories

Description

Tool to fetch the list of categories in the elastic package manager. use when you need to retrieve available package categories.

Action Parameters

elastic_api_version
stringDefaults to 2023-10-31
include_policy_templates
boolean
prerelease
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet EPM Data Streams

Description

Tool to retrieve the list of data streams in the elastic package manager. use when you need to get a list of available data streams, optionally filtering by type, dataset, or categorization.

Action Parameters

datasetQuery
string
elastic-api-version
stringDefaults to 2023-10-31
sortOrder
stringDefaults to asc
type
string
uncategorisedOnly
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet EPM Packages

Description

Tool to fetch the list of available packages in the elastic package manager. use when you need to find available integrations or their details.

Action Parameters

category
string
excludeInstallStatus
boolean
prerelease
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Installed EPM Packages

Description

Tool to retrieve the list of installed packages in the elastic package manager. use this when you need to check which packages are currently installed in fleet.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet EPM Packages (Limited)

Description

Tool to fetch a limited list of packages from the elastic package manager. use when you need to retrieve a list of available epm packages with minimal details.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet EPM Package Details

Description

Tool to fetch details of a specific package and version in the elastic package manager (epm). use when you need to get information about a particular epm package, such as its title, description, or type.

Action Parameters

package_name
stringRequired
package_version
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet EPM Package File

Description

Tool to retrieve a specific file from a package in the elastic package manager. use when you need to inspect the contents of a package file.

Action Parameters

filePath
stringRequired
pkgName
stringRequired
pkgVersion
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get EPM Package Statistics

Description

Tool to retrieve statistics for a specific package in the elastic package manager. use when you need to get epm package statistics.

Action Parameters

package_name
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Package Policies

Description

Tool to retrieve a list of all package policies (agent & epm), providing their ids and associated details. use when you need to get an overview of existing package policies.

Action Parameters

format
string
kuery
string
page
integer
perPage
integer
showUpgradeable
boolean
sortField
string
sortOrder
string
withAgentCount
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Server Host

Description

Tool to fetch details of a specific fleet server host by its item id. use when you need to get information about a particular fleet server host.

Action Parameters

elastic_api_version
stringDefaults to 2023-10-31
host_id
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Fleet Server Hosts

Description

Tool to retrieve the list of fleet server hosts. use when you need to get information about the available fleet server hosts.

Action Parameters

page
integerDefaults to 1
perPage
integerDefaults to 20

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Index Management Indices

Description

Tool to fetch information about indices managed by kibana's index management feature. it queries the underlying elasticsearch / cat/indices api to retrieve index details. use when you need to list or get details about one or more indices in the cluster.

Action Parameters

bytes
string
expand_wildcards
string
h
string
health
string
index
string
pri
boolean
s
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Node Metrics

Description

Tool to retrieve statistics for nodes in an elasticsearch cluster, often visualized in kibana. use when you need to monitor node health, performance, or resource usage. this action calls the elasticsearch nodes stats api.

Action Parameters

completion_fields
string
fielddata_fields
string
fields
string
groups
boolean
include_segment_file_sizes
boolean
include_unloaded_segments
boolean
level
string
metric
string
node_id
string
timeout
string
types
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Reporting Jobs

Description

Tool to retrieve a list of reporting jobs in kibana. use when you need to see pending or completed reports. this uses an internal api endpoint, which might be subject to change without notice.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Saved Objects

Description

Tool to retrieve a list of saved objects in kibana based on specified criteria. use when you need to find dashboards, visualizations, index patterns, or other saved entities.

Action Parameters

default_search_operator
string
fields
array
filter
string
has_reference
object
page
integerDefaults to 1
per_page
integerDefaults to 20
root_search_fields
array
search
string
search_fields
array
sort_field
string
sort_order
string
type
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Get Kibana Status

Description

Tool to get the current status of kibana. use when you need to check if kibana is healthy, monitor its state, or get information about the kibana instance including version, uuid, and metrics.

Action Parameters

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Create Alerting Rule

Description

Tool to create a new alerting rule in kibana. use when you need to define a new condition that, when met, triggers an alert and potentially executes predefined actions.

Action Parameters

actions
array
consumer
stringRequired
enabled
booleanDefaults to True
name
stringRequired
notify_when
stringRequired
params
objectRequired
rule_id
string
rule_type_id
stringRequired
schedule
objectRequired
tags
array
throttle
string

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Create Case

Description

Tool to create a new case in kibana. use when you need to open and track issues, incidents, or investigations. you can assign users, set severity levels, add tags, and configure external connectors for integration with itsm systems.

Action Parameters

assignees
array
category
string
connector
objectRequired
customFields
array
description
stringRequired
owner
stringRequired
settings
objectRequired
severity
stringDefaults to low
tags
array
title
stringRequired

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Create Kibana Connector

Description

Tool to create a new connector in kibana. use when you need to integrate kibana with an external service.

Action Parameters

config
object
connector_type_id
stringRequired
id
stringRequired
kbn-xsrf
stringDefaults to true
name
stringRequired
secrets
object

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Create Dashboard

Description

Tool to create a new dashboard in kibana. use when you need to create a dashboard to visualize data. dashboards can contain visualizations, saved searches, and other embeddable objects.

Action Parameters

attributes
objectRequired
dashboard_id
string
references
array
spaces
array

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Create Data View

Description

Tool to create a new data view (index pattern) in kibana. use when you need to define which elasticsearch indices to query and analyze in kibana. data views determine which fields are available in discover, visualize, and other kibana apps.

Action Parameters

data_view
objectRequired
override
boolean

Action Response

data
objectRequired
error
string
successful
booleanRequired

Tool Name: Create or Update Saved Object

Description

Tool to create or update a saved object in kibana. use when you need to programmatically manage kibana dashboards, visualizations, index patterns, etc.

Action Parameters

attributes
objectRequired
object_id
string
object_type
stringRequired
overwrite
boolean
references
array
space_id
stringDefaults to default

Action Response

data
objectRequired
error
string
successful
booleanRequired