Integration Commands¶
Commands for integrating Faraday with external services and data platforms.
ingest¶
Import vulnerabilities from one or all Faraday workspaces into an Elasticsearch index. This command enables centralized vulnerability analytics, dashboards (e.g., Kibana), and cross-workspace search.
Note: This command was previously undocumented. It has been available since it was added to the community codebase.
faraday-manage ingest [OPTIONS]
Prerequisites¶
- ELK settings must be enabled and configured — Run
faraday-manage settings -a update elkfirst. See [[settings-reference#elk]] for details. - Elasticsearch must be reachable — Test with
faraday-manage ingest --test-connection
Options¶
| Option | Type | Default | Description |
|---|---|---|---|
--all-workspaces / --no-all-workspaces |
Flag | false |
Import vulnerabilities from all workspaces. Takes precedence over --workspace-name. |
-w, --workspace-name |
String | — | Import vulnerabilities from a specific workspace. Ignored if --all-workspaces is set. |
-f, --from-id |
String | — | Start importing from this vulnerability ID |
-t, --to-id |
String | — | Stop importing at this vulnerability ID |
-r, --rename-workspace-as |
String | — | Rename the workspace in Elasticsearch documents (the workspace field gets this value instead of the actual workspace name) |
-x, --add-extra-vulnerability-tags |
String | — | Additional tags to append to each vulnerability's tags array |
-i, --elk-index-name |
String | faraday |
Name of the Elasticsearch index to write to |
-d, --from-update-date |
String | — | Only import vulnerabilities updated on or after this date |
-c, --test-connection |
Flag | false |
Test the Elasticsearch connection and exit without importing |
Behavior¶
- Reads ELK settings from the database (configured via
faraday-manage settings -a update elk) - If ELK is not enabled, prints an error and exits
- Connects to Elasticsearch using the configured credentials
- Uses
http_authfor Elasticsearch Python client < 8 - Uses
basic_authfor Elasticsearch Python client >= 8 - SSL certificate verification is disabled (
verify_certs=False) - If
--test-connection: tests the connection and exits - Queries the specified workspace(s) for vulnerabilities, applying optional filters
- Serializes each vulnerability using
VulnerabilitySchema - Adds metadata:
workspacename,ingest_timestamp, optional extra tags - Bulk-inserts documents into the Elasticsearch index (5000 per batch)
Examples¶
# Step 1: Configure ELK settings
faraday-manage settings -a update elk --data '{
"enabled": true,
"username": "elastic",
"password": "changeme",
"host": "https://elasticsearch.local",
"port": 9200,
"ignore_ssl": false
}'
# Step 2: Test the connection
faraday-manage ingest --test-connection
# Step 3: Ingest from a single workspace
faraday-manage ingest -w my-pentest-project
# Ingest from all workspaces
faraday-manage ingest --all-workspaces
# Ingest only recent vulnerabilities (updated since a date)
faraday-manage ingest -w my-project -d "2026-01-01"
# Ingest a range of vulnerability IDs
faraday-manage ingest -w my-project -f 1000 -t 2000
# Ingest with a custom index name and extra tags
faraday-manage ingest --all-workspaces -i faraday-prod -x "quarterly-audit"
# Ingest with workspace rename (useful for consolidation)
faraday-manage ingest -w old-project-name -r new-project-name
Output¶
Working on workspace my-project ...
Processing vulnerabilities ...
Current offset is 0 / Count 1523 ...
Current offset is 5000 / Count 1523 ...
Common Errors¶
| Error | Cause | Solution |
|---|---|---|
Elastic ingest is not enabled |
ELK settings not enabled | Run faraday-manage settings -a update elk and set enabled: true |
Could not connect to elasticsearch |
Connection failed | Check host, port, credentials in ELK settings |
Failed to connect... ensure that the host parameter is a valid URL |
Elasticsearch client < 8 requires URL format | Set host to a full URL (e.g., https://localhost) |
Use --workspace-name to specify... |
Neither workspace option provided | Specify -w <name> or --all-workspaces |
Elasticsearch Document Schema¶
Each imported vulnerability produces an Elasticsearch document with these key fields:
| Field | Type | Description |
|---|---|---|
_id |
UUID | Unique document ID (generated UUID, not the Faraday vuln ID) |
workspace |
String | Workspace name (or renamed value) |
name |
String | Vulnerability name |
severity |
String | Severity level |
status |
String | Vulnerability status |
tags |
Array | Vulnerability tags (including extra tags if specified) |
ingest_timestamp |
DateTime | UTC timestamp of when the document was ingested |
| ... | ... | All fields from VulnerabilitySchema (excluding parent, _id) |