Question1: Is there way to achieve free read-only access to Kibana?
Question2: Is there way to achieve free OAuth login to Kibana?
Already everyone who have link to my Kibana have all accesses too. What I need is give some users read-only access.
I use docker ELK stack from: https://github.com/deviantony/docker-elk
I know that X-Pack have those features but it is paid.
Best free tool you can use is probably https://github.com/floragunncom/search-guard but free version offers only basic auth.
Related
Is there basic authentication free with elastic search (basic) distributed version or this falls under the 30 days trial feature ?
We are working on adding elastic search as indexing solution for our application. Bit confused with licensing and subscription where they mention that distributed has some feature like Xpack for security free but also mention that it is under trail version.
So the question is can we add basic security to elastic search and use it without any trial issue or it is trial pack ?
basic Elastic Security features are free since v6.8 or v7.1. No trial. From this feature matrix, here's what you get for free:
Secure settings
Encrypted communications
Role-based access control
File and native authentication
Kibana Spaces
Kibana feature controls
API keys management
Your basic authentication requirement is covered by using file or native authentication (https://www.elastic.co/guide/en/elasticsearch/reference/7.11/setting-up-authentication.html), as long as you don't have to integrate your authentication process with an identity provider.
2 options
Open distro from amazon
2.https://search-guard.com/
I need to send email automatically whenever any error comes in my Elastic search.
Is there anyway to do it.
I dont want to use Elastic Cloud for it.
I can use Watcher in Kibana, but my question is whether the "Watcher" is available in local also along with cloud?
Please help!
Watcher is available in on-premises installations if you have at least a Gold License, it is not available with the free basic license.
The same thing for the Kibana e-mail action, it needs a Gold License.
You can check what is available at the subscription page.
If you do not have a Gold License for your on-premises cluster, you will need an external tool to query elasticsearch and send e-mails, you can build one using one of the official clients libraries (python, node.js, java etc) or you can try other tools like elastalert.
I had a few questions in regards to elasticsearch architecture and associated services and/or products that is not clear to me.
The idea is to setup an elasticsearch instance for searching through file shares, Exchange mailboxes, Sharepoint sites and even Teams conversations if possible.
How would I setup the elasticsearch instance to support the following requirements:
Security filtering results from these sources for users
Develop on a simple and clean web search page like SearchUI from Elastic themselves.
Active Directory or ADFS authentication
Use nodejs on a separate server to proxy to elastic, as elastic user management means that users get access to all search results
I can find tutorials and blogs on some of these items, but no comprehensive description of how the architecture would actually work specifically with the SearchUI and proxying of data to ES.
Please have a look at this new product released by Elastic guys using same elastic search framework
https://www.elastic.co/workplace-search
it closley matches your requirement.
I'm installing ELK stack for my company, my cousin uses it for his company too, he's a programmer so I asked him if he bought the Xpack, he says no since the mysql logs he processes aren't of value. I know that I can buy XPack or use Nginx to add authentication, but let's assume that I won't do any authentication, like many elastic users, I have a couple of questions about that scenario.
So I have filebeat that ships MySQL logs to logstash, which feeds them to Elastic search and analytics is done in Kibana.
How to make sure that no information of value end up in the logs while still having meaningful analytics. My company develops an ERP, and has many companies as customers, so at the very least, you'll have the company ID and the user ID in the logs in order to have any meaningful data, isn't this considered sensitive data?
How to make sure that no unauthorized user send a Post request to elastic search or access Kibana? Do you run them locally, not on the internet?
Do you filter the logs of any sensitive before sending it to Filebeat?
I'm just trying to understand how many users manage to run ELK without authentication, while still being able to get meaningful data.
.
How to make sure that no information of value end up in the logs while still having meaningful analytics. My company develops an ERP, and has many companies as customers, so at the very least, you'll have the company ID and the user ID in the logs in order to have any meaningful data, isn't this considered sensitive data?
If you don't want sensitive data stored in your elasticsearch you need to filter it out or anonymize it, for example, you can use a logstash filter to create a fingerprint combining the company id and user id fields, or you can remove any field with sensitive data from your message.
How to make sure that no unauthorized user send a Post request to elastic search or access Kibana? Do you run them locally, not on the internet?
Without authentication this is almost impossible, you will need full control of who knows about your elasticsearch instance and who can access it, if someone besides you has access, they can send requests to your instance, to avoid that you can use a firewall on your servers and only allow access to specific IPs.
Even if you take some precautions, running a Elasticsearch instance in production without any kind of access control is not recommended and is very risky.
You should use an access control method, it could be X-Pack, NGINX or a plugin like Search Guard.
Please check out Search Guard (https://search-guard.com/). The basic version (which is sufficient for most use cases and definitely better than nothing) is free and open source (Apache 2 License).
Disclaimer: I work for Search Guard/floragunn GmbH
If you need to grant some access / privilege, you can use grafana instead of kibana for free.
For ES access, this is like any DB security. Configure your server to allow only some IPs on 9200 and 9300.
You can also look at: https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin to secure delete query (still free).
I need to apply google oauth on kibana for security purpose.
You'll probably need to write a plugin for Kibana, this article goes in some details on how to accomplish that, the catch with this approach is that you'll need x-pack(which is a paid product) to accomplish that as described there, but it's also possible to write a plugin without x-pack anyway, just some extra work.
Other option, where you won't need x-pack would be to have a reverse proxy in front of your kibana where you can implement the oauth and you could configure that kibana only accepts requests from that rev-proxy.