Elastic Auth

Starting in Elastic 6.8.0, Elastic authentication is included for free in Elastic Features. This allows you to assign different privileges to different users in Kibana.

To enable, simply run so-elastic-auth and follow the prompts. so-elastic-auth will do the following:

  • walk you through switching to Elastic Features if necessary
  • enable authentication in Elasticsearch, Logstash, Kibana, Curator, and ElastAlert
  • find any existing user accounts in your Sguil database and create corresponding accounts in Elasticsearch with read-only privilege by default

Once you’ve completed so-elastic-auth, you should then:

  • log into Kibana using the elastic super-user account
  • set any other account privileges as necessary
  • distribute the temporary passwords generated by so-elastic-auth to your users and have them reset their passwords

Please note that you will continue to authenticate to Sguil, Squert, and CapMe with your traditional Sguil/Squert/CapMe account.