Starting in Elastic 6.8.0, Elastic authentication is included for free in Elastic Features. This allows you to assign different privileges to different users in Kibana.
To enable, simply run
so-elastic-auth on your master server only (or standalone) and follow the prompts.
so-elastic-auth will do the following:
- walk you through switching to Elastic Features if necessary
- enable authentication in Elasticsearch, Logstash, Kibana, Curator, and ElastAlert
- find any existing user accounts in your Sguil database and create corresponding accounts in Elasticsearch with read-only privilege by default
Once you’ve completed
so-elastic-auth, you should then:
- log into Kibana using the
- set any other account privileges as necessary
- distribute the temporary passwords generated by
so-elastic-authto your users and have them reset their passwords
Please note that you will continue to authenticate to Sguil, Squert, and CapMe with your traditional Sguil/Squert/CapMe account.