Elastic Auth¶
Starting in Elastic 6.8.0, Elastic authentication is included for free in Elastic Features. This allows you to assign different privileges to different users in Kibana.
To enable, simply run so-elastic-auth
on your master server only (or standalone) and follow the prompts. so-elastic-auth
will do the following:
- walk you through switching to Elastic Features if necessary
- enable authentication in Elasticsearch, Logstash, Kibana, Curator, and ElastAlert
- find any existing user accounts in your Sguil database and create corresponding accounts in Elasticsearch with read-only privilege by default
Once you’ve completed so-elastic-auth
, you should then:
- log into Kibana using the
elastic
super-user account - set any other account privileges as necessary
- distribute the temporary passwords generated by
so-elastic-auth
to your users and have them reset their passwords
Please note that you will continue to authenticate to Sguil, Squert, and CapMe with your traditional Sguil/Squert/CapMe account.