Elastic Auth¶
Starting in Elastic 6.8.0, Elastic authentication is included for free in Elastic Features. This allows you to assign different privileges to different users in Kibana.
To enable, simply run so-elastic-auth
on your master server only (or standalone) and follow the prompts. so-elastic-auth
will do the following:
- walk you through switching to Elastic Features if necessary
- enable authentication in Elasticsearch, Logstash, Kibana, Curator, and ElastAlert
- find any existing user accounts in your Sguil database and create corresponding accounts in Elasticsearch with read-only privilege by default
Once you’ve completed so-elastic-auth
, you should then:
- log into Kibana using the
elastic
super-user account - set any other account privileges as necessary
- distribute the temporary passwords generated by
so-elastic-auth
to your users and have them reset their passwords
Note
Please note that you will continue to authenticate to Sguil, Squert, and CapMe with your traditional Sguil/Squert/CapMe account.
If you add new Elastic Auth accounts in the future, you will need to assign them at least the so_user_read_only
role.