Starting in Elastic 6.8.0, Elastic authentication is included for free in Elastic Features. This allows you to assign different privileges to different users in Kibana.
To enable, simply run so-elastic-auth on your master server only (or standalone) and follow the prompts. so-elastic-auth will do the following:
- walk you through switching to Elastic Features if necessary
- enable authentication in Elasticsearch, Logstash, Kibana, Curator, and ElastAlert
- find any existing user accounts in your Sguil database and create corresponding accounts in Elasticsearch with read-only privilege by default
Once you've completed so-elastic-auth, you should then:
- log into Kibana using the
elasticsuper-user account - set any other account privileges as necessary
- distribute the temporary passwords generated by
so-elastic-authto your users and have them reset their passwords
Note
Please note that you will continue to authenticate to Sguil, Squert, and CapMe with your traditional Sguil/Squert/CapMe account.
If you add new Elastic Auth accounts in the future, you will need to assign them at least the so_user_read_only role.