Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Docs: Elasticsearch Security Privileges #2406

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Docs: Elasticsearch Security Privileges #2406

wants to merge 1 commit into from
+36 −0

Conversation

abhishekjiitr
Copy link
Contributor

@abhishekjiitr abhishekjiitr commented Aug 19, 2019
edited
Loading

Add new page in documentation specifying the Elasticsearch Security Privileges required for ElastAlert

Closes #2384

@abhishekjiitr
Add Docs: Elasticsearch Security Privileges
885896c 
Add new page in documentation specifying the Elasticsearch Security Privileges required for ElastAlert
@abhishekjiitr abhishekjiitr mentioned this pull request Aug 19, 2019
Open
@jmcclelland
Copy link

Thanks for this patch - it is very helpful. I'm brand new to elasticsearch so I don't have much context to make meaningful suggestions, other than insight as to what a newbie will be confused by.

One simple suggestion is to spell out Role Based Access Control (RBAC).

Also, I now finally understand the what Search Guard is (I have been using x-pack security and could not understand why those permissions didn't match the documentation for x-pack, which I thought was the only option for security in elasticsearch).

If you want to include instructions for x-pack here is some verbiage you are free to use, discard or edit:

X-Pack Permissions

If you are monitoring an index called "journalbeat_*" and elasticalert is writing back to indices prefaced with "elastalert_" - the following role definition will grant the appropriate permissions to the elastalert role:

elastalert:
  cluster: ["monitor"]
  indices:
    - names: [ 'journalbeat-*' ]
      privileges: [ 'read'  ]
    - names: [ 'elastalert_*' ]
      privileges: [ 'all' ]

@Dyselxique Dyselxique mentioned this pull request Aug 30, 2019
Closed
@nsano-rururu nsano-rururu mentioned this pull request Jan 21, 2021
Merged
@nsano-rururu
Copy link
Contributor

Merged into elastalert2
jertel/elastalert2#39

@nsano-rururu nsano-rururu mentioned this pull request Mar 12, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nsano-rururu nsano-rururu nsano-rururu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Please document what elasticsearch privileges are required of the user elastalert runs as
3 participants
@abhishekjiitr @jmcclelland @nsano-rururu