Email if Elastic login failures or log pull failures? #554
Replies: 4 comments 1 reply
-
|
Are you wanting to notified if someone gains access to the elastic? That would require them to login with a username password -- which would appear as a normal user. This is just a typical risk that exists with any application. It would require 3rd party zero trust application if you wanted to strengthen the security of any self hosted application you have. Elastic has extra security features, but you would have to pay for a license. These don't come free: https://www.elastic.co/subscriptions These paid features would allow you to logon with LDAP or AD -- that would at least require a platinum license. |
Beta Was this translation helpful? Give feedback.
-
|
If the idea is just to be notified upon logins / failed logons you may be able to do something with the kibana event index: kibana-event-log-* and elast alert. Is that what you're asking for? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, it is. I can look into that further.
|
Beta Was this translation helpful? Give feedback.
-
|
One of our goals this year will be to develop elast alert rules. We only really have an EXAMPLE right now: So, we hope to expand on this to have rules already built to cover dozens of scenarios like this -- and then all the user would have to do is choose how they want to be notified: (slack, email, etc) |
Beta Was this translation helpful? Give feedback.
-
|
but if you have someone super technical to work this could develop your own elast alert rule based on the data structure of logs that come in through the index mentioned above. |
Beta Was this translation helpful? Give feedback.
-
I received a requirement from CIB to email if "an unauthorized party accesses our logging system or if LME fails to pull logs". Is there a way to update the documentation to support this common requirement?
Beta Was this translation helpful? Give feedback.
All reactions