Next, we need to add SSL configuration to /etc/elasticsearch/elasticsearch.ymlDocument. ![]() cp ca/ca.crt /etc/elasticsearch/certs/caĬp elasticsearch/elasticsearch.crt /etc/elasticsearch/certsĬp elasticsearch/elasticsearch.key /etc/elasticsearch/certsĬhown -R elasticsearch: /etc/elasticsearch/certs Next, we need to copy the decompressed certificate into its related folder and set the correct permissions. Configure Elasticsearch SSLįirst, we need to create a folder to store the certificate on our Elasticsearch host. Now we have our certificate, we can configure each instance. unzip /usr/share/elasticsearch/certs.zip -d /usr/share/elasticsearch/ You can use decompression to unpack different certificates. This will create one for each of our instances.crtwith. usr/share/elasticsearch/bin/elasticsearch-certutil cert ca -pem -in instances.yml -out certs.zip This will also generate a certification authority. Next, we will generate a certificate for our instance using Elastic's CERTUTIL tools. As far as I said, I only have Elasticsearch, Kibana and Zeek. usr/share/elasticsearch/instances.ymlThis file will contain different nodes / instances we want to use SSL protection. We will also use X-Pack to do this.įirst, on the host installed ELASTICSEARCH, we need to create a YAML file. ![]() One of the required key components is to configure the SSL connection between each node, which can be performed in a variety of ways. X-PACK is an Elastic package that is basically responsible for all Elastic Security feature. This feature is not "unboiled", to use it, we must first configure security between all different nodes. We can extract the log into the Elasticsearch and process the data via Kibana, but lack the core function of SIEM. Similarly, running Windows 10 computers on ESXI, we will install the Elastic Endpoint Security Agent.įor now, the only function we have in ELK deployment is log extraction and visualization. ![]() Zeek is also run on the Ubuntu 20.04 server, and the port on the switch is mirrored to the port on the ESXi server. ELK runs on the Ubuntu 20.04 server hosted by ESXi. Network designīelow is a very simple network diagram of this post. Therefore, for this article, I will show how to install Elastic Siem and Elastic Endpoint Security from my head. So I think it is now looking at Elastic changes and tries that its new Endpoint Security is good. OpenedR released by Comodo and Elastic Endpoint Security. In recent months, Elastic Stack has changed a lot and many free security tools have been released.
0 Comments
Leave a Reply. |