If several systems (customers) are shipping logs via Filebeat-Logstash combination to a common Elasticsearch instance, can Elastic Security:
- Ensure customers are authenticated when the log documents are indexed, and that
- Documents created by that customer in an index are tagged with a customer identifier?
For (1) I am considering that customers can be represented as 'users' in Elastic Security. Beats transfer (logs and metric) takes place as an authenticated user (unique user per customer).
For (2) log & metric data are persisted with the customer identifier as a field in the document.