Checking for tampering of indices

Elastic Stack Elasticsearch
1

In Splunk, it is possible to detect tampering of logs. Splunk will take an
event at ingestion time and create a hash value based on the event and your
certificates/keys. You can then write searches that will re-hash the event
to be compared to the original to indicate if anything has changed. We
need something like that.

How is that possible with elasticsearch?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3b724745-88ac-4484-9d21-284ec28697a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You might be able to achieve this with versioning -

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 2 October 2014 05:20, Brian Wilkins bwilkins@gmail.com wrote:

In Splunk, it is possible to detect tampering of logs. Splunk will take
an event at ingestion time and create a hash value based on the event and
your certificates/keys. You can then write searches that will re-hash the
event to be compared to the original to indicate if anything has changed.
We need something like that.

How is that possible with elasticsearch?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3b724745-88ac-4484-9d21-284ec28697a9%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/3b724745-88ac-4484-9d21-284ec28697a9%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624Y2mu13pfoQRvcEngY%3DZ3JvXNqrT%2Bc05q3HV3EaOZmrtg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.