We have been using shield for elastic search and the same being replicated for Kibana.
We have a few queries on that:
- We would require shield for our elastic search, since the logs coming in needs to be secure. But can we remove the shield or bypass the shield for kibana. This is because we have a user front interface which shows the visualisations of kibana. It is not pratical to give the users the shield credentials because, that will cause a vulnerability to the logs in elastic search nor any side of authentication for a UI perspective.
- Or is there any other way just to secure the elastic serach but the Kibana be open.