We have elastic stack with the following components:
5 ES nodes running on 7.6.1 version
Kibana - 7.6.1 version
2 Logstash - 7.6.1 version
We also have filebeat and metricbeat (both 7.6.0 ) running on alot of vm's pushing data to ES via logstash. We would like to enable security xpack for es to have both basic auth and SSL enabled for the cluster. One other reason is we would like to test the new SIEM capability for ELK (read in the documents xpack is needed for detections). Is there a suggested way to enable security xpack on an existing cluster so that data ingestion is not lost while this activity is happening (Something similar to steps which are mentioned for upgrading the elk version). We use chef to configure Elastic.