ES audit security events for user management audit trails, etc


is there a way to audit user management events in ES currently?

We need to audit creation/update/removal of users in ES.
We also need to audit password changes.

This may be a question for Kibana. Is there a way to "force password change" when user logs in?

Thanks. perhaps?

And no, there's not one at the moment. That would depend entirely on what auth realm you used too.

We have got the audit logging enabled and ingested into ES, but based on, we don't think there is such security event for user management audit events.

We are using the native realm currently.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.