Hi,
is there a way to audit user management events in ES currently?
We need to audit creation/update/removal of users in ES.
We also need to audit password changes.
This may be a question for Kibana. Is there a way to "force password change" when user logs in?
Thanks.
warkolm
(Mark Walkom)
May 29, 2020, 4:53am
2
https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html perhaps?
And no, there's not one at the moment. That would depend entirely on what auth realm you used too.
We have got the audit logging enabled and ingested into ES, but based on https://www.elastic.co/guide/en/elasticsearch/reference/7.7/audit-event-types.html , we don't think there is such security event for user management audit events.
We are using the native realm currently.
Thanks.
system
(system)
Closed
June 26, 2020, 5:00am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.