ES audit security events for user management audit trails, etc

Hi,

is there a way to audit user management events in ES currently?

We need to audit creation/update/removal of users in ES.
We also need to audit password changes.

This may be a question for Kibana. Is there a way to "force password change" when user logs in?

Thanks.

https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html perhaps?

And no, there's not one at the moment. That would depend entirely on what auth realm you used too.

We have got the audit logging enabled and ingested into ES, but based on https://www.elastic.co/guide/en/elasticsearch/reference/7.7/audit-event-types.html, we don't think there is such security event for user management audit events.

We are using the native realm currently.

Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.