Hello,
With 7.14.0 Elasticsearch has started validating agent.id
using the .fleet_final_pipeline-1
(see the PR), which greatly improves security.
While using Elastic-Agent to fetch information from servers, e.g. web-logs, we would like to make sure that the hostname of the web-server the agent runs on is trusted and has not been tampered with. This would allow us to confidently link events to servers without looking up the agent.id
. The certificate issued to the Elastic-Agent to converse with Fleet has cn=<hostname>
as the subject name, so there is a trusted source of this information (the signed certificate).
Is there a way to associate that certificate subject name with the API key given to the Elastic-Agent (in the same way the agent.id
is) so the .fleet_final_pipeline-1
can check the hostname
or certificate subject name as well as just the agent.id
?
Thanks