General Question regarding specific use-case

ckayay · June 7, 2016, 8:29am

Hi All,

I am newbie for ES and Shield. I am searching the possibility of doing the following use-case:

I have XML logs that will be ingested by Logstash
Logstash will store the data in ES.
I need to secure specific fields on the XML data (such as Customer Details) and it should rest as such in ES.
I will use Shield to present the results to users through Kibana based on user roles. And if the user is allowed, they will need to see the encrypted data as decrypted. Otherwise, they will not be able to see the contents of that specific field on Kibana.

Can anyone shed some light on this and how that be achieved using ELK?

Thx a lot.
cengiz

warkolm · June 7, 2016, 9:22am

You can use field level security for this - https://www.elastic.co/guide/en/shield/current/setting-up-field-and-document-level-security.html

Note though, Shield does not encrypt the data in ES.

ckayay · June 7, 2016, 11:31am

Thx for the answer. Yes the only issue is keeping the field encrypted in ES as it can be sensitive data such as Passport Number. Can it be stored encrypted and decrypted on the fly when being accessed to data over ES/Kibana?

warkolm · June 7, 2016, 8:55pm

You need to use FS level encryption, at the moment there is no document encryption native to ES.