General Question regarding specific use-case

security

(Cengiz) #1

Hi All,

I am newbie for ES and Shield. I am searching the possibility of doing the following use-case:

  • I have XML logs that will be ingested by Logstash
  • Logstash will store the data in ES.
  • I need to secure specific fields on the XML data (such as Customer Details) and it should rest as such in ES.
  • I will use Shield to present the results to users through Kibana based on user roles. And if the user is allowed, they will need to see the encrypted data as decrypted. Otherwise, they will not be able to see the contents of that specific field on Kibana.

Can anyone shed some light on this and how that be achieved using ELK?

Thx a lot.
cengiz


(Mark Walkom) #2

You can use field level security for this - https://www.elastic.co/guide/en/shield/current/setting-up-field-and-document-level-security.html

Note though, Shield does not encrypt the data in ES.


(Cengiz) #3

Thx for the answer. Yes the only issue is keeping the field encrypted in ES as it can be sensitive data such as Passport Number. Can it be stored encrypted and decrypted on the fly when being accessed to data over ES/Kibana?


(Mark Walkom) #4

You need to use FS level encryption, at the moment there is no document encryption native to ES.


(system) #5