This part of the forums is primarily for security related things such as endpoints, SIEM, etc...
You would probably be better off posting to:
<a href="https://www.elastic.co/elasticsearch">Elasticsearch</a>, <a href="https://www.elastic.co/kibana">Kibana</a>, <a href="https://www.elastic.co/beats">Beats</a>, and <a href="http://www.elastic.co/logstash">Logstash</a> - also known as the <a href="https://www.elastic.co/elk-stack">ELK Stack</a>. Reliably and securely take data from any source, in any format, then search, analyze, and visualize it in real time.<br>
Please post your your topic under the relevant product category: <a class="hashtag-cooked" href="/c/elastic-stack/elasticsearch/6" data-type="category" data-slug="elasticsearch" data-id="6" data-ref="elastic-stack:elasticsearch"><span class="hashtag-icon-placeholder"><svg class="fa d-icon d-icon-square-full svg-icon svg-node"><use href="#square-full"></use></svg></span><span>Elasticsearch</span></a>, <a class="hashtag-cooked" href="/c/elastic-stack/kibana/7" data-type="category" data-slug="kibana" data-id="7" data-ref="elastic-stack:kibana"><span class="hashtag-icon-placeholder"><svg class="fa d-icon d-icon-square-full svg-icon svg-node"><use href="#square-full"></use></svg></span><span>Kibana</span></a>, <a class="hashtag-cooked" href="/c/elastic-stack/beats/28" data-type="category" data-slug="beats" data-id="28" data-ref="elastic-stack:beats"><span class="hashtag-icon-placeholder"><svg class="fa d-icon d-icon-square-full svg-icon svg-node"><use href="#square-full"></use></svg></span><span>Beats</span></a>, <a class="hashtag-cooked" href="/c/elastic-stack/logstash/14" data-type="category" data-slug="logstash" data-id="14" data-ref="elastic-stack:logstash"><span class="hashtag-icon-placeholder"><svg class="fa d-icon d-icon-square-full svg-icon svg-node"><use href="#square-full"></use></svg></span><span>Logstash</span></a>, <a class="hashtag-cooked" href="/c/elastic-stack/elastic-agent/91" data-type="category" data-slug="elastic-agent" data-id="91" data-ref="elastic-stack:elastic-agent"><span class="hashtag-icon-placeholder"><svg class="fa d-icon d-icon-square-full svg-icon svg-node"><use href="#square-full"></use></svg></span><span>Elastic Agent</span></a> .
And using the tags of elastic-stack-security
You can also search around here or on google for some some of those keywords and there's a lot of forum posts explaining the content security policies and how you can change them to suit your needs such as this one:
Hi @LizaD - Thank you for the quick reply. I already reviewed that post before I raised my question - it unfortunately does not address my question.
What I'd like to do is to set the csp.rules parameter in the kibana.yml file to no longer have unsafe-eval for script-src - to make it more secure:
https://www.elastic.co/guide/en/kibana/6.7/settings.html
However, I do not know whether removing unsafe-eval from script-src will cause any issues with the list of Kibana functions below:
Discover
…
Either way, welcome, and good luck on your journeys and when it comes to security, I would always recommend using our latest versions of the stack as well
1 Like
