Is elasticsearch documents stored on file encrypted?


We have a compliance audit coming up soon and one of the requirement is that the information stored in Elastic (as a SIEM) must be encrypted.

Now, I understand that Elastic don't do encryption because these documents / information are meant for searching purposes and I have explored dm-crypt (but I prefer not to do disk encryption if possible).

Tried exploring the /var/lib/elasticsearch/indices folders and the information don't seemed to be "human-readable". Does this means Elastic hashes or employ some encryption mechanism to make it non human-readable?

Anyone care to shed some light on this?

Nope, it's just a binary encoding that is not encrypted.

You need to use something like dm-crypt here, it's what we recommend.

Speedy reply :slight_smile:

Thanks for the advise

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.