We have a compliance audit coming up soon and one of the requirement is that the information stored in Elastic (as a SIEM) must be encrypted.
Now, I understand that Elastic don't do encryption because these documents / information are meant for searching purposes and I have explored dm-crypt (but I prefer not to do disk encryption if possible).
Tried exploring the /var/lib/elasticsearch/indices folders and the information don't seemed to be "human-readable". Does this means Elastic hashes or employ some encryption mechanism to make it non human-readable?
Anyone care to shed some light on this?