I did some research and found that Logstash offers mutual SSL authentication so I can once authenticate servers on which filebeat runs and also authenticate the Logstash server itself.
Our future centralized logging solution would require complete security isolation between the data coming from different projects.
In a nutshell, I would like filebeat agents shipping data from a particular application to access my ES secured cluster in such a way that access should be granted based on a client certificate of the filebeat server. In other words, I am trying to avoid a scenario when a filebeat agent from app1 starts loading data into elasticsearch indices reserved for app2.
Since all the logs are going through Logstash first Is it possible with X-Pack to bind access to write into specific indices depending on the client certificate of the original source where filebeat is collecting logs from?