Kibana isolation to multiple users

jacobmathews · September 5, 2019, 9:06am

Hai,we are planning to build a shared soc using Wazuh-ELK...so let our ELK ip be 192.0.0.0(eg:).we are planning to add all the agents under single wazuh-elk..but now the problem is how can I control customer1accessing to customer2's agent details and dashboards...can somebody help us please.

let customer1 be having agent1,agent2 and agent3...and customer2 having agents test1,test2 and test3..as we are using single wazuh-elk to integrate all these agents...how can I isolate the customer environments,and how can I restrict customer1 accessing customer2 logs,and vice versa

tylersmalley · September 5, 2019, 3:53pm

It sounds like you're looking for Kibana Spaces. Will that work for your use case?

elasticforme · September 5, 2019, 4:18pm

when you say agent do you mean index? or instance or kibana?

elk has basic xpack which has almost what you need
if you want to limit customer to particular index/dashbaord

you basically design space,
then role and assign spaces to each role with particular access read/write/full etc...

then define user and assign one+ role to each user.

so in in end you will have user access with multiple index/dashbaord with different type of access

system · October 3, 2019, 4:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.