Kibana isolation to multiple users

jacobmathews · September 5, 2019, 9:06am

Hai,we are planning to build a shared soc using Wazuh-ELK...so let our ELK ip be 192.0.0.0(eg:).we are planning to add all the agents under single wazuh-elk..but now the problem is how can I control customer1accessing to customer2's agent details and dashboards...can somebody help us please.

let customer1 be having agent1,agent2 and agent3...and customer2 having agents test1,test2 and test3..as we are using single wazuh-elk to integrate all these agents...how can I isolate the customer environments,and how can I restrict customer1 accessing customer2 logs,and vice versa

tylersmalley · September 5, 2019, 3:53pm

It sounds like you're looking for Kibana Spaces. Will that work for your use case?

elasticforme · September 5, 2019, 4:18pm

when you say agent do you mean index? or instance or kibana?

elk has basic xpack which has almost what you need
if you want to limit customer to particular index/dashbaord

you basically design space,
then role and assign spaces to each role with particular access read/write/full etc...

then define user and assign one+ role to each user.

so in in end you will have user access with multiple index/dashbaord with different type of access

system · October 3, 2019, 4:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Assign users to APM Agents Elastic Observability	0	205	August 11, 2023
Maintain confidentiality of agents and user in kibana Elasticsearch	3	229	October 17, 2022
Single Kibana Dashboard for All Users Limited with their Own Data Kibana	4	531	September 17, 2020
How to manage multiple users with different indexes in kibana Kibana elastic-stack-security	3	345	August 19, 2022
Kibana Discover / Dashboards Read Only Elasticsearch	7	202	February 19, 2024

Kibana isolation to multiple users

Related topics