Kibana isolation to multiple users

jacobmathews · September 5, 2019, 9:06am

Hai,we are planning to build a shared soc using Wazuh-ELK...so let our ELK ip be 192.0.0.0(eg:).we are planning to add all the agents under single wazuh-elk..but now the problem is how can I control customer1accessing to customer2's agent details and dashboards...can somebody help us please.

let customer1 be having agent1,agent2 and agent3...and customer2 having agents test1,test2 and test3..as we are using single wazuh-elk to integrate all these agents...how can I isolate the customer environments,and how can I restrict customer1 accessing customer2 logs,and vice versa

tylersmalley · September 5, 2019, 3:53pm

It sounds like you're looking for Kibana Spaces. Will that work for your use case?

elasticforme · September 5, 2019, 4:18pm

when you say agent do you mean index? or instance or kibana?

elk has basic xpack which has almost what you need
if you want to limit customer to particular index/dashbaord

you basically design space,
then role and assign spaces to each role with particular access read/write/full etc...

then define user and assign one+ role to each user.

so in in end you will have user access with multiple index/dashbaord with different type of access

Topic		Replies	Views
Rolebased access for dashboards in kibana Kibana	6	449	August 15, 2019
How to manage multiple users with different indexes in kibana Kibana elastic-stack-security	3	406	August 19, 2022
Tenant Kibana as BI Kibana	1	45	January 15, 2025
Elasticsearch & Kibana environment per customer Kibana elastic-stack-security	4	442	January 11, 2019
Maintain confidentiality of agents and user in kibana Elasticsearch	3	267	October 17, 2022

Kibana isolation to multiple users

Related topics