Kibana isolation to multiple users

Hai,we are planning to build a shared soc using let our ELK ip be are planning to add all the agents under single wazuh-elk..but now the problem is how can I control customer1accessing to customer2's agent details and dashboards...can somebody help us please.

let customer1 be having agent1,agent2 and agent3...and customer2 having agents test1,test2 and we are using single wazuh-elk to integrate all these can I isolate the customer environments,and how can I restrict customer1 accessing customer2 logs,and vice versa

It sounds like you're looking for Kibana Spaces. Will that work for your use case?

when you say agent do you mean index? or instance or kibana?

elk has basic xpack which has almost what you need
if you want to limit customer to particular index/dashbaord

you basically design space,
then role and assign spaces to each role with particular access read/write/full etc...

then define user and assign one+ role to each user.

so in in end you will have user access with multiple index/dashbaord with different type of access

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.