I'm the process of architecting out a SIEM-as-a-service offering using Elasticsearch+Fleet, but I'm having a hard time finding good, recent documentation on multi-tenancy for modern versions of Elasticsearch and/or Kibana. Everything on Google seems to point to either Opendistro/opensearch, or much older versions of Elasticsearch.
As near as I can tell, multi-tenancy would currently be implemented by employing Fleet Namespaces, Kibana spaces, roles, and document-level/attribute-based-security, but again, there's not good information on how to configure or set that up, or what pitfalls and gotchas to watch out for. Any information on how to best accomplish this would be great appreciated.
Opendistro is an AWS run product and differs from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.
(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )
Opensearch is an AWS run product and differs from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.
(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
)