Can i use elasticsearch for security audits? For example I have 10 users accessing confidential datas everyday and I log this and index to elasticsearch. Will be be able to do random audits on these users,for example 2 different users and 2 different dates for every month. I was trying random score and function score
Thank you for the reply ,this not the audit for seeing who is accessing the elasticsearch cluster,its external data (which has info already who access it and which record he has accessed it ) ,I ingest that data into elasticsearch.
For examples, "Axcse" user accessed this record "aaaa" ,like this I have many documents different users accessing different records,and each logs I have it in json documents in elasticsearch ,so every month, I want to perform a audit on a random users and random dates.
We receive logs from IBM cics to elasticsearch which has all the transaction info and personal numbers which are highly confidential datas and these confidential datas are viewed by certain users (authorised users) ,so we have to perform security audits on these users randomly on different dates every month ,since its not practically possible to see all the logs and why they have accessed those records,so thats why we want to audit two random users and two different dates ,all the logs whatever they accessed on that particular random dates.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.