I'm working on setting up a small Elastic Cluster as a proof of concept for a SIEM.
Consisting of 3 elastic nodes, one kibana node and one logstash node.
I managed to get a working cluster without the security configurations for the elastic and kibana nodes. So my next step was to secure the setup and get the full functionality of the SIEM working.
After reading the documentation, I'm wondering what settings I need for a minimum setup, as a lot of these settings seem optional?
The blog post on a small business/home setup gave some great insight on how to setup roll based access for Kibana, but since it uses the cloud instance it doesn't explain the settings needed to secure the elastic cluster on an on-prem setup.
Is there any guide or blog post that covers the minimum settings needed to get a working on-prem SIEM?