Simple way to deploy Elastic Security

I am trying to install the Elastic Stack locally on a single VM to keep the setup simple.

The use case is Security, which requires installing ELK as well as many configurations here and there to enable features like Elastic Agent (like security / tls / user roles) .

Although the documentation does cover the steps, I am finding it tedious to get the configuration right. I was wondering if other installation options are there, like pre-made Virtual Machine, docker, or install scripts that automate the deployment and especially the configurations required for a functional Elastic Security ?

P.S : I know that cloud provides the simplicity I am looking for, but unfortunately I am bound to deploy Elastic Security locally.

Hi @lisa99, welcome to the forum!

Elastic has official Docker images for the parts of the Stack, I'd check them out:

• GitHub - elastic/dockerfiles: Dockerfiles for the official Elastic Stack images
• Install Elasticsearch with Docker | Elasticsearch Guide [7.13] | Elastic
• Install Kibana with Docker | Kibana Guide [7.13] | Elastic

If you need to override default config files, and there's a lot of configuration, one option would be to build your own Dockerfiles on top of the official ones.

For a simple local setup, I'd personally use docker-compose and include both Elasticsearch and Kibana instances there. You can even build a multi-node ES and KIbana cluster that way, where all the nodes would still work on the same machine.

If you are familiar with Kubernetes or need a more advanced setup, another option would be to spin up Elastic Stack in a K8s cluster. Elastic has Helm charts, seems like not every component of the Stack is there, but still:

• GitHub - elastic/helm-charts: You know, for Kubernetes

For even more fancy deployments there's an option to use Elastic Cloud on Kubernetes:

• GitHub - elastic/cloud-on-k8s: Elastic Cloud on Kubernetes
• Overview | Elastic Cloud on Kubernetes [1.6] | Elastic

As for configuring your data sources like Elastic Agent and Endpoint Security, probably the easiest way would be to do it via Fleet (your Agents should be enrolled in your Fleet, so you could have a centralised control over them from Kibana):

• Fleet | Kibana Guide [7.13] | Elastic
• Fleet and Elastic Agent overview | Fleet User Guide [7.13] | Elastic
• Configure and install the Elastic Endpoint integration | Elastic Security Solution [7.13] | Elastic

Elastic Security app requires some configuration to be done upfront for production environments, make sure to read this documentation:

• Get started with Elastic Security | Elastic Security Solution [7.13] | Elastic
• for example, detection rules require some index-level privileges to be granted Detections prerequisites and requirements | Elastic Security Solution [7.13] | Elastic

Sorry, at this point we don't have any automation of the things specifically required by Elastic Security.

For a simple local setup you could log in as a superuser (make sure to give your user the role named superuser) and expect most of the functionality working.

Hi @lisa99 Welcome to the Community

I have a Quick How To for a Secure Elastic Stack on a Single VM you can take a look it it here btw bvader thats me.

I did for just such a case (POC, Initial Look) etc.

@stephenb this is awesome! Thank you for sharing this guide!

@lisa99 let us know if this helps you. I know it may be a little bit frustrating to not having a simple one-click deploy-everything solution, but hopefully we'll get there at some point in the future.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.