Security
If your Elasticsearch instance is running with security (using SearchGuard or X-Pack), you must modify both the Siren ML plugin and engine configurations.
Siren ML engine configuration
The Siren ML engine requires certificates and credentials to access Elasticsearch. These can be provided using the following properties in its configuration file (typically /etc/sirenml/sirenml.yml).
datasource:
tls:
enabled: true
certificate: '/path/to/cert.pem'
key: '/path/to/cert.key'
auth:
username: dan
password: password1
backend: searchguard # Can also be 'xpack'The provided certificate must be trusted by the Elasticsearch security backend.
Siren ML plugin configuration
You must provide the Siren ML plugin with an administrative username and password for Elasticsearch. These credentials are provided in the Investigate configuration file (investigate.yml).
machine_learning:
username: dan
password: password1