Security
If your Elasticsearch instance is running with security (using SearchGuard or X-Pack), you must modify both the Siren ML plugin and engine configurations.
Siren ML engine configuration
The Siren ML engine requires certificates and credentials to access Elasticsearch. These can be provided using the following properties in its configuration file (typically /etc/sirenml/sirenml.yml).
datasource: tls: enabled: true certificate: '/path/to/cert.pem' key: '/path/to/cert.key' auth: username: dan password: password1 backend: searchguard # Can also be 'xpack'
The provided certificate must be trusted by the Elasticsearch security backend.
Siren ML plugin configuration
You must provide the Siren ML plugin with an administrative username and password for Elasticsearch. These credentials are provided in the Investigate configuration file (investigate.yml
).
machine_learning: username: dan password: password1