Authenticate search request
sentinl: settings: authentication: enabled: true username: 'elastic' password: 'password' cert: selfsigned: false pem: '/path/to/pem/key'
sentinl: settings: authentication: enabled: true username: 'elastic' password: 'password' cert: selfsigned: true
Authenticate Siren Alert using single user - default
Access Control app. For example, default
# Access Control configuration investigate_access_control: enabled: true cookie: password: "12345678123456781234567812345678" admin_role: kibiadmin sentinl: elasticsearch: username: sentinl password: password ...
Siren Platform or Kibana
It is possible to create multiple user credentials and assign these credentials to watchers, one credential per watcher, thereby authenticating each watcher separately. It is called impersonation.
Create credentials in Search Guard or X-Pack and assign the permissions you need. You need one user for Sentinl and one user per watcher.
Set Siren Alert authentication.
sentinl: settings: authentication: enabled: true impersonate: true username: 'elastic' password: 'password' sha: '6859a748bc07b49ae761f5734db66848' cert: selfsigned: true
Set password as clear text in
passwordproperty. The password can be put in encrypted form instead. Set password hash in
shaproperty, now you can remove
sentinl/scripts/encryptPassword.jsscript to obtain the hash. Edit the value of the
adminwith your password. Copy the generated hash and paste as the
shavalue. Also, you can change password hashing complexity by setting options inside
encryption. Node.js crypto library is used to hash and unhash user password.
Set watcher authentication.
Both username and password should be set in the report action in the user interface.
Note that these settings apply only to Siren platform 10 and later.
sentinl: settings: report: active: true authentication: enabled: true mode: searchguard: true