Loading the security configuration
Prerequisites
In order to apply the minimal security configuration required to run Siren Investigate, you need:
- 
The password of the elasticadministrative user.
- 
The commands bashandcurl.
ECK initializes a random password for the elastic user during the setup and stores it in a secret named <cluster name>-es-elastic-user>.
To get the password, fetch the secret and decode the password with kubectl, for example:
kubectl -n siren get secret/siren-es-elastic-user -o go-template='{{.data.elastic | base64decode}}'Initializing and configuring the roles
- 
Download the initialization scripts. - 
If you have an Elastic Platinum license or have activated a trial license, download the following scripts: 
- 
If you have an Elastic Basic license, download the following scripts: 
- 
For more information about these scripts see Integrating Elastic Stack security. 
 
 
- 
- 
Forward the cluster HTTP port to your machine, for example: kubectl -n siren port-forward service/siren-es-http 9200
- 
In a different terminal window, execute the initroles.shscript:bash initroles.sh
- 
When prompted, enter the following information: - 
Elasticsearch username: Press kbd:[Enter]. 
- 
Elasticsearch password: Enter the password of the elasticuser.
- 
Elasticsearch URL: Enter https://localhost:9200
- 
Investigate index prefix: Press kbd:[Enter]. 
- 
Prefix for data indices managed through Investigate: Press Enter.
- 
Index pattern matching indices readable by Investigate users: Press Enter.
- 
curl flags: Enter -kto skip the certificate validation. This is necessary because the certificate automatically generated by ECK does not containlocalhostas a valid hostname.If the script is successful, you will see a list of replies from Elasticsearch to confirm the creation of the default roles, for example: 
 Creating investigate_system role... {"role":{"created":true}} Creating federate_system role... {"role":{"created":true}} Creating investigate_user role {"role":{"created":true}} Creating investigate_admin role {"role":{"created":true}}
- 
- 
Execute the initusers.shand when prompted, enter the following information:- 
Elasticsearch username: Press kbd:[Enter]. 
- 
Elasticsearch password: Enter the password of the elasticuser.
- 
Elasticsearch URL: Enter https://localhost:9200
- 
Password of sirenserver user: Enter a password for the sirenserveruser.
- 
Password of federate user: Enter a password for the federateuser. This user can be used by Siren Federate for internal operations on the cluster indices.
- 
Password of sirenuser user: Enter a password for the sirenuseruser. This user can be used to sign in to Siren Investigate with administrative privileges.
- 
Password of sirenadmin user: Enter a password for the sirenadminuser. This user can be used to sign in to Siren Investigate with a reduced set of privileges for testing.
- 
curl flags: Enter -kto skip the certificate validation.If the script is successful you will see a list of replies from Elasticsearch to confirm the creation of the users, for example: 
 Creating sirenserver user {"created":true} Creating sirenadmin user {"created":true} Creating sirenuser user {"created":true} Creating federate system user {"created":true}
- 
Next steps
To deploy Siren Investigate on Kubernetes, see Setting up Siren Investigate on Kubernetes.
For more information about ECK options and scenarios, refer to Elastic’s ECK documentation.