New

The executive guide to generative AI

Read more
About usPartnersSupport|Login
IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Configure authentication credentials Configure Auditbeat to use encrypted connections »
Elastic Docs Auditbeat Reference [6.5] Securing Auditbeat Configure Auditbeat to use X-Pack security

Grant users access to Auditbeat indices

edit

Grant users access to Auditbeat indices

edit

To enable users to access the indices Auditbeat creates, grant them read and view_index_metadata privileges on the Auditbeat indices. If they’re using Kibana, they also need the kibana_user role.

  1. Create a reader role that has the read and view_index_metadata privileges on the Auditbeat indices.

    You can create roles from the Management > Roles UI in Kibana or through the role API. For example, the following request creates a role named auditbeat_reader:

    POST _xpack/security/role/auditbeat_reader
{
  "indices": [
    {
      "names": [ "auditbeat-*" ], 
      "privileges": ["read","view_index_metadata"]
    }
  ]
}
    Copy as curlTry in Elastic 

    If you use a custom Auditbeat index pattern, specify that pattern instead of the default auditbeat-* pattern.

  2. Assign your users the reader role so they can access the Auditbeat indices. For Kibana users who need to visualize the data, also assign the kibana_user role:

    1. If you’re using the native realm, you can assign roles with the Management > Users UI in Kibana or through the user API. For example, the following request grants auditbeat_user the auditbeat_reader and kibana_user roles:

      POST /_xpack/security/user/auditbeat_user
{
  "password" : "YOUR_PASSWORD",
  "roles" : [ "auditbeat_reader","kibana_user"],
  "full_name" : "Auditbeat User"
}
      Copy as curlTry in Elastic 

    2. If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the role_mapping.yml configuration file. For example, the following snippet grants Auditbeat User the auditbeat_reader and kibana_user roles:

      auditbeat_reader:
  - "cn=Auditbeat User,dc=example,dc=com"
kibana_user:
  - "cn=Auditbeat User,dc=example,dc=com"

      For more information, see Using Role Mapping Files.

« Configure authentication credentials Configure Auditbeat to use encrypted connections »
Was this helpful?
Feedback