Comments (9)
Client certificate authentication should work transparently, i.e. if the browser can supply correct certificate and successfully authenticate when accessing https://elasticsearch:port, then dsiem UI should also be able to access the same location without issue.
So all you have to do is to put the correct Elasticsearch HTTPS address URL in esconfig.json
.
from dsiem.
Thank you for your reply, this problem has been solved.
DSIEM project have a Slack channel? this will make communication easier.
from dsiem.
Not at this moment. But we'll reconsider that option if we start having too many unanswered questions on Github issues.
from dsiem.
thx!
from dsiem.
HI, DSEIM Team:
I used the latest DSEIM Version: 0.28.5.
Modified the esconfig.json, DSIEM WEB UI still cannot access ES.
{ "elasticsearch": "https://elastic:[email protected]:9200", "kibana": "https://192.168.199.97:5601" }
DSIEM WEB UI: Disconnected from ES https://192.168.199.97:9200: Error: No Living connections
my elasticsearch.yml
# X-Pack
xpack.security.enabled: true
# Transport layer
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca/ca.crt" ]
# HTTP layer
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca/ca.crt" ]
# DSIEM Config
discovery.type: single-node
#cluster.routing.allocation.disk.threshold_enabled: false
#xpack.security.enabled: false
#xpack.monitoring.enabled: false
#xpack.ml.enabled: false
#xpack.graph.enabled: false
#xpack.watcher.enabled: false
http.cors.enabled: true
http.cors.allow-origin: "*"
I need your help. thx!
from dsiem.
Hi @Canon88, can you directly open https://elastic:[email protected]:9200 from another browser tab without issue? if you can see the ES banner there, then Dsiem UI should also work. If you can't see the ES banner, then there might be a non-Dsiem UI connection issue between your browser and ES.
from dsiem.
Hi, @mmta , I'm trying to open the browser https://192.168.199.97:9200
:
from dsiem.
@Canon88, I finally get around to test a config similar to yours. Turns out there was an error in web UI to support basic auth and there's also an extra CORS config required in ES to support this.
So please try Dsiem latest version (v0.28.6 as of now), and put the following extra config in environment variables or elasticsearch.yml
:
- http.cors.enabled=true
- http.cors.allow-credentials=true
- http.cors.allow-origin=*
- http.cors.allow-headers=Authorization,X-Requested-With,Content-Type,Content-Length
from dsiem.
@mmta The problem has been solved, thank you!
from dsiem.
Related Issues (20)
- Dsiem-Tools HOT 1
- [Question] Using Dsiem without ELK
- why doesn't dsiem accept logs? HOT 1
- CustomData problem HOT 1
- [Feature Request] Accept json array in POST /events route HOT 1
- CustomData special
- [Question] Reload directives HOT 1
- !:1 usage
- Unable to send events from Logstash to Dsiem HOT 2
- linux/arm64 server build HOT 1
- Order Independent "AND" for Directives? HOT 1
- How to set directives HOT 3
- 404 error when running demo HOT 1
- Unable to see siem_alarms in Kibana and Dsiem HOT 1
- esconfig.json HOT 1
- One stage rule
- Disconnected from ES http://elasticsearch:9200: Error: No Living connections HOT 2
- Disconnected from ES http://:9200: Error: No Living connection HOT 2
- Error while getting firewall logs to DSIEM and Kibana Dashboard HOT 1
- DSIEM WITH AUDITD LOGS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dsiem.