Search Guard - Rock solid Elasticsearch security on all levels

  •        487

Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

Search Guard offers TLS on transport, HTTP Basic Authentication, JSON web token, Document- and Field-level security, Audit logging, REST management API, Fine-grained role- and index-based access control and lot more.

http://floragunn.com
https://github.com/floragunncom/search-guard

Tags
Implementation
License
Platform

   




Related Projects

ReadonlyREST - The first Open Source Security plugin for Elasticsearch


Expose the high performance HTTP server embedded in Elasticsearch directly to the public, safely blocking any attempt to delete or modify your data. It provides support to enable HTTPS, Authentication and Authorization, Access control list, Rule based access and lot more. This plugin instead is just a lightweight pure-Java filtering layer. Even the SSL layer is provided as an extra Netty transport handler.

elastalert - Easy & Flexible Alerting With ElasticSearch


ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. ElastAlert works with all versions of Elasticsearch. If you have data being written into Elasticsearch in near real time and want to be alerted when that data matches certain patterns, ElastAlert is the tool for you. If you can see it in Kibana, ElastAlert can alert on it.

elasticsearch-gui - An angularJS client for elasticsearch as a plugin


Welcome to the Gui plugin for elasticsearch. Using this plugin you can explore your elasticsearch index. This plugin gives you a few different ways to start exploring. There is a way to search the repository in a way you would do it on a web site. You can enter keywords, do advanced search, use facets. Another way to explore the index is focussed on learning the structure of the actual executed query. You can enter a number of items to include in the query. You can enter fields, facets, highlighting, limit the indexes, limit the types. Finally there is a way to show some of the data in a graph. Since we use mainly JavaScript, it is possible to connect to a remote elasticsearch instance. To facilitate this, elasticsearch returns a specific html header.

elasticsearch-learning-to-rank - Plugin to integrate Learning to Rank (aka machine learning for better relevance) with Elasticsearch


Rank Elasticsearch results using tree based (LambdaMART, Random Forest, MART) and linear models. Models are trained using the scores of Elasicsearch queries as features. You train offline using tooling such as with xgboost or ranklib. You then POST your model to a to Elasticsearch in a specific text format (the custom "ranklib" language, documented here). You apply a model using this plugin's ltr query. See blog post and the full demo (training and searching).Models are stored using an Elasticsearch script plugin. Tree-based models can be large. So we recommend increasing the script.max_size_in_bytes setting. Don't worry, just because tree-based models are verbose, doesn't nescesarilly imply they'll be slow.

Inquisitor - Site plugin for ElasticSearch to help understand and debug queries.


Inquisitor is a tool help understand and debug your queries in ElasticSearch. It support JSON Parsing and Formatting, Automatic Highlighting, Formatted Search Results, Analyzer testing, Tokenizer testing.



Bigdesk - Live charts and statistics for Elasticsearch cluster.


Bigdesk helps to generate live charts and statistics for Elasticsearch cluster. It very easy to see how your Elasticsearch cluster is doing. It pulls data from Elasticsearch REST API and turns it into charts.

kopf - Web admin interface for elasticsearch


kopf is a simple web administration tool for elasticsearch written in JavaScript + AngularJS + jQuery + Twitter bootstrap. It offers an easy way of performing common tasks on an elasticsearch cluster. Not every single API is covered by this plugin, but it does offer a REST client which allows you to explore the full potential of the ElasticSearch API.

Raigad - Co-Process for backup/recovery, Auto Deployments and Centralized Configuration management for ElasticSearch


Raigad is a process/tool that runs alongside Elasticsearch to automate the Snapshot backup and restore., Tribe node deployments, Publishing Elasticsearch monitoring metrics, Configured deployments for a dedicated master/data/search approach, Support for AWS environment.

Mirage - An interactive query explorer for Elasticsearch


Mirage is a modern, open-source web based query explorer for Elasticsearch. It offers a blocks based GUI for composing Elasticsearch queries and comes with an on-the-fly transformer to show the corresponding JSON query API of Elasticsearch.

Jest - ElasticSearch Java Rest Client


Jest is a Java HTTP Rest client for ElasticSearch. ElasticSearch already has a Java API which is also used by ElasticSearch internally, but Jest fills a gap, it is the missing client for ElasticSearch Http Rest interface.

elasticsearch-dsl-py - High level Python client for Elasticsearch


Elasticsearch DSL is a high-level library whose aim is to help with writing and running queries against Elasticsearch. It is built on top of the official low-level client (elasticsearch-py).It provides a more convenient and idiomatic way to write and manipulate queries. It stays close to the Elasticsearch JSON DSL, mirroring its terminology and structure. It exposes the whole range of the DSL from Python either directly using defined classes or a queryset-like expressions.

elasticsearch-py - Official Python low-level client for Elasticsearch.


Official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.For a more high level client library with more limited scope, have a look at elasticsearch-dsl - a more pythonic library sitting on top of elasticsearch-py.

searchkick - Intelligent search made easy with Rails and Elasticsearch


Searchkick learns what your users are looking for. As more people search, it gets smarter and the results get better. It’s friendly for developers - and magical for your users.The latest version works with Elasticsearch 2 and 5. For Elasticsearch 1, use version 1.5.1 and this readme.

Calaca - Search UI for Elasticsearch


Calaca is a beautiful, easy to use, search UI for Elasticsearch. It's made for you if you need to do quick searches for your documents and don't need anything hard to setup, use. In config.js change the configs to match your Elasticsearch cluster.

Elastic HQ - Sleek, intuitive, and powerful ElasticSearch Management and Monitoring


ElasticHQ provides monitoring, management, and querying web Interface for ElasticSearch instances and clusters. It provides support for Real Time Monitoring for Clusters, Manage Indices, Mappings, Shards, Aliases, and Nodes,Full Cluster Management. It works in your web browser, allowing you to manage and monitor your ElasticSearch clusters from anywhere at any time.

ElasticSearch Paramedic - Simple tool to monitor ElasticSearch Clusters


Paramedic is a simple yet sexy tool to monitor and inspect ElasticSearch clusters. It displays real-time statistics and information about your nodes and indices, as well as shard allocation within the cluster.

ElasticHD - Elasticsearch 可视化DashBoard, 支持Es监控、实时搜索,Index template快捷替换修改,索引列表信息查看, SQL converts to DSL等


Precompiled binaries for supported operating systems are available.ElasticHD does not require any software. It works in your web browser, allowing you to manage and monitor your ElasticSearch clusters from anywhere at any time. Built on responsive CSS design, ElasticHD adjusts itself to any screen size on any device.

MozDef - MozDef: The Mozilla Defense Platform


The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.