Commit 73ad970e authored by Jochen Kressin's avatar Jochen Kressin
Browse files

mino fixes for Signals

parent c61d89b4
......@@ -27,10 +27,10 @@ elasticsearch:
searchguard:
esmajorversion: 7
version: 7.x-36.0.0
fullversion: 7.2.0-36.0.0
nextminorversion: 7.2.0-36.1.0
nextmajorversion: 7.2.0-37.0.0
version: 7.x-40.0.0
fullversion: 7.5.1-40.0.0
nextminorversion: 7.5.1-40.1.0
nextmajorversion: 7.5.1-41.0.0
islatestversion: true
ispreliminaryversion: false
allversions:
......
......@@ -210,7 +210,7 @@ If `searchguard.audit.resolve_bulk_requests` is set to true, all sub requests in
Due to the amount of information stored, the audit log index can grow quite big. It's recommended to use an external storage for the audit messages, like `external_elasticsearch` or `webhook`, so you dont' put your production cluster in jeopardy. See chapter [Audit Logging Storage Types](auditlogging_storage.md) for a list of available storage endpoints.
# Configuring retries
## Configuring retries
In case your audit log sinks fail occasionally you can configure a retry mechanism. Please note that the messages for which a retry is needed are only held in memory. So this is not reliable in case of an expected or unexpected node shutdown. If you need reliable audit logs you need to have a performant and high available sink like Apache Kafka.
......
......@@ -16,46 +16,50 @@ description:
{% include toc.md %}
Signals Alerting for Elasticsearch is distributed as part of Search Guard. To use Signals, you just need to install the Search Guard plugin for Elasticsearch and Kibana.
Since v40, Signals Alerting for Elasticsearch is distributed as part of Search Guard. To use Signals, you just need to [install the Search Guard plugin for Elasticsearch and (optional) Kibana](search-guard-versions) version 40 and above.
*Signals is right now in Beta state. At the moment, it is only available for Elasticsearch 7.3.2, 7.4.0, 7.4.1, 7.4.2 and 7.5.0.*
At the time of writing, Signals is available for Elasticsearch **7.5.0** and above. However, we will release Signals versions for Elasticsearch **7.4.x and 7.3.x** shortly.
The technical preview includes both Signals and Search Guard, and can be installed the same way you would install Search Guard and the Search Guard Kibana plugin.
Signals is enabled by default, so after the cluster is up you can either use the [REST API](elasticsearch-alerting-rest-api-overview) or the Signals Kibana app to create your first watch.
## Signals technical preview - Elasticsearch
If you need to disable it, add the following setting to your `elasticsearch.yml`:
1. Download the plugin:
```
signals.enabled: false
```
* ES 7.3.2: [https://releases.floragunn.com/signals_beta_1/search-guard-7-7.3.2-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-7-7.3.2-Signals-1.0-beta1.zip)
* ES 7.4.0: [https://releases.floragunn.com/signals_beta_1/search-guard-7-7.4.0-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-7-7.4.0-Signals-1.0-beta1.zip)
* ES 7.4.1: [https://releases.floragunn.com/signals_beta_1/search-guard-7-7.4.1-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-7-7.4.1-Signals-1.0-beta1.zip)
* ES 7.4.2: [https://releases.floragunn.com/signals_beta_1/search-guard-7-7.4.2-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-7-7.4.2-Signals-1.0-beta1.zip)
* ES 7.5.0: [https://releases.floragunn.com/signals_beta_1/search-guard-7-7.5.0-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-7-7.5.0-Signals-1.0-beta1.zip)
## Users and permissions
Signals integrates perfectly with the Search Guard role-based access control features, so you can define what Search Guard roles should be permitted to use Signals. Signals ships with [pre-defined alerting action groups](elasticsearch-alerting-security-permissions) that can be assigned to any Search Guard role.
2. Install the plugin
A role with full access to all Signals features looks like:
```bash
bin/elasticsearch-plugin install -b file:///path/to/search-guard-7-7.3.2-Signals-1.0-beta1.zip
```
sg_signals_manager:
cluster_permissions:
- SGS_SIGNALS_ACCOUNT_MANAGE
- SGS_CLUSTER_COMPOSITE
index_permissions:
...
tenant_permissions:
- tenant_patterns:
- 'SGS_GLOBAL_TENANT'
allowed_actions:
- 'SGS_SIGNALS_ALL'
```
Note that Signals is fully compatible with [Search Guard multi-tenancy](kibana-multi-tenancy), which means watches and watch execution can be separated by tenants.
## Signals technical preview - Kibana
## Sample watches
1. Download the plugin:
To start quickly with Signals, we have [prepared sample watches](sample_watches.md) that can be either installed by using the REST API, or the Kibana plugin.
* ES 7.3.2: [https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7.3.2-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7.3.2-Signals-1.0-beta1.zip)
* ES 7.4.0: [https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.4.0-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.4.0-Signals-1.0-beta1.zip)
* ES 7.4.1: [https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.4.1-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.4.1-Signals-1.0-beta1.zip)
* ES 7.4.2: [https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.4.2-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.4.2-Signals-1.0-beta1.zip)
* ES 7.5.0: [https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.5.0-Signals-1.0-beta1.zip](https://releases.floragunn.com/signals_beta_1/search-guard-kibana-plugin-7-7.5.0-Signals-1.0-beta1.zip)
The examples are based on the [Kibana sample data](https://www.elastic.co/guide/en/kibana/current/add-sample-data.html), so you need to import it first.
2. Install the plugin
## First steps
```bash
bin/kibana-plugin install -b file:///path/to/search-guard-kibana-plugin-7.3.2-Signals-1.0-beta1.zip
```
In order to get to speed with Signals quickly, we recommend following our ignals Alerting: First Steps](https://search-guard.com/signals-elasticsearch-alerting/) blog post. We will release a series of articles describing all Signals features in detail.
## Sample watches
## Community support
To start quickly with Signals, we have [prepared sample watches](sample_watches.md) that can be either installed by using the REST API, or the Kibana plugin.
If you have any questions, please refer to our [Signals Community forum](https://forum.search-guard.com/c/alerting-signals/12).
\ No newline at end of file
......@@ -5,7 +5,7 @@ slug: elasticsearch-alerting-rest-api-convert-es
category: signals-rest
order: 710
layout: docs
edition: community
edition: beta
description:
---
......
......@@ -14,8 +14,6 @@ description:
# Signals Indices
{: .no_toc}
{% include toc.md %}
The Signals configuration index, as the Search Guard configuration index, may contain sensitive data.
Access to the Signals configuration index is thus protected. In particular, you cannot access the index data directly by any of the Elasticsearch APIs.
......
......@@ -11,7 +11,7 @@ description:
<!--- Copyright 2020 floragunn GmbH -->
# Using Severity with Signals Watches
## Using Severity with Signals Watches
{: .no_toc}
......
......@@ -16,15 +16,13 @@ This page lists all available versions for Elasticsearch >= 7.0.0. For previous
* [Search Guard 6 for Elasticsearch 6.x](/6.x-25/search-guard-versions)
* [Search Guard 5 for Elasticsearch 5.x](/v5/search-guard-versions)
If you are upgrading from Elasticsearch 6.8.x to Elasticsearch >= 7.0.0, please read the [upgrade instructions to Elasticsearch 7.x](../_docs_installation/installation_upgrading_6_7.md).
**Please also refer to [Search Guard End of Life policy](../_docs_versions/versions_eol.md) to make sure that you are not running an outdated Search Guard version.**
## Search Guard 7
If you are upgrading from Elasticsearch 6.7.x to Elasticsearch >= 7.0.0, please read the [upgrade instructions to Elasticsearch 7.x](../_docs_installation/installation_upgrading_6_7.md).
Signals, our [Enterprise Alerting](elasticsearch-alerting-getting-started) solution for Elasticsearch, has been officially released and is bundled with any Search Guard download >= v40. Support for Elasticsearch 7.4.x and 7.3.x will follow shortly.
{: .note .js-note .note-warning}
{% include sgversions.html majorversion="search-guard-7" %}
## Signals Alerting Beta 1
{% include signalsversions.html %}
\ No newline at end of file
{% include sgversions.html majorversion="search-guard-7" %}
\ No newline at end of file
......@@ -3,12 +3,12 @@ title: Search Guard Documentation
html_title: Documentation
slug: index
layout: docs
description: Official documentation for Search Guard 7, the enterprise security suite for Elasticsearch.
description: Official documentation for Search Guard 7, the enterprise security and alerting suite for Elasticsearch.
showsearch: true
isroot: true
---
<!---
Copryight 2016-2019 floragunn GmbH
Copryight 2020 floragunn GmbH
-->
......@@ -20,14 +20,19 @@ Copryight 2016-2019 floragunn GmbH
<h1 align="center">Search Guard {{site.searchguard.version}} Documentation</h1>
The first beta version of Signals, our Alerting solution for Elasticsearch, has been released! [Signals docs](elasticsearch-alerting-getting-started).
{: .note .js-note .green}
Signals, our free Enterprise Alerting solution for Elasticsearch, has been released! [Signals docs](elasticsearch-alerting-getting-started).
{: .note .js-note}
## Quick Links
* [Quick Start](demo-installer)
* [Latest versions](search-guard-versions)
* [Installation](search-guard-installation)
* [Main Concepts](main-concepts)
* [Alerting](elasticsearch-alerting-getting-started)
| Security | Alerting |
|---|---|
| [Latest versions](search-guard-versions) |[Getting started](elasticsearch-alerting-getting-started) |
| [Quick Start](demo-installer) | [How Signals Works](elasticsearch-alerting-how-it-works) |
| [First steps: Adding users](first-steps-user-configuration) |[Sample Watches](elasticsearch-alerting-watches-sample)|
| [First steps: Configuring roles](first-steps-roles-configuration) |[REST API](elasticsearch-alerting-rest-api-overview)|
| [First steps: Assign users to roles](first-steps-mapping-users-roles) | [Severity Levels](elasticsearch-alerting-severity)|
| [Main Concepts](main-concepts) | [Actions](elasticsearch-alerting-actions-overview)|
{: .equalwidth-table}
......@@ -16,8 +16,8 @@ table > thead:first-child > tr:first-child > th,
table > caption + thead > tr:first-child > td,
table > colgroup + thead > tr:first-child > td,
table > thead:first-child > tr:first-child > td{border-top:0;}
table > tbody + tbody{border-top:2px solid #cbd3dd;}
table > tbody > tr:nth-of-type(even){background-color:#f6f7f8;}
//table > tbody + tbody{border-top:2px solid #cbd3dd;}
//table > tbody > tr:nth-of-type(even){background-color:#f6f7f8;}
table col{position:static;float:none;display:table-column;}
table td,
table th{position:static;float:none;display:table-cell;}
......@@ -60,4 +60,30 @@ table th{position:static;float:none;display:table-cell;}
{
background: $darkBlue;
color: $lightGrey;
}
\ No newline at end of file
}
/*
2-column table equal column width
*/
.equalwidth-table {
border-collapse: separate;
border-spacing: 5px;
border-style: none !important;
}
.equalwidth-table > thead > tr > th:nth-child(1),
.equalwidth-table > tbody > tr > td:nth-child(1) {
width: 50%;
border-style: none !important;
background-color:#fff;
}
.equalwidth-table > thead > tr > th:nth-child(2),
.equalwidth-table > tbody > tr > td:nth-child(2) {
width: 50%;
border-style: none !important;
background-color:#fff;
}
//.equalwidth-table > tbody + tbody{border-top:0px solid #cbd3dd;}
//.equalwidth-table > tbody > tr:nth-of-type(even){background-color:#fff;}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment