How to enable diferent logins in Wazuh

[Alvaro Victoriano]

Hello Wazuh Team.

I have a question please.

Is it posible after loging to kibana, make a login for diferent users in Wazuh accoarding to thier diferent indexes which are of diferent managers?

Thank you 

[Miguel Martinez]

Have you try xpack ? you can crate users and create roles from them there is a small how to on the documentation if this what you want. check out here https://documentation.wazuh.com/3.7/user-manual/kibana-app/configure-xpack/index.html

[Alvaro Victoriano]

Hello Miguel.

Ok lets say i will have diferent clients, each one of them iam gonna set in his local network Wazuh manager, and iam going to define an index name for each one of them,

then creat a user loging with a role of the index of wazuh which refer to him, correct?

what about the ability of seeing the agents of the other clients? the wazuh-monitoring-index its only one right? or it can be for diferent clients as well?

or if its posible use only one user to login into Kibana then when it opens Wazuh asking for a cridencials and the user refer to the client index, it can be?

Thank you

[Miguel Martinez]

Ok I think I got you now this sound like multitenancy but unfortunately I don't know if is possible to do it on wazuh. Let's see if one of the more experienced guys can help here. I'm interested on the possibility too if exist.

[Alvaro Victoriano]

Yes miguel thank you so much for your help.

[Emiliano Ortiz]

Hello Alvaro, sorry for the late response.

You  can configure roles and users in Elasticsearch and restrict what information can be accessed. You can create a role with privileges over one or more indices and create users with multiple roles dashboards, and spaces associated.

This way, users won't be able to access indices where they don't have privileges. This feature requires X-pack to be configured.

Here you have our documentation for setting X-Pack for Wazuh:
https://documentation.wazuh.com/3.10/installation-guide/installing-elastic-stack/protect-installation/xpack.html

You can check the official kibana documentation in more detail at the following links:
Roles and users: https://www.elastic.co/guide/en/kibana/current/kibana-privileges.html#kibana-feature-privileges
Kibana spaces: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html
Setting X-pack and creating roles and users: https://youtu.be/nMh1HWWe6B4?t=201

If you have any questions please ask us.

Regards,
Emiliano

[Alvaro Victoriano]

Hello Emiliano

Thank you so much for your help

[Blason R]

Perhaps Wazuh community would start supporting Open Distro for Elasticsearch and Kibana? Opendistro has all those functionalities available in X-Pack from authentication & security perspective.

On Thu, Oct 10, 2019 at 4:18 AM Alvaro Victoriano <alvar...@gmail.com> wrote:

Hello Emiliano

Thank you so much for your help

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/873a11ff-87ad-4b33-b115-6ba61ebf879b%40googlegroups.com.

[venkat swaminathan]

Seems interesting topic to me. Would appreciate if you small notes on the process that you followed

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAPPXLT-qxE5Ag2%3DrPm8Xy816G478g8SWro%3DxT5joj0HFo99Ntw%40mail.gmail.com.

[Alvaro Victoriano]

Hello Venkat.

In Kibana you can set useres with diferent Rules, basically (Read, Write, Delete), and there so many more.

In my case i have two managers of Wazuh, means two diferent indexes, which are for diferent users,

so i wanted use Wazuh in only one Kibana and give for each user a Username and Password.

So I had to creat new users and set diferent rules for them, (the first user cant see the Wazuh Manager index of the second one and same for the first).

You can do this by easily by giving the "read write delete" privileges to each user for his index and thats all.

You can apply this with diferent useres in Kibana if you have diferent indexes or you are using diferent dashboards and each one has a special work, also to avoid giving the super user

password which is elastic.

I tried to get most images i can for you can understand it, and you can go forward with this link to understand all type of users and thier privileges, or simply when you are there you get hit "Learn More""

https://www.elastic.co/guide/en/elastic-stack-overview/6.4/security-privileges.html

1- You have to enable the Xpack security for Kibana and Elastic.

https://documentation.wazuh.com/3.10/installation-guide/installing-elastic-stack/protect-installation/xpack.html

1- Creat Role, this rule its gonna be for a specific user you will creat later, so you should know what privileges you are gonna give on the indexes and the cluster for that user, 

as well as you can give privileges on the dashboard and its very important to give accesss to the dashboard.

2- Creat User, after creating the user and his password you should mention him wich role to use and its gonna be the one you created before

3- Log out and login to Kibana and check if its correct.

Hope it works with you, and dont hisitate for any question please.

Saludos.

Alvaro

[M3]

Is this authorization on x pack free now? It's not as far as I know.

Also what's the status quo for working with open distro, does latest Wazuh works on top of open distro?

[Juan Carlos]

Hello M3,

Sorry for the rather late reply.

X-Pack security is free now, since May 2019 with versions 6.8 and 7.1 of the Elastic Stack:

https://www.elastic.co/blog/security-for-elasticsearch-is-now-free

Wazuh works with Open Distro, you will need to use the appropriate version of the Wazuh Kibana Plugin as this component is version sensitive. For the latest version of Open Distro (which is 1.2.0 as I write this), the equivalent Elastic version is 7.2.0, so the download link for the Wazuh Kibana App will be: https://packages.wazuh.com/wazuhapp/wazuhapp-3.10.2_7.2.0.zip

Let us know if you have any more questions.

Best Regards,

Juan Carlos Tello