We have an ELK stack running on our private corporate network, and I have been tasked with securing it. I am investigating options for rolling out SearchGuard without undue disruption.
We have a nuget package which client applications use for firing log messages into ElasticSearch. This just creates an http request, and fires it at the ElasticSearch REST API.
The choice of auth method will be influenced by what is least disruptive.
Is there a choice of auth such that we could run the "secure" and "insecure" methods in parallel, and then when everyone is using the secure channel, turn the insecure channel off?
Context
* Search Guard and Elasticsearch version: search-guard-6-6.5.2-23.2; elasticsearch-6.5.2
* Installed and used enterprise modules, if any
* JVM version and operating system version: 1.8.0_202
* Search Guard configuration files
* Elasticsearch log messages on debug level
* Other installed Elasticsearch or Kibana plugins, if any: no other plugins