Elasticsearch across the Internet

[Sam Heuchert]

Hi All!

I wanted to ask if Elasticsearch communication over port 9200 from the Wazuh Server Cluster and port 9300 between the Elasticsearch cluster is encrypted by default?  I'm working on a zero-trust based deployment and this is a requirement.

-Sam

[Jeremias Ignacio Posse]

Hello Sam! sorry for the delay in my response, yes I can assure you that port 9200 is encrypted, I am not so sure about port 9300 what I could find in our documentation is the following

https://documentation.wazuh.com/current/deployment-options/elastic-stack/index.html#installing-wazuh-with-elastic-stack-basic-license

''The communication is encrypted using certificates. Follow the installation guide to install and configure all the required components.''

I don't know if this is enough to solve your question please let me know if I can help you with anything else, I will keep looking for the answer for port 9300.

Thanks for using Wazuh, regards.

-Jeremias

[Jeremias Ignacio Posse]

Hey I'm back here fortunately, my team managed to come up with an answer and that is that if both ports are encrypted by default here you can read more about it

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html

[Sam Heuchert]

So, to confirm, both 9200 AND 9300 are encrypted by default?  

[Jeremias Ignacio Posse]

Yes, let me know if you have more questions, and thanks for using Wazuh!

[Sam Heuchert]

Thanks!