Issue with Tenant Log Isolation in Multi-Tenant Setup

[prajyot neve]

Hi Team,

I am facing the issue of Multi tenancy in Wazuh
The detail issue with the screenshot provided in the attached document.

I am using the Wazuh 4.12.0 version.

Could you please check and let me know how to fix this.

Thanks and Regards,
Prajyot Neve.

[Samson Olugbenga Idowu]

Hello Prajyot,

Question 1:
Tenancy in Wazuh does not control access to logs. The logs are stored in the wazuh-alerts-* index and when creating a tenant, you assigned this index as the index to be used.

Please note that tenancy is peculiar to custom visualizations and dashboard, as well as saved objects. This is to say that; a dashboard in Tenant A cannot be seen in Tenant B and vice-versa. 

To separate logs for company 1 and company 2, refer to the  Wazuh multi-site implementation and  Managing multiple Wazuh clusters with Cross-Cluster Search blogposts to determine which use-case best suits your needs.

Question 2:

To create custom roles and resolve any associated issue, refer to our documentation.
A custom all_access user will be unable to access security section, as only the admin user can do that. However, to give the custom user access to all security features, you can simply assign the admin role to the custom user by:

1. Navigating to Indexer Management > Security > Internal users.
   
2. Select the user and assign the Backend role admin to the user.
   
3. Save changes

Question 3:

To solve this, specify the name of the tenant you want to see when creating the role and do not use a wild card *."

Regards,
Samson.