Looking for Guidance on Configuring Elasticsearch with Search Guard in a Multi-Tenant Environment

Hello Everyone :hugs:,

As part of a project I’m working on, I have to put up an Elasticsearch multi-tenant environment, and I might use Search Guard for access control and security. Our objective is to guarantee that access limits are strictly enforced and that individual tenant’s data is safely segregated.

Here are some particulars about our setup, along with some queries:

Elasticsearch Version Compatibility: Elasticsearch version 7.10.2 is what we intend to use. Is there a way to verify whether this version works flawlessly with the most recent Search Guard release? :thinking: Exist any restrictions or known problems that we ought to become aware of? :thinking:

Configuration Best Practices: What are the most effective practices for configuring the permissions and roles with Search Guard, considering the multi-tenant aspect of our environment? :thinking: Any advice on how to effectively oversee permissions and duties as the variety of renters increases? :thinking:

Performance-based Matters: What effect does Search Guard have on Elasticsearch’s multi-tenant setup performance? :thinking: Exist any particular setups or modifications that can reduce any possible performance overhead? :thinking:

Strong audit recording is required in order to monitor changes and access amongst tenants. Is there a way to integrate Search Guard with other logging systems like as Logstash or Kibana, and how well does it manage audit logging? :thinking:

Community vs Enterprise Version: Would you advise continuing with the community versions of Search Guard for a project this size, or would ultimately it be worthwhile to invest in an enterprise version? :thinking:

Which of the enterprise version’s main advantages could make the price point worthwhile? :thinking:

I also checked this :point_right: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.5/Cortex-XSOAR-Administrator-devops-Guide/Elasticsearch-Security-Guidelines-Multi-tenant-Deployments but didn’t get a good solution of this.

Thank you :pray: in advance.

Hi @Domsalvator23,

I noticed you are considering using version 7.10.2, which is EOL. Is there a specific reason for this choice? And not the latest stable version, 8.x.x?
However, to answer your question - the plugin for 7.10.2 and more information can be found here: https://docs.search-guard.com/latest/search-guard-versions

Detailed configuration guidelines are available here: https://docs.search-guard.com/latest/security-for-elasticsearch
If you need any help or advice, please don’t hesitate to reach out—we’re always here to assist you.

The Audit Logs feature is part of the Enterprise Edition, and the advanced features such as “Read History Audit Logging,” “Write History Audit Logging,” and “Immutable Indices” are available in the Compliance Edition.

More details can be found:
https://docs.search-guard.com/latest/audit-logging-compliance
and here:
https://search-guard.com/licensing/#feature

For further inquiries about the Enterprise or Compliance Editions, feel free to contact us here, and our commercial team will provide you with more details on subscriptions and licenses.

If you have any questions or need further clarification, please let me know.

Best,
Mantas