Today is the day! We are super happy to present the first technical preview of our upcoming Search Guard compliance features for Elasticsearch 6.1.1.
This set of features is geared especially towards helping you staying compliant with regulations like GDPR, HIPAA, PCI DSS, SOX or ISO. The first preview contains two additions to the audit logging module:
- Read history audit logging: Keep an audit trail about who has accessed sensitive documents and fields, and when they have been accessed
- Write history audit logging: Keep an audit trail about changes in sensitive indices and documents, including what was changed, who made the changes, and when
If you keep PII or otherwise sensitive data in Elasticsearch, you can now precisely monitor when they have been accessed, which fields a particular user has seen, which user changed what fields, and when a document has been created. Plus, more importantly, when it has been deleted. These features are especially useful for GDPR where you need to present this kind of information to your customers or users upon request.
The next set of features will revolve around monitoring the integrity and settings of your Elasticsearch and Search Guard installation.
Download the Technical Preview 1 for Elasticsearch 6.1.1
To build and deliver the best security plugin for Elasticsearch, we need your help and feedback:
- Download and test-drive the new features, and let us know what you think
- Take part in our compliance survey, let us know your requirements and feature wishes, and win a free Search Guard license
- or simply drop us an email with your feedback under firstname.lastname@example.org
As always, thanks a ton for your support and input!
Jochen and the Search Guard team
Search Guard (®) is an Elasticsearch plugin that offers encryption, authentication, and authorization.
Coded with love in Berlin, Denmark, Sweden and the US.
Search Guard is a trademark of floragunn GmbH, registered in the U.S. and in other countries.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.