Hi, I am running an Elasticsearch cluster with a Search Guard Scientific license. The cluster is primarily used for log events. Up to now, daily indices were created like SERVICE-%{+YYYY.MM.dd} for example. Recently I converted all indices to data streams . After migrating the existing indices to d…

Hi, a small but disturbing update: Even if I remove every non-default role and action group, an authenticated user can access all data stream events via the _search API. Requests to every other regular indices are blocked, but every data stream can be accessed via the logstash-* index pattern. D…

Hi Alex - this of course does not seem right, we are investigating and get back to you asap.

Hi, we have analyzed the issue. Since data streams are an X-Pack feature in Elasticsearch 7.x, we did not officially support them. However, we already changed the implementation for Search Guard FLX, so the behavior you are describing is not present anymore in FLX, which is available for 7.17.x and…

Hi, thank you for your reply! I didn’t know that data streams are a X-Pack feature. Where did you get that information from? I don’t see any hints on this on the documentation sites . I’ve updated our dev cluster to Search Guard FLX and I can happily confirm that the update fixes the security proble…

Thank you for the report; I filed an issue in our Gitlab repo to check what’s the matter with GET /_data_steam/ API: GET /_data_stream/ API returns an empty response (#119) · Issues · search-guard / Search Guard Suite Enterprise · GitLab

Search Guard incompatible with data streams?

Search Guard

searchguard October 25, 2022, 1:29pm 14

We fixed this with Search Guard 53.5.0. Search Guard FLX for Elasticsearch 7 and 8 is not affected.

Topic		Replies	Views
Security Fix Release: Search Guard 53.5.0 Announcements	0	300	October 25, 2022
How the SearchGuard is Actually Storing the Data ? Is it storing data inside searchguard index ? Search Guard	4	439	July 12, 2016
Kibana no permissions for [indices:data/read/search] Search Guard	3	4086	February 11, 2019
Records are not being filtered when applying indices in sg_roles.yml Search Guard	6	685	June 20, 2019
Search Guard Roles/Permission Issue Search Guard	0	432	July 16, 2018

Search Guard incompatible with data streams?

Related topics