03. 04. 2019 Michele Santuari Log Auditing, NetEye

How to Manage Permissions in Log Analytics with NetEye 4

NetEye 4 Log Manager, as already presented in this blog post, allows you to easily manage the collection, navigation, visualization and analysis of large numbers of logs.

For many reasons, I as a user may want to limit log access to a subset of users. For example a network administrator should only see the logs of switches, routers…

One of the possible solutions supported by NetEye 4 is to manage the user-specific permissions leveraging the Director hostgroup, which each host can be configured to belong to.

Let’s assume a very simple scenario: two users (network-admin, database-admin) who must have different authorizations:

  • The former is responsible for the network devices that are in network-hostgroup
  • The latter is responsible for the database servers that are in database-hostgroup

Neither user should see monitoring data and logs from the other group, just those under his/her responsibility.

The configuration of these permissions requires defining two roles in the Authentication section under the Configuration menu item:

Those roles serve to limit the permissions based on the hostgroup which each role can see as follows:

  1. Director: limit the visibility of host configurations
  2. Monitoring: show only the status of the hosts
  3. Logs Analytics: map the roles between Log Analytics and those just configured in the screenshot above

Log Analytics must be configured in Search Guard to limit access to logs belonging to the hostgroup by following these steps:

  • Back up the Search Guard configuration: 
mkdir /root/backup-hostgroup && /usr/share/neteye/scripts/searchguard/sg_backup.sh -d /root/backup-hostgroup
  • Create new roles in Search Guard with limited permissions based on the hostgroup in /root/backup-hostgroup/sg_roles.yml: 
ws_network-hostgroup:
  cluster:
  - "CLUSTER_COMPOSITE_OPS_RO"
  indices:
    ?kibana_*:
      '*':
      - "READ"
    logstash-*:
      '*':
      - "READ"
      _dls_: "{\"match\":{\"hostgroups\":\"network-hostgroup\"}}"
 
ws_database-hostgroup:
  cluster:
  - "CLUSTER_COMPOSITE_OPS_RO"
  indices:
    ?kibana_*:
      '*':
      - "READ"
    logstash-*:
      '*':
      - "READ"
      _dls_: "{\"match\":{\"hostgroups\":\"database-hostgroup\"}}"
  • Add a mapping for the roles in /root/backup-hostgroup/sg_roles_mapping.yml as follows: 
ws_network-hostgroup:
  backendroles:
  - "network-hostgroup"
ws_database-hostgroup:
  backendroles:
  - "database-hostgroup"

In an upcoming release, Log Analytics configurations will be simplified via the automated creation of Search Guard roles based on the hostgroups available in Director.

Michele Santuari

Michele Santuari

Software Architect at Wuerth Phoenix
Hi, my name is Michele Santuari and I am a Telecommunication engineer fell in love with OpenFlow, the first attempt of centralized network management, provisioning and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages.

Author

Michele Santuari

Hi, my name is Michele Santuari and I am a Telecommunication engineer fell in love with OpenFlow, the first attempt of centralized network management, provisioning and monitoring. I embraced the Software Defined Networking approach to discover a passion for programming languages.

Latest posts by Michele Santuari

09. 08. 2019 NetEye, NetEye Updates
Bug Fixes for NetEye 4.7
28. 06. 2019 Log Management, NetEye
How to Debug NetEye Log Management
05. 04. 2019 NetEye Updates
Bug fixes for NetEye 4.4
27. 12. 2018 Development, NetEye
Research & Development – Poker Planning (Part 3)
05. 12. 2018 Development, NetEye
Research & Development – Backlog (Part 2)
See All

Related Content

Tags: , , ,

21. 03. 2019 Michele Santuari NetEye, Security

Field Anonymization with NetEye 4 for GDPR

The regulations of the GDPR in many cases require that some user data is not always present, and / and or that they are anonymized.  So I would like to show you now how NetEye 4 responds to this new requirement. Read More
21. 12. 2018 Michele Santuari Log Management, NetEye

How to Monitor Icinga 2 Itself with Icingabeat

NetEye 4 is based on Icinga 2. How can we monitor it? There are several options available; here I choose Icingabeat and test it. Icingabeat is an Elastic Beat that fetches data from the Icinga 2 API and sends it Read More
22. 05. 2017 Michele Santuari Log Auditing, NetEye

NetEye as essential component of a Security Operations Centers

During my last projects I noticed that the implementation of a „Security Operations Center“ (in short SOC) is becoming increasingly important, especially for our enterprise customers. Mainly for big companies that are of public interest like banks, energy providers, assurances Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact

Serviceportal
net.support@wuerth-phoenix.com

Subscribe to Feed

Article     Comments
Insert your E-Mail address:

Archive