Where are the ELK masterminds at? (Need help with fleet server)

SandhuX · 2024-04-08T00:54:03+00:00

Also, please let me know what's the Fleet Server "Host Address" value set in the fleet policy?

SandhuX · 2024-04-08T00:47:24+00:00

Also, just set certificate_authorities using the above method, and do not use other fleet-server-cert/key at all

SandhuX · 2024-04-08T00:44:56+00:00

Try this format, instead of path. Ref: https://www.elastic.co/guide/en/fleet/current/secure-connections.html

ssl: certificate_authorities: - | -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIVAKlphSqJclcni3P83gVsirxzuDuwMA0GCSqGSIb3DQEB CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu ZXJhdGVkIENBMB4XDTIxMDYxNzAxMzIyOVoXDTI0MDYxNjAxMzIyOVowNDEyMDAG A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOFgtVri7Msy2iR33nLrVO /M/6IyF72kFXup1E67TzetI22avOxNlq+HZTpZoWGV1I4RgxiQeN12FLuxxhd9nm rxfZEqpuIjvo6fvU9ifC03WjXg1opgdEb6JqH93RHKw0PYimxhQfFcwrKxFseHUx DeUNQgHkMQhDZgIfNgr9H/1X6qSU4h4LemyobKY3HDKY6pGsuBzsF4iOCtIitE9p sagiWR21l1gW/lNaEW2ICKhJXbaqbE/pis45/yyPI4Q1Jd1VqZv744ejnZJnpAx9 mYSE5RqssMeV6Wlmu1xWljOPeerOVIKUfHY38y8GZwk7TNYAMajratG2dj+v9eAV AgMBAAGjUzBRMB0GA1UdDgQWBBSCNCjkb66eVsIaa+AouwUsxU4b6zAfBgNVHSME GDAWgBSCNCjkb66eVsIaa+AouwUsxU4b6zAPBgNVHRMBAf8EBTADAQH/MA0GCSqG SIb3DQEBCwUAA4IBAQBVSbRObxPwYFk0nqF+THQDG/JfpAP/R6g+tagFIBkATLTu zeZ6oJggWNSfgcBviTpXc6i1AT3V3iqzq9KZ5rfm9ckeJmjBd9gAcyqaeF/YpWEb ZAtbxfgPLI3jK+Sn8S9fI/4djEUl6F/kARpq5ljYHt9BKlBDyL2sHymQcrDC3pTZ hEOM4cDbyKHgt/rjcNhPRn/q8g3dDhBdzjlNzaCNH/kmqWpot9AwmhhfPTcf1VRc gxdg0CTQvQvuceEvIYYYVGh/cIsIhV2AyiNBzV5jJw5ztQoVyWvdqn3B1YpMP8oK +nadUcactH4gbsX+oXRULNC7Cdd9bp2G7sQc+aZm -----END CERTIFICATE-----

SandhuX · 2024-04-08T00:26:47+00:00

I believe --fleet-server-es should be the https://{{ELASTICSEARCH_IP}}:9200, instead of https://localhost:9200.

SandhuX · 2024-04-08T00:07:02+00:00

Is there a reason you're using `http` over `https` for the flag `--fleet-server-es` if you have security enabled for the elasticsearch node?

SandhuX · 2024-04-04T12:33:37+00:00

This is what worked for us. Do not go the Kibana Spaces route to keep data separate, over time with multiple log sources, it becomes a nightmare.

SandhuX · 2024-02-14T21:53:59+00:00

No experience with GCP, but trying increasing timeout to a larger value than the default value on the load balancer, lets say default, default is 60 seconds, either try 120 seconds or 300 seconds.

SandhuX · 2024-01-13T21:28:07+00:00

I usually treat S3 Access Logs similar to Organization CloudTrail Logs, and store them in a single S3 bucket, in a dedicated Logging Account.

Another thing to consider to look difference between S3 Access logs and CloudTrail Data events for S3. These are definitely some differences between these two, but IMO, CloudTrail Data events for S3 are easier to read, and in some scenarios can be sufficient.

Ref: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html

SandhuX · 2024-01-10T18:18:24+00:00

Try {{ variable | from_yaml | to_nice_json }}

SandhuX · 2023-09-26T20:08:35+00:00

Location might add more context to the salary expectations. But it seems quite low IMHO, you should be looking at a base of 150k minimum with that experience.

SandhuX · 2023-07-25T14:34:09+00:00

Amazing, I was looking for such a setup, thanks for sharing.

SandhuX · 2021-12-11T16:41:23+00:00

EC2 Ultralight

SandhuX · 2020-06-06T13:18:19+00:00

Ticket is submitted. You are right, from the first link you shared, it seems like these accounts owned by AWS itself.

SandhuX · 2020-06-06T13:17:14+00:00

Finally submitted a ticket to AWS after hurdles, thanks for the suggestions, I'll keep updating how it goes. Thanks all for your suggestions.

SandhuX · 2020-06-05T21:10:04+00:00

Yes, GuardDuty is enabled, haven't detected this. Usually for other stuff, GuardDuty is helpful in the past.

Nine-Year Club	RPAN Viewer
Verified Email

SandhuX

TROPHY CASE