Open Distro for Elasticsearch’s Security plugin ships with the capability to create an audit log to track access to your cluster. You can surface various types of audit events like authentications, and failed logins. In a prior post, we covered the basics of setting an alert in Open Distro for Elasticsearch. In this post, we will couple the security plugin with the Alerting plugin to enable alerts on failed login attempts. You can expand this pattern to get notified whenever there are potentially malicious attempts to access your Elasticsearch cluster.
This is a companion discussion topic for the original entry at https://opendistro.github.io/for-elasticsearch/blog/open%20distro%20for%20elasticsearch%20updates/2019/04/Use-Open-Distro-for-Elasticsearch-to-Alert-on-Security-Events/