Siren Platform User Guide

Authenticate search request

Kibana Elasticsearch basic authentication is used for authentication.

Valid certificate

sentinl:
  settings:
    authentication:
      enabled: true
      username: 'elastic'
      password: 'password'
      cert:
        selfsigned: false
        pem: '/path/to/pem/key'

Self-signed certificate

sentinl:
  settings:
    authentication:
      enabled: true
      username: 'elastic'
      password: 'password'
      cert:
        selfsigned: true

Siren Platform

Authenticate Siren Alert using single user - default sentinl from Access Control app. For example, default investigate.yml.

+

# Access Control configuration
investigate_access_control:
  enabled: true
  cookie:
password: "12345678123456781234567812345678"
  admin_role: kibiadmin
  sentinl:
elasticsearch:
  username: sentinl
  password: password
...

Siren Platform or Kibana

It is possible to create multiple user credentials and assign these credentials to watchers, one credential per watcher, thereby authenticating each watcher separately. It is called impersonation.

  1. Create credentials in Search Guard or X-Pack and assign the permissions you need. You need one user for Sentinl and one user per watcher.
  2. Set Siren Alert authentication.

    sentinl:
      settings:
        authentication:
          enabled: true
          impersonate: true
          username: 'elastic'
          password: 'password'
          sha: '6859a748bc07b49ae761f5734db66848'
          cert:
            selfsigned: true
    • Set password as clear text in password property. The password can be put in encrypted form instead. Set password hash in sha property, now you can remove password option.
    • Use sentinl/scripts/encryptPassword.js script to obtain the hash. Edit the value of the plainTextPassword variable, replacing admin with your password. Copy the generated hash and paste as the sha value. Also, you can change password hashing complexity by setting options inside encryption. Node.js crypto library is used to hash and unhash user password.
  3. Set watcher authentication. encryptPassword.jspasswordusernameimpersonate: true.
Watcher authentication