Siren Platform User Guide


If your Elasticsearch instance is running with security (using SearchGuard or X-Pack), you must modify both the Siren ML plugin and engine configurations.

Siren ML Engine Configuration

The Siren ML engine requires certificates and credentials to access Elasticsearch. These can be provided using the following properties in its configuration file (typically /etc/sirenml/sirenml.yml).

    enabled: true
    certificate: '/path/to/cert.pem'
    key: '/path/to/cert.key'

    username: dan
    password: password1
    backend: searchguard # Can also be 'xpack'

The provided certificate must be trusted by the Elasticsearch security backend.

Siren ML Plugin Configuration

You must provide the Siren ML plugin with an administrative username and password for Elasticsearch. These credentials are provided in the Investigate configuration file (investigate.yml).

    username: dan
    password: password1