security
security copied to clipboard
opensearch-project
🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
### Description This PR allows writing auditlogs to datastreams. auditlog type "internal_opensearch" currently not supporting datatstreams. `java.lang.IllegalArgumentException: only write ops with an op_type of create are allowed in data streams...
**What solution would you like?** Currently we support only `bcrypt` for passwords hashing which is resource consuming for slow CPUs. It would be a good idea to give customers a...
**Is your feature request related to a problem?** The field masking algorithm defaults to Blake2b. We'd like to be able to change this via a configuration option. **What solution would...
I am using opensearch 2.11. My auditlog config: ``` plugins.security.audit.config.index: opensearch-security-auditlog plugins.security.audit.type: internal_opensearch ``` "opensearch-security-auditlog" is a datastream. When opensearch is storing auditlog to the datastream, i get the following...
### Problem Statement When a OpenSearch cluster admin Alice creates and then shares a Quarterly Sales dashboard with user Bill; Alice does not know if Bill will see the same...
In some customer service contracts (especially Government contracts), there is a requirement to run all services in [FIPS 140-2](https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf) compliant/enforced mode. [Elasticsearch supports this](https://www.elastic.co/blog/configuring-elasticsearch-in-a-fips-140-2-environment) currently in their xpack security plugin....
[FEATURE] Create a formal relationship between a plugin and its associated roles and system indices
**Is your feature request related to a problem?** Plugin teams make PRs to the security repo to add default roles and add system indices to the security's list that tracks...
### Is your feature request related to a problem? Please describe In client cert based authentication the _Principal_ is extracted from the certificate DN (Distinguish Name). In some situations, we...
**What is the bug?** Audit logging doesn't log a failed request if request body fails to match content-type header or required parameters. For example, if request body logging is enabled...
**What is the bug?** User Injection is a construct in security plugin, which will allow other plugins to enforce authorization, by setting the User Information in thread context. Security plugin...
Metadata
Owner
Metadata
🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields