Elasticsearch is Here!
Introducing Privilege Management for Unix & Linux (PMUL) and Active Directory Bridge (AD Bridge) v22.1
The release of Privilege Management for Unix & Linux 22.1 and Active Directory (AD) Bridge 22.1 has introduced the capability for these products to route event log records to Elasticsearch/Logstash instances—whether these are located on customer premises or in the cloud. This capability enables users to centralize the search for all event log records across multiple log servers. For both destination types, it will be possible to use HTTP and HTTPS communication.
The connection of Privilege Management for Unix & Linux and Active Directory Bridge to the Management Platform has also allowed a new connection for SIEM to be added. This will enable administrators to configure connections to Elasticsearch and Logstash.
What is Elasticsearch?
Elasticsearch is a distributed, open-source search and analytics engine that was built on Apache Lucene. Elasticsearch enables users to store, search, and analyze huge volumes of data quickly and in real-time, giving users the answers they need in milliseconds.
Instead of searching the text directly, by using Elasticsearch, the user searches an index. Elasticsearch uses a structure that is based on documents instead of tables and schemas, and it comes with an extensive REST API for storing and searching the data. Elasticsearch is also used together with the other components in the ELK stack, Logstash, and Kibana to enable efficient data indexing and storage for data analytics.
What does Elasticsearch mean for this BeyondTrust Release?
Privilege Management for Unix & Linux, as well as Active Directory Bridge, contain a vast amount of data that needs to be correlated by an advanced search engine. Allowing users to store and search this data will provide them with a clear view into their IT estate. Elasticsearch capabilities will also provide the information they need to get their jobs done with a lot more efficiency.
In versions prior to this release, the ability to search data required users to connect to an event log server and search for events. If a customer has multiple event log servers, the ability to search the data becomes more complex. Elasticsearch indexes that data to make it significantly easier for the customer to find what has been stored in the event servers.
This connection will be used to allow the Management Platform to communicate to Elastic for querying and for configuring Privilege Management for Unix & Linux log servers. An API key and user/password authentication is supported.
Enabling a New, Unified Search Experience for Users
Unified Search will bring both Privilege Management for Unix & Linux event logs and AD Bridge event logs together in a simple, easy-to-use, “Google-like” search interface. Once the data has been sent from the BeyondTrust products to Elasticsearch/Logstash, customers will have the ability to perform simple searches. The search syntax can be simple, but also available is the ability to perform advanced searching using logical operators (and/or) Precedence, Wildcard searching, Field-specific searching, and/or Exact match searching using double quotes and any combination of the advanced searching.
The Unified search results are displayed in bespoke grids for Privilege Management for Unix & Linux and AD Bridge. Titles will highlight the number of results for each product, and all search results will be highlighted in the grid and the details card. All results can then be downloaded in either json or CSV format. The Unified search will be expanded to include the IO Logs, Management Platform access logs, File Integrity Monitoring reports, and more. All log files will be indexed in Elastic and presented to the user via the Management Platform.
Expanding Analytics and Reporting Capabilities with Elasticsearch and the ELK Stack
The primary use cases for Elasticsearch are application search, website search, enterprise search, logging, and log analytics. However, another major application of Elasticsearch is analytics-based: security analysis. This use case entails allowing access to all relevant logs concerning system security.
What is the Elastic (ELK) stack?
Elasticsearch is the central component of the Elastic Stack, a set of open-source tools for data ingestion, enrichment, storage, analysis, and visualization. It is commonly referred to as the ELK Stack after its components: Elasticsearch, Logstash, and Kibana (and it now also includes Beats). Although Elasticsearch is a search engine at its core, users started using it for log data and wanted a way to easily ingest and visualize data. When it is used in combination with Elasticsearch the ELK stack can provide the user with a more complete picture of what’s going on across their system in real-time.
The Future of Privilege Management, Single-Sign-On, and the ELK stack
The core goal for integrating Privilege Management for Unix & Linux and AD Bridge with Elasticsearch is to provide the user with a unified search experience where they could find everything that was logged in the BeyondTrust products. We are excited to expand on that capability to deliver a leading analytics and reporting experience for our customers, leveraging the ELK stack.
As workloads move to the cloud, your Privilege Management for Unix and Linux, AD Bridge, and Elasticsearch experiences can move with you.
More about BeyondTrust Unix and Linux Security Solutions
BeyondTrust Privilege Management for Unix & Linux (PMUL) is an enterprise-class, gold-standard privilege management solution that helps security and IT organizations achieve compliance, control privileged access, and prevent and contain breaches that can affect Unix and Linux systems – all while improving productivity.
BeyondTrust Active Directory Bridge (ADB) centralizes authentication for Unix, Linux, and Mac environments by extending Active Directory’s Kerberos authentication and single sign-on capabilities to these platforms. By extending Group Policy to non-Windows platforms, BeyondTrust provides centralized configuration management, reducing the risk and complexity of managing a heterogeneous environment.
To learn more, please request a demo.
Colin Bretagne, Senior Product Manager
Originally from South Africa, Colin has worked and lived in 3 countries. Through his career, he has worked his way from a Support Engineer to a Technical Manager, before arriving in Montreal Canada in 2009. Colin has extensive experience in hardware and software and has achieved certifications in HP, Novell, Microsoft, Linux, and Pragmatic Marketing. In his spare time, Colin enjoys Rugby, Judo, and is a qualified FA Soccer referee.
This post was first first published on BeyondTrust website by . You can view it by clicking here