- ansible
# default version
elastic_stack_version: 7.9.3
elastic_stack_version_lock: true
kibana_server_ip: "localhost"
kibana_server_port: 5601
kibana_user: "kibana"
kibana_password: "kibana"
kibana_extra_dashboards: []
kibana_security_rules: []
Kibana version can be locked using elastic_stack_version and elastic_stack_version_lock.
Kibana server IP and port are configured in kibana/defaults/main.yml as follows:
kibana_server_ip: "localhost"
kibana_server_port: 5601
In the main file of kibana tasks, these variables are used to modify the certain lines in the already existing kibana configuration file that is generated by default on kibana installation.
- name: Update kibana server ip
lineinfile:
destfile: /etc/kibana/kibana.yml
regexp: 'server.host:'
line: 'server.host: {{ kibana_server_ip }}'
Kibana Security Detection Rules can be enabled using their IDs. This feature requires xpack security enabled, SSL and that
kibana_xpack_encryptedSavedObjects_encryption_key is set.
kibana_security_rules:
# File Deletion via Shred
- rule_id: a1329140-8de3-4445-9f87-908fb6d824f4
enabled: true
# Base16 or Base32 Encoding/Decoding Activity
- rule_id: debff20a-46bc-4a4d-bae5-5cdd14222795
enabled: true
For now, importing the kibana dashboard (ndjson file) is done using the curl comand. The recommended ansible way of accessing a REST API using the uri module is not working, since it accepts as Content-Type only JSON, form-urlencoded or RAW data, whereas for importing the ndjson file that contains the AMiner dashboard multipart-formdata is needed.