What privileges are required for the Elasticsearch user?

domainaware / parsedmarc

A Python package and CLI for parsing aggregate and forensic DMARC reports

https://domainaware.github.io/parsedmarc/

Apache License 2.0

994 stars 213 forks source link

What privileges are required for the Elasticsearch user? #441

Closed dmgeurts closed 10 months ago

dmgeurts commented 11 months ago

Trying to get the direct connection going to an existing ELK stack and getting a 403 error. So I know this issue, but haven't found a list of privileges.

AnaelMobilia commented 10 months ago

Hello @dmgeurts ,

Based on the source code, it looks like parsedmarc need to :

Manage indexes (create, update)
Perform search
Save document

If never you found the required privileges, please let the information as we can update the doc (or you can made a PR if you prefer :-)).

Regards

dmgeurts commented 10 months ago

Hi @AnaelMobilia ,

Thank you, the following is what I started with. I'm still pretty new to Elasticsearch and we're running v8 here.

I'm not sure if the indice is even right...

I did notice that the python code for elasticsearch in the venv does cater to api_key, which would be the preferred way to authenticate rather than uid/pwd. But that's a later concern to me.

AnaelMobilia commented 10 months ago

I will not be able to help more for required privileges... :-(

For information, all indexes looks like dmarc_xxx (with an undescore).

Let us known if you are able to run parsedmarc with these informations!

Regards,

dmgeurts commented 10 months ago

Oh my word! Changing the index on the role did it. - vs _...