Skip to main content

Elasticsearch

License Apache-2.0GitHub release (latest SemVer)OWASP Lab ProjectArtifact HUBGitHub Repo starsTwitter Follower

What is "Persistence ElasticSearch" Hook about?

The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit elastic.io.

Installing the Elasticsearch persistenceProvider hook will add a ReadOnly Hook to your namespace.

Deployment

The persistence-elastic chart can be deployed via helm:

# Install HelmChart (use -n to configure another namespace)
helm upgrade --install persistence-elastic secureCodeBox/persistence-elastic

Requirements

Kubernetes: >=v1.11.0-0

RepositoryNameVersion
https://helm.elastic.coelasticsearch7.9.2
https://helm.elastic.cokibana7.9.2

Additional Chart Configurations

Elasticsearch Indexing

For the elasticsearch indexSuffix you can provide a date format pattern. We use Luxon to format the date. So checkout the Luxon documentation to see what kind of format patterns you can use for the indexSuffix. Default pattern is yyyy-MM-dd

Values

KeyTypeDefaultDescription
affinityobject{}
authenticationobject{"apiKeySecret":null,"userSecret":null}Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one!
authentication.apiKeySecretstringnilLink a pre-existing generic secret with id and key key / value pairs
authentication.userSecretstringnilLink a pre-existing generic secret with username and password key / value pairs
dashboardImporter.image.repositorystring"securecodebox/persistence-elastic-dashboard-importer"
dashboardImporter.image.tagstringnil
elasticsearchobject{"enabled":true,"minimumMasterNodes":1,"replicas":1}Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch)
elasticsearch.enabledbooltrueEnable if you want to deploy an elasticsearch service.
elasticsearch.minimumMasterNodesint1The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7
elasticsearch.replicasint1Kubernetes replica count for the StatefulSet (i.e. how many pods)
externalElasticStack.elasticsearchAddressstring"https://elasticsearch.example.com"The URL of the elasticsearch service to persists all findings to.
externalElasticStack.enabledboolfalseEnable this when you already have an Elastic Stack running to which you want to send your results
externalElasticStack.kibanaAddressstring"https://kibana.example.com"The URL of the kibana service used to visualize all findings.
fullnameOverridestring""
hook.affinityobject{}Optional affinity settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)
hook.image.repositorystring"docker.io/securecodebox/hook-persistence-elastic"Hook image repository
hook.image.tagstringdefaults to the charts versionThe image Tag defaults to the charts version if not defined.
hook.labelsobject{}Add Kubernetes Labels to the hook definition
hook.priorityint0Hook priority. Higher priority Hooks are guaranteed to execute before low priority Hooks.
hook.tolerationslist[]Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
hook.ttlSecondsAfterFinishedstringnilSeconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
imagePullSecretslist[]
indexAppendNamespacebooltrueDefine if the name of the namespace where this hook is deployed to must be added to the index name. The namespace can be used to separate index by tenants (namespaces).
indexPrefixstring"scbv2"Define a specific index prefix used for all elasticsearch indices.
indexSuffixstring"“yyyy-MM-dd”"Define a specific index suffix based on date pattern (YEAR (yyyy), MONTH (yyyy-MM), WEEK (yyyy-'W'W), DATE (yyyy-MM-dd)). We use Luxon for date formatting (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)
kibanaobject{"enabled":true}Configures included Elasticsearch subchart
kibana.enabledbooltrueEnable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana)
nameOverridestring""
nodeSelectorobject{}
podSecurityContextobject{}
resourcesobject{}
securityContextobject{}
tolerationslist[]

License

License

Code of secureCodeBox is licensed under the Apache License 2.0.