Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601
Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
The default is ‘localhost’, which usually means remote machines will not be able to connect.
To allow connections from remote users, set this parameter to a non-loopback address.
server.host: “0.0.0.0”
Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
to Kibana. This setting cannot end in a slash.
#server.basePath: “”
The maximum payload size in bytes for incoming server requests.
server.maxPayloadBytes: 30048576
The Kibana server’s name. This is used for display purposes.
#server.name: “your-hostname”
The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: ‘https://client:9220’
When this setting’s value is true Kibana uses the hostname specified in the server.host
setting. When the value of this setting is false, Kibana uses the hostname of the host
that connects to this Kibana instance.
#elasticsearch.preserveHost: true
Kibana uses an index in Elasticsearch to store saved searches, visualizations and
dashboards. Kibana creates a new index if the index doesn’t already exist.
#kibana.index: “.kibana”
The default application to load.
kibana.defaultAppId: “dashboard”
If your Elasticsearch is protected with basic authentication, these settings provide
the username and password that the Kibana server uses to perform maintenance on the Kibana
index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
is proxied through the Kibana server.
elasticsearch.username: ‘sirenserver’
elasticsearch.password: ‘password’
Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: false
server.ssl.certificate: ‘pki/server.crt’
server.ssl.key: ‘pki/server.key’
Optional settings that provide the paths to the PEM-format SSL certificate and key files.
These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
Optional setting that enables you to specify a path to the PEM file for the certificate
authority for your Elasticsearch instance.
elasticsearch.ssl.certificateAuthorities: [‘pki/searchguard/root-ca.pem’]
To disregard the validity of SSL certificates, change this setting’s value to ‘none’.
elasticsearch.ssl.verificationMode: full
Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
must be a positive integer.
#elasticsearch.requestTimeout: 30000
List of Kibana client-side headers to send to Elasticsearch. To send no client-side
headers, set this value to (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 0
Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
Enables you specify a file where Kibana stores log output.
#logging.dest: stdout
Set the value of this setting to true to suppress all logging output.
#logging.silent: false
Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
Set the value of this setting to true to log all events, including system usage information
and all requests.
#logging.verbose: false
Set the interval in milliseconds to sample system and process performance
metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
Kibi default configuration
investigate_core:
image_proxy:
enabled: true
datasource_encryption_algorithm: ‘AES-GCM’
datasource_encryption_key: ‘iSxvZRYisyUW33FreTBSyJJ34KpEquWznUPDvn+ka14=’
datasource_cache_size: 501
elasticsearch:
auth_plugin: “searchguard”
Kibi Access Control configuration
investigate_access_control:
enabled: true
cookie:
secure: false
password: “12345678123456781234567812345678”
admin_role: investigate_admin
sirenalert:
elasticsearch:
username: sirenalert
password: password
acl:
enabled: true
webservice configuration
Change global.enabled to true and create auth tokens for each service
to see the example Siren web services
web_services:
global:
enabled: false
webhose:
enabled: false
config:
auth_token: ‘change-me’
jsonwhois:
enabled: false
config:
auth_token: ‘change-me’
twitter:
enabled: false
config:
key: ‘change-me’
secret: ‘change-me’
siren jira plugin configuration
change enabled to true and add the host name and basic_auth (or other supported) authentication information to connect to jira
check jira plugin documentation for authentication config details
siren_jira_plugin:
enabled: false
I2 Plugin can be enabled or disabled here
i2_integration:
enabled: false
Scripting configuration
Here list
- all browser APIs you allow to be used in your sirenapi scripts
- extra libraries you allow to be used in your sirenapi scripts, currently only lodash and moment are available
Audit configuration
simply enabling siren_audit plugin will store all audit log types in the same elasticsearch version
siren_audit:
enabled: true
Sentinl configuration
sentinl:
app_name: ‘Sentinl’
shared_index_components:
dataspaceSignature:
algorithm: ‘RS256’
privateKey:
key: ‘pki/siren_dataspaces.pem’
passphrase: ‘password’