Skip to main content

elasticsearch


title: Elasticsearch category: hook type: persistenceProvider state: released usecase: Publishes all Scan Findings to Elasticsearch. custom_edit_url: >-

https://github.com/secureCodeBox/secureCodeBox#main/edit/main/hooks/persistence-elastic/README.md.gotmpl

About

The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit elastic.io.

Deployment

Installing the Elasticsearch persistenceProvider hook will add a ReadOnly Hook to your namespace.

helm upgrade --install elkh secureCodeBox/persistence-elastic

Elasticsearch Indexing

For the elasticsearch indexSuffix you can provide a date format pattern. We use Luxon to format the date. So checkout the Luxon documentation to see what kind of format patterns you can use for the indexSuffix. Default pattern is yyyy-MM-dd

Chart Configuration

KeyTypeDefaultDescription
affinityobject{}
authenticationobject{"apiKeySecret":null,"userSecret":null}Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one!
authentication.apiKeySecretstringnilLink a pre-existing generic secret with id and key key / value pairs
authentication.userSecretstringnilLink a pre-existing generic secret with username and password key / value pairs
dashboardImporter.image.repositorystring"securecodebox/persistence-elastic-dashboard-importer"
dashboardImporter.image.tagstringnil
elasticsearchobject{"enabled":true,"minimumMasterNodes":1,"replicas":1}Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch)
elasticsearch.enabledbooltrueEnable if you want to deploy an elasticsearch service.
elasticsearch.minimumMasterNodesint1The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7
elasticsearch.replicasint1Kubernetes replica count for the StatefulSet (i.e. how many pods)
externalElasticStack.elasticsearchAddressstring"https://elasticsearch.example.com"The URL of the elasticsearch service to persists all findings to.
externalElasticStack.enabledboolfalseEnable this when you already have an Elastic Stack running to which you want to send your results
externalElasticStack.kibanaAddressstring"https://kibana.example.com"The URL of the kibana service used to visualize all findings.
fullnameOverridestring""
hook.image.repositorystring"docker.io/securecodebox/hook-persistence-elastic"Hook image repository
hook.image.tagstringdefaults to the charts versionThe image Tag defaults to the charts version if not defined.
hook.ttlSecondsAfterFinishedstringnilSeconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
imagePullSecretslist[]
indexAppendNamespacebooltrueDefine if the name of the namespace where this hook is deployed to must be added to the index name. The namespace can be used to separate index by tenants (namespaces).
indexPrefixstring"scbv2"Define a specific index prefix used for all elasticsearch indices.
indexSuffixstring"“yyyy-MM-dd”"Define a specific index suffix based on date pattern (YEAR (yyyy), MONTH (yyyy-MM), WEEK (yyyy-'W'W), DATE (yyyy-MM-dd)). We use Luxon for date formatting (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)
kibanaobject{"enabled":true}Configures included Elasticsearch subchart
kibana.enabledbooltrueEnable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana)
nameOverridestring""
nodeSelectorobject{}
podSecurityContextobject{}
resourcesobject{}
securityContextobject{}
tolerationslist[]