Auditing dashboard

[elasticmachine]

Original comment by @markwalkom:

This was asked on the forums, here and Uri mentioned there is nothing official.

So can we make something official, like we have for the Watcher history?

Blocked on elastic/integrations#368

[elasticmachine]

Original comment by @skearns64:

I made a prototype of this a rather long time ago here: LINK REDACTED

I expect it will need updating, but it's at least a reference point

[elasticmachine]

Original comment by @clintongormley:

Now that Shield can directly index the Shield audit logs, we can provide an example dashboard in our docs based on this data.

Now we can ship this directly in X-Pack UI, no?

[elasticmachine]

Original comment by @uboness:

Yes and no... Having a dashboard is great, but more importantly we need a proper (simple) UI that simply enables one to search the audit logs... That's something we should tackle for 5.x... I believe it's relatively a low hanging fruit, so rather early 5.x than late.

"the "problem" with putting the dashboard in today is that it won't fit the UX we want to promote (audit logs UI should either be part of monitoring or security management)

[elasticmachine]

Original comment by @tbragin:

This seems closely related to an issue I filed earlier: LINK REDACTED If the ask is to audit Kibana dashboard usage, one of the issues is that we are currently not logging this at all, as all the activity happens on the client.

[elasticmachine]

Original comment by @jaymode:

If the ask is to audit Kibana dashboard usage, one of the issues is that we are currently not logging this at all, as all the activity happens on the client.

I think the ask is different; this is about a out of the box dashboard to visualize the indexed audit events from elasticsearch with shield

[elasticmachine]

Original comment by @markwalkom:

@jaymode is correct.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[legrego]

We will be in a better position to support something like this once we have migrated the Kibana module to to an Elastic integration (elastic/integrations#368). I'm going to mark this as blocked in the meantime.

This will also give us more time to expand our recently updated audit logging capabilities

[legrego]

Our Observability and Security solutions are tailored for monitoring the types of events that we generate in Kibana's audit logs. This largely works out-of-the-box now that Kibana's audit logger is ECS-compliant.

@elastic/kibana-security any objections to closing this in favor of using & improving the built-in solutions for this type of analysis?

[jportner]

any objections to closing this in favor of using & improving the built-in solutions for this type of analysis?

Agree, I think we can close this