Configure an external Elastic Stack

By default, Cyberwatch includes its own Elasticsearch and Kibana instances. These can be replaced by external instances to integrate Cyberwatch into an existing Elastic Stack.

The data published in Elasticsearch is described in the Elasticsearch index technical documentation.

  1. Click on Administration
  2. Click on External tools

In environments requiring an enhanced level of security, it is mandatory to disable the embedded Elasticsearch and Kibana deployment and apply strict configurations for this application. Configuring an external Elastic Stack in the administration interface is not sufficient: the embedded containers must also be explicitly disabled.

Kibana configuration

  • Enable Kibana: Enables or disables the Kibana integration.

  • API URL: URL of the external Kibana server API. Leave blank to use the embedded Kibana instance.

  • Access URL: URL used by Cyberwatch to redirect users to Kibana. Must be set to the same value as the API URL when using an external Kibana instance.

Advanced settings

  • Space: Kibana space in which Cyberwatch will publish its dashboards. Default: default.

To migrate Cyberwatch dashboards from one space to another, remove them from the current space before updating this setting.

  • Login: Username used to authenticate against the Kibana server.

  • Password: Password associated with the login.

  • CA certificate: Certificate of the certification authority used to validate the Kibana server’s TLS certificate. Optional.

  • TLS verification method: Method used to verify the Kibana server’s TLS certificate.

    • None: No certificate verification.
    • Peer: Verifies the certificate presented by the server.

Elasticsearch configuration

  • API URL: URL of the external Elasticsearch server API. Leave blank to use the embedded Elasticsearch instance.

Advanced settings

  • Login: Username used to authenticate against the Elasticsearch server.

  • Password: Password associated with the login.

  • CA certificate: Certificate of the certification authority used to validate the Elasticsearch server’s TLS certificate. Optional.

  • TLS verification method: Method used to verify the Elasticsearch server’s TLS certificate.

    • None: No certificate verification.
    • Peer: Verifies the certificate presented by the server.

Kibana dashboard management

Cyberwatch provides built-in dashboards in Kibana. Custom dashboards can be added by providing their unique identifier and a display name.

Dashboards can be reordered by drag and drop. Native Cyberwatch dashboards cannot be removed.

Disabling embedded containers

When using an external Elastic Stack, the embedded Elasticsearch and Kibana containers should be disabled.

Docker Swarm and Podman

  1. Stop Cyberwatch

    sudo cyberwatch stop

  2. Edit or create the file /etc/cyberwatch/configs-enabled/99-custom.yml and set the replica count of the Elasticsearch and Kibana services to 0:

    services:
  elasticsearch:
    deploy:
      replicas: 0
  kibana:
    deploy:
      replicas: 0

  3. Start Cyberwatch

    sudo cyberwatch start

  4. Check that the containers are no longer running:

    sudo cyberwatch status

Helm chart

  1. In the values.yml file, disable the Elasticsearch and Kibana services:

    elasticsearch:
  enabled: false

kibana:
  enabled: false

  2. Apply the configuration:

    helm -n cyberwatch upgrade cyberwatch oci://harbor.cyberwatch.fr/cbw-on-premise/cyberwatch-chart -f values.yml

  3. Check that the pods are no longer running:

    kubectl -n cyberwatch get pods

Back to top

English Français Español