Set user thehive elasticsearch
-
Create a
thehive
user.sudo /usr/share/elasticsearch/bin/elasticsearch-users useradd thehive -p <thehive_user_password> -r superuser
Replace
<thehive_user_password>
with a secure password you choose for your TheHive user.Note this password
Keep this password secure. You will need to enter it later in TheHive configuration file so the application can connect to Elasticsearch.
-
Optional: Set a password for the
elastic
user.sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password
Skip this step if the password is already set.
-
Create or update a role with the privileges needed for TheHive.
- Create a role:
curl -u elastic:<elastic_user_password> -X POST "http://localhost:9200/_security/role/thehive_role" -H "Content-Type: application/json" -d ' { "cluster": ["manage"], "indices": [ { "names": ["thehive*"], "privileges": ["all"] } ] }'
Replace
<elastic_user_password>
with the password you set for theelastic
user.If successful, the command should return:
{"role":{"created":true}}
.For more details, refer to the official Elasticsearch API documentation for role creation.
- Update a role:
curl -u elastic:<elastic_user_password> -X PUT "http://localhost:9200/_security/role/<role>" -H "Content-Type: application/json" -d ' { "cluster": ["manage"], "indices": [ { "names": ["thehive*"], "privileges": ["all"] } ] }'
Replace
<role>
with the actual role name you want to update.Replace
<elastic_user_password>
with the password you set for theelastic
user.For more details, refer to the official Elasticsearch API documentation for updating roles.
-
Assign the role to the user you'll use for TheHive.
curl -u elastic:<elastic_user_password> -X PUT "http://localhost:9200/_security/user/thehive" \ -H "Content-Type: application/json" \ -d '{ "password" : "<thehive_user_password>", "roles" : ["thehive_role"] }'
Replace
<thehive_user_password>
with the password you set for thethehive
user.Replace
<elastic_user_password>
with the password you set for theelastic
user.Replace
thehive_role
with actual role name if different.If successful, the command should return:
{"created":true}
.For more details, refer to the official Elasticsearch API documentation for updating users.