Set user thehive elasticsearch
- 
Create a thehiveuser.sudo /usr/share/elasticsearch/bin/elasticsearch-users useradd thehive -p <thehive_user_password> -r superuserReplace <thehive_user_password>with a secure password you choose for your TheHive user.Note this password Keep this password secure. You will need to enter it later in TheHive configuration file so the application can connect to Elasticsearch. 
- 
Optional: Set a password for the elasticuser.sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactivesudo /usr/share/elasticsearch/bin/elasticsearch-reset-passwordSkip this step if the password is already set. 
- 
Create or update a role with the privileges needed for TheHive. - Create a role:
 curl -u elastic:<elastic_user_password> -X POST "http://localhost:9200/_security/role/thehive_role" -H "Content-Type: application/json" -d ' { "cluster": ["manage"], "indices": [ { "names": ["thehive*"], "privileges": ["all"] } ] }'Replace <elastic_user_password>with the password you set for theelasticuser.If successful, the command should return: {"role":{"created":true}}.For more details, refer to the official Elasticsearch API documentation for role creation. - Update a role:
 curl -u elastic:<elastic_user_password> -X PUT "http://localhost:9200/_security/role/<role>" -H "Content-Type: application/json" -d ' { "cluster": ["manage"], "indices": [ { "names": ["thehive*"], "privileges": ["all"] } ] }'Replace <role>with the actual role name you want to update.Replace <elastic_user_password>with the password you set for theelasticuser.For more details, refer to the official Elasticsearch API documentation for updating roles. 
- 
Assign the role to the user you'll use for TheHive. curl -u elastic:<elastic_user_password> -X PUT "http://localhost:9200/_security/user/thehive" \ -H "Content-Type: application/json" \ -d '{ "password" : "<thehive_user_password>", "roles" : ["thehive_role"] }'Replace <thehive_user_password>with the password you set for thethehiveuser.Replace <elastic_user_password>with the password you set for theelasticuser.Replace thehive_rolewith actual role name if different.If successful, the command should return: {"created":true}.For more details, refer to the official Elasticsearch API documentation for updating users.