Like all software products, Elasticsearch and the ELK Stack have security issues from time to time, and what matters most is we collectively both find and fix them quickly, and upgrade running systems to ensure their continued security.
The latter step, of knowing that there are vulnerabilities or updates for your running systems can be quite a challenge, especially in a system that updates as much as Elasticsearch (normally a good thing). Elastic helpfully publishes these issues and updates, but not yet in an ideal API format (it's promised soon) and it's not something customers check often.
To help our customers, ELKman tracks and bundles these security announcements in an internal JSON file, including affected versions, and the app uses to then check the running clusters, alerting users when there is an outstanding notice for their cluster. Of course, the customer then has to do the upgrade, which is usually pretty painless on Elasticsearch.
Elastic's website has an RSS feed, but this can be a challenge to use, especially to match each announcement with a customer's running versions, etc. Thus, building this into ELKman makes it seamless to know what you have and if you need to patch, upgrade, and/or remediate.
This is all part of our goal to make managing & securing the Elastic® products easier.
We just sent you an email. Please click the link in the email to confirm your subscription!