Effortlessly fit 1000+ fully isolated tenants inside one Elasticsearch cluster.
👮🏻♂️ Granular access control on indices, documents, and fields
🌥️ Interoperable with Elastic cloud managed service
🛳️ Works great with Kubernetes using ECK
🏛️ Advanced Enterprise integrations (LDAP, SAML, OIDC, etc)
Physicist, IT department CERN
“Our largest shared cluster [...] consolidates about 17 different use cases on the same hardware, lowering the total cost.”
Solution Architect Top French network operator
“ReadonlyREST Enterprise is one of the few software I use or used professionally, and I would recommend it 200%.”
GSE, SANS Instructor, CEO H/A Security Solutions
“I baked ReadonlyREST Free into SEC455 SIEM Design and Implementation. I'm openly recommending it to students and highlighting its features.”
Responsible of Platforms and Automation Creos S.A.
“ReadonlyREST was quick and easy to implement, that gave us more time to spend on other important tasks.”
Since 2017, hundreds of remarkable organisations trusted us.
Customers that make us extra proud:
📈 2x in the S&P 500 top 5
🧸 2x Charities protecting children
⚛️ 3x Nuclear research institutions
🇪🇺 2x European Union institutions
👮♀️ Various government institutions
Logos appearing on this site are the property of their respective owners. Their presence does not imply any endorsement, sponsorship, or affiliation between ReadonlyREST and the owners of these trademarks. They are used merely to represent our customer base and the broad range of clients we serve.
Tweak the Look & Feel in Kibana
Gone are the days of unreliably patching source files every time you updated Kibana. Now, our custom assets get dynamically loaded in every page.
Offsite auditing & Monitoring
Keep an eye on accesses, failed logins, data access, with single-user granularity. Spot what users and what queries are the hogging resources the most.
Optionally, audit logs can be shipped to a dedicated, remote ES cluster for further analysis and better security.
Efficient Data segregation
Stop creating a new cluster for each new project. Save tons of computing resources by using a single Elasticsearch cluster, and a single Kibana instance for virtually unlimited projects.
A new tenancy can be created and destroyed in 1 second.
With group mapping, creating a tenancy is as quick as creating a LDAP group.
NB: complete segregation is optional! Sometimes it’s useful and strategic that the same indices can be read by multiple groups, to avoid data duplication.
Bring your own Authentication
All the major Enterprise grade authentication and authorization protocols are supported out of the box: SAML, LDAP, OpenID Connect.
User impersonation and external auth mocking is supported in our GUI: no need to spin up a test LDAP server, or a SAML IdP.
Integrations of non-standard auth systems are super easy, using either:
Only show the right Kibana apps
Should the sales team use the machine learning app?
Should the auditors see anything else than dashboards?
ReadonlyREST can disable any Kibana app for any Kibana user or group!
Reboot-less security settings editor
Add a user, modify permissions, tweak LDAP connectors, and just click SAVE. All the Elasticsearch nodes will pick up the changes in seconds. Goodbye rolling-restarts!
The reboot-less settings are available in GUI and API mode (Enterprise edition only).
Testable Access Control
Our ACL is testable with code. It’s easy to write tests that use simple HTTP headers to impersonate users, groups.
Add mock users to LDAP/SAML connectors in the impersonation GUI, and use them in your tests without depending on dummy authentication servers
Build a container with our all-in-one Dockerfile. You will be interacting with the minimal “free” Kibana environment. You will need to enter the trial activation key to see the multi-tenant Kibana demo in action.
docker build -t ror --rm \ https://readonlyrest.com/docker-demo
Run the container:
docker run -p 9200:9200 -p 5601:5601 -ti --rm ror
Login as “admin”, password is “passwd”
NB: If you are using Linux, you might need to run
sudo sysctl -w vm.max_map_count=300000in the host machine.
Since 2013, ReadonlyREST is a reference in Elasticsearch and Kibana security.
We understand that the weakest link in security is human error. That’s why ReadonlyREST embraces the “convention over configuration” principle. As a side effect, our solution can be integrated in hours, as opposed to days or weeks.
Performant by design: forged by the experience in extra large clusters (banking, ad-tech), but also with wildly fast write rates (CERN), our software can surely take the challenge.
Our support service is the best in its league: the same engineers that wrote the software will answer your SLA support tickets.
Since we entered the market in 2017, we have never stopped updating our product:
- Monthly releases: for Bug fixes, and improvements.
- Extra releases: when a new Elastic version is out, or security fixes.
Layer after layer, year after year, progressive refinements take to excellence.
- Because security is a process, not a product. New builds with fixed vulnerabilities and new features keep coming every 3-4 weeks.
- Yes: four weeks. We can extend this period, no problem. Just ask. We are happy to provide free-of-charge solution architecture, and technical assistance during the whole validation process.
- Yes. If it’s too restrictive, just go for the Embed contract.If you depend on an OSS security tool commercially, it’s in your best interest to keep it well maintained and existing. See it as a mandatory sponsorship to the project.
- If you use Kibana, or you want to use the authentication, multi-user or multi-tenancy features, YES. You need to install our universal Kibana plugin. You don’t strictly need to use the PRO or Enterprise editions if you don’t need the advanced features, but you can test them using a trial activation key that you can generate in our portal.
- Yes, but only for paying customers. The oldest version supported is 6.0.0.
- Remember to keep plugin versions aligned in Kibana and Elasticsearch!
- The majority. A few of the latest ones don’t work yet, we are improving compatibility in time.
- YES! New features will work on all Elasticsearch ≥ 6.0.0 and all Kibana ≥ 7.9.0