A solid, open source Elasticsearch security solution.


🛑 important:  in version 6.3.x  (or greater) you need to disable X-Pack's Security Module from both elasticsearch.yml and kibana.yml.

What's new in
  • 🚀New Feature:  map LDAP groups to local groups (a.k.a. role mapping)
  • 🐞 Fix (Elasticsearch) wildcard aliases resolution not working in "indices" rule.
  • 🧐Enhancement: it is now possible now to use JDK 9 and 10
  • 🐞 Fix (PRO/Enterprise) wait forever for login request (i.e.  slow LDAP servers)
  • 🐞 Fix (PRO/Enterprise) add spinner and block UI if login request is being sent
  • 🐞 Fix (PRO/Enterprise) if user is logged out because of LDAP cache expiring + slow authentication, redirect to login.
  • 🐞 Fix (PRO/Enterprise) let RO users delete/edit search filters

What's new in 1.16.21
  • 🚀New Feature: Introducing support for Elasticsearch and Kibana v6.3.0
  • 🐞 Fix (Enterprise) multi tenancy - switching tenancy does not always switch kibana index

What's new in 1.16.20

ReadonlyREST PRO/Enterprise for Kibana

  • 🧐 Enhancement: when login, forward "elasticsearch.requestHeadersWhitelist" headers. (useful for "headers" rule  and "proxy_auth" to work well.)

ReadonlyREST for Elasticsearch

  • 🚀New Feature: DLS (with dynamic variables suppoort) Thanks DataSweet!
  • 🚀 New feature: Field level security
  • 🚀 New rules: Snapshot, Repositories, Headers
  • 🧐 Enhancement: custom audit serializers: the request content is available
  • 🐞 Fix readonlyrest.yml path discovery
  • 🐞 Fix: LDAP available groups discovery (tenancy switcher) corner cases
  • 🐞 Fix: auth_key_sha1, auth_key_sha256 hashes in settings should be case insensitive
  • 🐞 Fix: LDAP authentication didn't work with local group

Get it NOW


Questions, comments, & concerns?[email protected]

Create A product first!

Create a product first please!