Network misconfigurations

Elasticsearch is not using HTTPS

Platform(s)
Compliance Frameworks

Description

Elasticsearch is not running with HTTPS. HTTPS uses TLS to encrypt client connections and those between different components of the Elastic stack (Logstash, Kibana, Elasticsearch). Without TLS, you run the risk of eavesdropping and man-in-the-middle attacks.
Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.