Network misconfigurations

Elasticsearch is not using HTTPS

Platform(s)
Compliance Frameworks

CCPA, CPRA, iso_27001_2022, iso_27002_2022, NIST 800-171, NIST 800-53, Orca Best Practices, PDPA, UK Cyber Essentials

Description

Elasticsearch is not running with HTTPS. HTTPS uses TLS to encrypt client connections and those between different components of the Elastic stack (Logstash, Kibana, Elasticsearch). Without TLS, you run the risk of eavesdropping and man-in-the-middle attacks.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo