Skills
.Work. You
Rest

kibana-audit

Official

Secure Kibana with audit logging.

Legal & Compliance#security#audit logging#kibana#saved objects#trace id#filebeat
Authorelastic
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps you enable, configure, and manage Kibana's audit logging to track crucial security events like user logins, saved object access, and space operations, enhancing your security posture.

Core Features & Use Cases

  • Enable/Disable Audit Logging: Configure Kibana to start or stop recording audit events.
  • Configure Log Output: Set up where and how audit logs are stored (e.g., rolling files, console).
  • Filter Noisy Events: Reduce log volume by ignoring specific, high-frequency events like saved object searches.
  • Correlate Events: Link Kibana audit events with Elasticsearch audit logs using trace.id for comprehensive security analysis.
  • Ship Logs: Configure Filebeat to send Kibana audit logs to Elasticsearch for unified querying.
  • Use Case: Investigate unauthorized access to sensitive dashboards by enabling audit logging, filtering out routine searches, and then correlating any suspicious saved_object_delete events with corresponding Elasticsearch actions using the trace.id.

Quick Start

Enable Kibana audit logging and configure it to write to a rolling file named 'audit.log' in the Kibana data directory, retaining 10 rotated files.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: kibana-audit
Download link: https://github.com/elastic/agent-skills/archive/main.zip#kibana-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.