Elasticsearch Replication
Sandfly supports the replication of results data to an external Elasticsearch database for independent long-term storage and analysis.
INFO: Upgrade Feature - Elastic Replication
The ability to configure and use Elastic Replication requires an upgraded plan. Please see https://www.sandflysecurity.com/get-sandfly/ for details.
The Elasticsearch Replication tab, available via the Settings > Server Configuration menu, contains the following settings that can be edited:
- Elastic Replication Enabled - Set it to true to enable access to the Elasticsearch Replication settings.
- Elastic Replication URL - The replication URL of the external Elasticsearch server, which must be in a standard URL format of
<PROTOCOL>://<HOSTNAME>:<PORT>/
like in the reference image. - Server CA Certificate (optional) - If the external Elasticsearch server uses a certificate from a private CA or is self-signed, provide the trusted certificate in PEM format in this field.
- Username (optional) - If authentication is used, the external Elasticsearch username to connect as.
- Password (optional) - If authentication is used, the external Elasticsearch password associated with the specified username.
With correct settings and replication enabled, the Sandfly server will automatically create and maintain an index within Elasticsearch called sandfly_results
. No additional setup actions should normally be necessary within Elasticsearch.
Updated about 1 month ago