[2024-02-04T20:34:00,030][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1292495480-991048378#17195636, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:00,664][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:446858326-122120518#17195640, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:34:00,666][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:976815578-1887363184#17195641, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:00,843][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'logstash writer', policy: ALLOW, rules: [auth_key] req={ ID:480625733-931166381#17195643, TYP:BulkRequest, CGR:N/A, USR:lsWriter, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:SIR_audit_2024-02-04, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=1799, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [logstash writer-> RULES:[auth_key->true] RESOLVED:[user=lsWriter;indices=SIR_audit_2024-02-04]], } [2024-02-04T20:34:00,968][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1354774170-809130246#17195645, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19508, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:00,984][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1483597245-776454253#17195648, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:00,984][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1246158747-1298537907#17195649, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:00,984][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1276029862--1884861561#17195650, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,986][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:568367176-325057025#17195652, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,987][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1866818010-1954473382#17195653, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,989][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1545734058--1607741169#17195654, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,991][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1540886846-1815037941#17195655, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,993][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2126240142-1156218473#17195656, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,994][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1767243497-101873441#17195657, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,996][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1358763742-961046266#17195658, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:00,997][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1463281055-504774455#17195659, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:01,000][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2130504809--940818444#17195660, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,000][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:313745924-977603174#17195661, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,010][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2088478389-905043503#17195662, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,012][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:807985607--1172311166#17195663, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,014][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1246401508-229070325#17195664, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,016][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:740766693-161533169#17195665, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,017][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1686627174-1777922990#17195666, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:01,062][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:727865117-779661656#17195667, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:01,065][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:771163386-618520578#17195668, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,067][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:891778070--1292763550#17195669, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:01,069][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1030008171-478931580#17195670, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,071][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:212677108-1502904903#17195671, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:01,076][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1809450739--528871703#17195672, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:01,226][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1501341842-1620470656#17195674, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:01,226][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1379499562-1244569331#17195673, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:01,577][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:948341941-1367897165#17195679, TYP:SearchRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=257, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.kibana]], } [2024-02-04T20:34:01,583][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1942189805-172865333#17195680, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:01,623][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:53499134-880767201#17195681, TYP:GetMappingsRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/mappings/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_mapping, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=54291, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:34:01,623][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:337206490-579233858#17195682, TYP:GetAliasesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/aliases/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_aliases, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=63446, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:34:01,627][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1854084323-1601710767#17195683, TYP:GetIndexTemplatesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/template/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:.monitoring-logstash-7-*,is_ikun_yeshut_status_rechev_metadata*,mark*,.monitoring-kibana-7-*,Tib-log-v1.0-*,.ml-state*,.watches*,is_ikun_yeshut_plus_metadata_history_0_6_1*,ilm_test*,apm-7.5.1-metric*,.ml-meta,.monitoring-alerts-7,mokdim*,.monitoring-es-7-*,apm-7.5.1-span*,.logstash,lpr-test-Ein-*,mokdim_logging*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,lpr-Ein-*,is_ikun_yeshut_status_rechev_0_6*,mokdim_105_events_*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_events*,mokdim_events_*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,kingroad-*,.management-beats,.slm-history-1*,.transform-internal-003,taglit_logging*,.ml-config,.transform-notifications-*,.watcher-history-10*,.ml-notifications-000001,.triggered_watches*,.ml-anomalies-*,.monitoring-beats-7-*,lpr-nr-Ein-*,apm-7.5.1-error*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,apm-7.5.1-transaction*,SIR_mesimot*,apm-7.5.1*, MET:GET, PTH:/_template, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64277, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], } [2024-02-04T20:34:01,867][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'logstash writer', policy: ALLOW, rules: [auth_key] req={ ID:1086433717-1577768954#17195684, TYP:BulkRequest, CGR:N/A, USR:lsWriter, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:SIR_audit_2024-02-04, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=633018, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [logstash writer-> RULES:[auth_key->true] RESOLVED:[user=lsWriter;indices=SIR_audit_2024-02-04]], } [2024-02-04T20:34:01,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:407559355-659955963#17195686, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=21685, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:02,538][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1572781792-1426500467#17195690, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:02,654][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:338618186-144864736#17195692, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:02,969][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:430549716-1819619250#17195695, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=27563, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:03,737][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:587819517-322611675#17195699, TYP:MainRequest, CGR:N/A, USR:manatRUTY (attempted), BRS:true, KDX:null, ACT:cluster:monitor/main, OA:██████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Accept-Encoding=gzip, Accept=application/json, Authorization=, Host=web001.m.po.dom:9200, User-Agent=Go-http-client/1.1, content-length=0, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->false]], [logstash writer-> RULES:[auth_key->false]], [allow bodyera-> RULES:[auth_key->false]], [allow lpr-> RULES:[auth_key->false]], [allow is-> RULES:[auth_key->false]], [allow taglit-> RULES:[auth_key->false]], [gilda RW-> RULES:[ldap_authentication->false]], [projectname RO-> RULES:[ldap_authentication->false]], [is RW-> RULES:[ldap_authentication->false]], [is RO-> RULES:[ldap_authentication->false]], [SIR RW-> RULES:[ldap_authentication->false]], [SIR RO-> RULES:[ldap_authentication->false]], [bodyera RW-> RULES:[ldap_authentication->false]], [bodyera RO-> RULES:[ldap_authentication->false]], [Ein RW-> RULES:[ldap_authentication->false]], [Ein RO-> RULES:[ldap_authentication->false]], [Pe RW-> RULES:[ldap_authentication->false]], [Pe RO-> RULES:[ldap_authentication->false]], [Tib RW-> RULES:[ldap_authentication->false]], [Tib RO-> RULES:[ldap_authentication->false]], [SharePoint RW-> RULES:[ldap_authentication->false]], [SharePoint RO-> RULES:[ldap_authentication->false]], [Mokdim RW-> RULES:[ldap_authentication->false]], [Mokdim RO-> RULES:[ldap_authentication->false]], [Mapal RW-> RULES:[ldap_authentication->false]], [Mapal RO-> RULES:[ldap_authentication->false]], [Taglit RW-> RULES:[ldap_authentication->false]], [Taglit RO-> RULES:[ldap_authentication->false]], [Kingroad RW-> RULES:[ldap_authentication->false]], [Kingroad RO-> RULES:[ldap_authentication->false]], [Peten RW-> RULES:[ldap_authentication->false]], [Peten RO-> RULES:[ldap_authentication->false]], [Mena RW-> RULES:[ldap_authentication->false]], [Mena RO-> RULES:[ldap_authentication->false]], [AI RW-> RULES:[ldap_authentication->false]], [AI RO-> RULES:[ldap_authentication->false]], [Model RW-> RULES:[ldap_authentication->false]], [Model RO-> RULES:[ldap_authentication->false]], [Adir RW-> RULES:[ldap_authentication->false]], [Adir RO-> RULES:[ldap_authentication->false]], [DataPower RW-> RULES:[ldap_authentication->false]], [DataPower RO-> RULES:[ldap_authentication->false]], [Pros RW-> RULES:[ldap_authentication->false]], [Pros RO-> RULES:[ldap_authentication->false]], [Help Desk RW-> RULES:[ldap_authentication->false]], [Help Desk RO-> RULES:[ldap_authentication->false]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false]], } [2024-02-04T20:34:03,962][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:260211137-336914596#17195700, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22625, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:04,586][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:357899584-363986129#17195704, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:04,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1077878776-99791090#17195705, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20477, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:05,050][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2132458284-1372668642#17195708, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:05,338][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:518370564--1884861561#17195711, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,341][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:913162623-496592710#17195712, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,341][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1376781423-1954473382#17195713, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,343][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:755449780--1607741169#17195714, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,345][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1836387563-401655817#17195715, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,347][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:369042739-1156218473#17195716, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,349][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:539506553-497713441#17195717, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,350][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1150569718-251820438#17195718, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:85619294-504774455#17195719, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:05,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1167379922--940818444#17195720, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:985586001-977603174#17195721, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,365][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:920959596-905043503#17195722, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,369][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1066479017--1172311166#17195723, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:571136411-229070325#17195724, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,373][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:333521265-1922256779#17195725, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,375][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:636186753-2130112652#17195726, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:05,420][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1311815252-779661656#17195727, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:05,422][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2081217452-2055408592#17195728, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,424][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1006205809--1292763550#17195729, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:05,426][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2138606854-884016811#17195730, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,429][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1605129243-1502904903#17195731, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:05,432][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1503134118--528871703#17195732, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:05,442][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1574959093-744405468#17195733, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5184, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:05,659][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:463483307-755610153#17195735, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:05,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:5532675-998232498#17195738, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=23641, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:06,254][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:685923219-329384422#17195741, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:34:06,256][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1698930742-2093320019#17195742, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:06,525][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2044269822-1322150411#17195746, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:06,525][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:409202776-70382603#17195745, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:06,525][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2057368436--1884861561#17195748, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,527][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1425618704-872501084#17195749, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,527][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:823615787-1954473382#17195750, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,530][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1768438581--1607741169#17195751, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,532][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:857415228-889051447#17195752, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,534][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1063776783-1156218473#17195753, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,536][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1109495236-698384706#17195754, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,541][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:130489384-516663367#17195755, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,543][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1683647375-504774455#17195756, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:06,545][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:632393468--940818444#17195757, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,545][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2086070973-977603174#17195758, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,553][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1713415597-905043503#17195759, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,557][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1942929696--1172311166#17195760, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,559][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:272589494-229070325#17195761, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,561][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1953187786-1620436882#17195762, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,562][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:460607161-1758949090#17195763, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:06,606][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:999533537-779661656#17195764, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:06,611][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1037888489-2020302753#17195765, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,613][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:444270929--1292763550#17195766, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:06,615][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1207053016-70790129#17195767, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,618][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:310121473-1502904903#17195768, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:06,621][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:513473359--528871703#17195769, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:06,804][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:360539728-728537441#17195770, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:06,805][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1415416976-1067220607#17195771, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:06,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1583422268-2094387462#17195773, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19601, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:07,207][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1101905978-1847661762#17195778, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=354, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:07,557][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:707236014-1862619576#17195780, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:07,587][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2115046675-1684554395#17195782, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:07,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2110847847-941489652#17195783, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19536, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:08,280][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1622439076-1817952035#17195787, TYP:GetMappingsRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/mappings/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_mapping, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=54291, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:34:08,280][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1616293499-675198124#17195786, TYP:GetAliasesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/aliases/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_aliases, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=63446, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:34:08,282][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:561360741-709944979#17195788, TYP:GetIndexTemplatesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/template/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:.monitoring-logstash-7-*,is_ikun_yeshut_status_rechev_metadata*,mark*,.monitoring-kibana-7-*,Tib-log-v1.0-*,.ml-state*,.watches*,is_ikun_yeshut_plus_metadata_history_0_6_1*,ilm_test*,apm-7.5.1-metric*,.ml-meta,.monitoring-alerts-7,mokdim*,.monitoring-es-7-*,apm-7.5.1-span*,.logstash,lpr-test-Ein-*,mokdim_logging*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,lpr-Ein-*,is_ikun_yeshut_status_rechev_0_6*,mokdim_105_events_*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_events*,mokdim_events_*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,kingroad-*,.management-beats,.slm-history-1*,.transform-internal-003,taglit_logging*,.ml-config,.transform-notifications-*,.watcher-history-10*,.ml-notifications-000001,.triggered_watches*,.ml-anomalies-*,.monitoring-beats-7-*,lpr-nr-Ein-*,apm-7.5.1-error*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,apm-7.5.1-transaction*,SIR_mesimot*,apm-7.5.1*, MET:GET, PTH:/_template, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64277, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], } [2024-02-04T20:34:08,667][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:115807531-868412824#17195790, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:08,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1500191375-400804715#17195793, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19952, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:09,957][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1838285107-976724776#17195797, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19838, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:10,064][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:990476675-850937114#17195800, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:10,590][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:198851223-575279393#17195804, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:10,954][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1339970023-1215796695#17195805, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20266, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:11,672][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1561930058-328357948#17195809, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:11,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:435955928-373351123#17195812, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20429, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:12,575][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1544391225-1216573649#17195816, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:12,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:42457640-64303612#17195818, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20393, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:13,594][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1173656830-932056651#17195822, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:13,968][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2073519030-1783648365#17195823, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20255, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:14,678][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1916542220-1025425492#17195827, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:14,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2017850615-1089472879#17195830, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20194, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:15,082][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:472794250-648723039#17195833, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:15,339][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1987275431--1884861561#17195836, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,342][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1379313664-434232946#17195837, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,342][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1024500256-1954473382#17195838, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,344][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1314153461--1607741169#17195839, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1392109532-1653994488#17195840, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1684514985-1156218473#17195841, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,350][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2117807687-320709054#17195842, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,351][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:287030038-1729385907#17195843, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,353][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:826475139-504774455#17195844, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:15,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1623242052--940818444#17195845, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:10560789-977603174#17195846, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,364][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2048815647-905043503#17195847, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,366][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1552441438--1172311166#17195848, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,368][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1961273116-229070325#17195849, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,370][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1576018445-589199452#17195850, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:158353359-2063301884#17195851, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:15,416][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1104325396-779661656#17195852, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:15,418][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1112704465-411435406#17195853, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,420][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1175553006--1292763550#17195854, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:15,422][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1326878649-329923612#17195855, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,428][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:202738405-1502904903#17195856, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:15,432][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:669910911--528871703#17195857, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:15,441][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:541045020-692040067#17195858, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5166, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:15,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1134979757-157458372#17195860, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19344, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:16,597][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1920115222-1615462450#17195864, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:16,969][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:821701272-1081728296#17195865, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=24653, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:17,591][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:922004414-1938348318#17195869, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:17,682][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1715009138-1803082112#17195871, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:17,955][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1568208476-981310967#17195874, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22395, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:18,039][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1079265690-617969758#17195877, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:18,092][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1357733816-840422566#17195879, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:18,342][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1992612884-1290690027#17195881, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:18,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1530056394-1428998169#17195884, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20328, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:19,599][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2140525944-822696754#17195888, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:19,972][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1341918966-423141595#17195889, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=27655, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:20,099][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1420913064-1735266087#17195892, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:20,687][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:218254955-1547357809#17195896, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:20,958][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:851329008-366243833#17195899, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19530, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:21,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:124854721-1459972423#17195902, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:21,402][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:700156408-667605543#17195904, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:21,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:179964478-16319582#17195907, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19548, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:22,603][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1185363699-764855875#17195911, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:22,607][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1188832280-531103370#17195912, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:22,794][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1640195281-348308824#17195914, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:22,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1140587022-1978072623#17195915, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19972, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:23,692][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:299180262-73365630#17195919, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:23,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:640782333-941711539#17195922, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19817, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:24,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:13350209-2133373358#17195926, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20382, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:25,116][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2018358943-1500527094#17195930, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:25,340][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1096709240--1884861561#17195932, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,343][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1471619445-182312398#17195933, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,343][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1439467473-1954473382#17195934, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,345][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1717260579--1607741169#17195935, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,350][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1618248007-1307435024#17195936, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1580758053-1156218473#17195937, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1005031700-33092103#17195938, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1246412861-2143268931#17195939, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:847402992-504774455#17195940, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:25,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1580910271--940818444#17195941, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:809181158-977603174#17195942, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,369][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:215323275-905043503#17195943, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,370][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:5052524--1172311166#17195944, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,373][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:154813794-229070325#17195945, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,375][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:196992308-1301507726#17195946, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,376][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1783826533-842281808#17195947, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:25,419][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1157095323-779661656#17195948, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:25,421][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:624925941-90047251#17195949, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,423][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:265676309--1292763550#17195950, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:25,427][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1617902321-920575852#17195951, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,430][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1714965109-1502904903#17195952, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:25,433][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:786521273--528871703#17195953, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:25,443][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1012913052-722118646#17195954, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5163, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:25,607][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1868506486--838538168#17195956, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:25,961][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:443344149-55442459#17195957, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20296, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:26,698][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1394443512-2059274441#17195961, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:26,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1126721185-1430949671#17195964, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20306, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:27,625][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1176878229-784552517#17195968, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:27,955][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:687049942-1144131831#17195970, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20403, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:28,611][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1143962558--85954833#17195974, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:28,786][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1420970753-1895684096#17195975, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:28,819][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1705524741-1891814904#17195976, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:28,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1159587755-1908168418#17195978, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20207, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:29,703][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1590384012-2106169913#17195982, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:29,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:626873738-437270548#17195985, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20284, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:30,133][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:807052354-587395045#17195989, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:30,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:304793625-644051070#17195992, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19507, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:31,615][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:467080094-839809879#17195996, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:32,109][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1990185725-1741320212#17195997, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=21689, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:32,641][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:236102721-328626426#17196001, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:32,708][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2073753086-154084815#17196003, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:32,968][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:185536808-86430194#17196006, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=28406, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:33,970][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:692056493-1498331160#17196010, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22697, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:34,474][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1213998783-913023238#17196013, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:34:34,475][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1288383585-719212192#17196014, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:34,618][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:425181825-997594486#17196017, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:34,720][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:842674144-1878816479#17196018, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=823, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:34:34,720][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1833796082-586816706#17196019, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=739, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:34:34,863][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:791821275-1771997055#17196022, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:34,863][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1820114841-2002202363#17196023, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:34,863][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1466339659--1884861561#17196025, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,868][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:137836251-743139790#17196026, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,868][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2008907668-1954473382#17196027, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,871][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1061200263--1607741169#17196028, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,873][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1414908190-1787284652#17196029, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,875][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2124819654-1156218473#17196030, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,877][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2000624636-1801620304#17196031, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,878][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:708539464-421632444#17196032, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,880][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:751103207-504774455#17196033, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:34,882][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1249959090--940818444#17196034, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,882][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:293970459-977603174#17196035, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,893][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:712845866-905043503#17196036, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,895][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1161035307--1172311166#17196037, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,898][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2008007932-229070325#17196038, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,900][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1247608202-891013018#17196039, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,901][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:779054109-534714085#17196040, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:34,947][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1338352044-779661656#17196041, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:34,950][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:154283608-1403673587#17196042, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,952][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:960568324--1292763550#17196043, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:34,954][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1676103220-311422772#17196044, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,957][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1286007655-1502904903#17196045, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:34,961][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1913576075--528871703#17196046, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:34,968][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:133589152-1708941619#17196047, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20678, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:34,998][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1940102223--164580058#17196050, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:34:34,999][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2125946017-360408058#17196051, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,116][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1523461806-365029677#17196054, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,116][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:220454883-215447671#17196055, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,151][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1212251928-107721049#17196057, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,318][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1747786185-612646194#17196061, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,318][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:432467627-598747277#17196062, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,318][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:473974605--1884861561#17196063, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,320][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:760273405-104868263#17196065, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,320][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:354728624-1954473382#17196066, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,323][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:579300515--1607741169#17196067, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,324][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1902027323-374471371#17196068, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,326][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:483532995-1156218473#17196069, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,328][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1007879506-1359522731#17196070, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,329][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:673688518-424584361#17196071, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,333][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1695513154-504774455#17196072, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,336][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1644002900--940818444#17196073, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,336][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:45512251-977603174#17196074, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,341][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:986180171--1884861561#17196075, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:168179353-905043503#17196076, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,347][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:688052385-772325687#17196077, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,347][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1675381289-1954473382#17196078, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:380783257--1172311166#17196079, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,349][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2035362482--1607741169#17196080, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:592521229-229070325#17196081, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,353][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:327004430-435708651#17196082, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:317167090-757039327#17196083, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1203894933-1156218473#17196084, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:484988461-669063639#17196085, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:35,358][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1016152879-934880142#17196086, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,360][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1400914997-1304684909#17196087, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1508522468-504774455#17196088, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,363][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1165425970--940818444#17196089, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,363][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1280274430-977603174#17196090, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1588964563-905043503#17196091, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,374][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:56616712--1172311166#17196092, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,378][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:76685744-229070325#17196093, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,380][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:584435492-1322402875#17196094, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,381][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1440906491-121143211#17196095, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:35,400][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1566081136-779661656#17196096, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,402][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:809488429-632678459#17196097, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,404][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1867359441--1292763550#17196098, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,406][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:624138673-1243424956#17196099, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,408][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1926759853-1502904903#17196100, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,412][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2062886667--528871703#17196101, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:35,440][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1677086162-779661656#17196102, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,443][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2020409077-104269605#17196103, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,445][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:107935994--1292763550#17196104, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,447][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:670540576-1770500427#17196105, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,452][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1093395663-1502904903#17196106, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:35,456][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:988385271--528871703#17196107, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:35,464][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:173480992-1450734285#17196108, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=4487, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,577][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:283348301-1653501198#17196111, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,577][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:324700368-395423738#17196110, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:35,711][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1464766310-1162937323#17196113, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:35,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1677293680-850403584#17196118, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=23693, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:36,973][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:675572437-2082311039#17196122, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19530, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:37,212][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1410287220-1847661762#17196125, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=354, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,618][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1625761442--1569773434#17196127, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:34:37,619][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1728370132--868400400#17196128, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:37,620][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2129968109-1928452251#17196129, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:37,664][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1241294241-2009898388#17196131, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:37,933][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:515891611-1750474125#17196133, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:37,933][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1625254571--1884861561#17196134, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,933][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1262520926-105088646#17196135, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:37,935][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:244287585-183369131#17196137, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,935][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1661353430-1954473382#17196138, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,937][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:982369570--1607741169#17196139, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,939][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1729174764-1072947190#17196140, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,943][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1677799097-1156218473#17196141, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,945][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1882107948-1791192857#17196142, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,946][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1813846307-2093691308#17196143, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,948][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1635592781-504774455#17196144, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:37,951][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1303832622--940818444#17196145, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,951][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:489952249-977603174#17196146, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1326347524-905043503#17196147, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,961][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:98232529--1172311166#17196148, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,961][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1390011559-330445149#17196149, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19487, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:37,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1243363108-229070325#17196152, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:461249810-333017970#17196153, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:37,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1472360477-637281796#17196154, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:38,008][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1229549389-779661656#17196155, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:38,011][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:611818483-559800449#17196156, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:38,013][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:392361481--1292763550#17196157, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:38,015][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:838988568-794871075#17196158, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:38,017][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1170745681-1502904903#17196159, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:38,021][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:785322283--528871703#17196160, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:38,202][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1352132628-39390903#17196161, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:38,202][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1758104234-1935359786#17196162, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:38,716][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1451643343-722144214#17196167, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:38,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:760881483-755517527#17196170, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20026, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:39,952][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:271382493-961306918#17196174, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19744, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:40,173][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1172328253-709225766#17196178, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:40,622][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:316008355--1966354241#17196181, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:40,957][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1570792876-129989231#17196182, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20440, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:41,721][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:809445648-850579493#17196186, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:41,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1088504834-1170779621#17196189, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20289, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:42,681][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1185498724-1111525768#17196193, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:42,956][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:454770165-1737179387#17196195, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20369, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:43,624][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:763418972-1621419721#17196199, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:43,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:765980300-1863420504#17196200, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20253, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:44,562][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1744591335-1401085916#17196204, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=823, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:34:44,562][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1630031213-1346061516#17196205, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=739, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:34:44,726][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:795875002-152590683#17196208, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:44,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1997868140-1007436116#17196211, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20325, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:45,191][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2093916981-1870508293#17196215, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:45,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:648847398--1884861561#17196217, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1542754898-2072754767#17196218, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2041114214-1954473382#17196219, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,351][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:269980878--1607741169#17196220, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,353][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1426741918-1495051325#17196221, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:614645566-1156218473#17196222, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,356][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2063223839-98776848#17196223, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,358][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1811648282-632235383#17196224, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:525759071-504774455#17196225, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:45,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:589085729--940818444#17196226, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:565330114-977603174#17196227, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,370][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1175499134-905043503#17196228, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1547197443--1172311166#17196229, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,375][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:318155827-229070325#17196230, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,378][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:977572038-646146857#17196231, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,380][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:745668092-780571886#17196232, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:45,423][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1541481392-779661656#17196233, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:45,425][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2007124886-1249333822#17196234, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,427][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1622681196--1292763550#17196235, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:45,429][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:254699269-725200189#17196236, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,432][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1738543541-1502904903#17196237, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,436][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1191745916--528871703#17196238, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:45,449][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:155749693-1350653329#17196239, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5182, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:45,537][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:119864688-1243989958#17196241, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:34:45,538][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1955749576-1200993480#17196242, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:45,839][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1083803573-982835216#17196244, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:45,839][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:571386199-1377368458#17196245, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:45,839][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1263031188--1884861561#17196246, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,841][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1427031738-127959816#17196248, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,841][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:593988948-1954473382#17196249, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,845][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:882542879--1607741169#17196250, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,847][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:909276382-733709928#17196251, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,849][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1625950192-1156218473#17196252, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,851][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1498735611-1689457115#17196253, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,857][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:422727035-1172985783#17196254, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,859][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1765227658-504774455#17196255, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:45,865][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:674631797--940818444#17196256, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,865][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1252985856-977603174#17196257, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,872][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1589860528-905043503#17196258, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,874][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1143532237--1172311166#17196259, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,877][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1234468510-229070325#17196260, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,879][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2045851099-695371011#17196261, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,880][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2109236268-246262790#17196262, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:45,923][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:156243502-779661656#17196263, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:45,926][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1159319655-1180263105#17196264, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,928][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1148991403--1292763550#17196265, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:45,930][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:462373665-1904586304#17196266, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,932][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:954993354-1502904903#17196267, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:45,936][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:470903335--528871703#17196268, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:45,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1143863749-1329370063#17196269, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19502, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:46,098][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:19534406-1020118525#17196273, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:46,098][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:689928351-204373478#17196272, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:46,626][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:836003355--1581079379#17196278, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:46,968][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:450705669-770187130#17196279, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=24078, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:47,702][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1725422827-2095842619#17196283, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:47,731][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1236859228-1182962496#17196285, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:47,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1429642028-1203817263#17196288, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22507, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:48,103][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2068918989-2024591848#17196291, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=666, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:48,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1436224525-657365801#17196293, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:48,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:874956739-1507331570#17196296, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20493, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:49,629][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2091113163-767042849#17196300, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:49,969][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:953553438-2030972824#17196301, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=26976, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:50,209][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2073360293-1656410808#17196305, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:50,256][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:816099171-1021476134#17196308, TYP:GetAliasesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/aliases/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_aliases, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=54291, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:34:50,256][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1441359445-1657083060#17196307, TYP:GetMappingsRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/mappings/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_mapping, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=63446, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:34:50,259][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1375210792-597039065#17196309, TYP:GetIndexTemplatesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/template/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:.monitoring-logstash-7-*,is_ikun_yeshut_status_rechev_metadata*,mark*,.monitoring-kibana-7-*,Tib-log-v1.0-*,.ml-state*,.watches*,is_ikun_yeshut_plus_metadata_history_0_6_1*,ilm_test*,apm-7.5.1-metric*,.ml-meta,.monitoring-alerts-7,mokdim*,.monitoring-es-7-*,apm-7.5.1-span*,.logstash,lpr-test-Ein-*,mokdim_logging*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,lpr-Ein-*,is_ikun_yeshut_status_rechev_0_6*,mokdim_105_events_*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_events*,mokdim_events_*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,kingroad-*,.management-beats,.slm-history-1*,.transform-internal-003,taglit_logging*,.ml-config,.transform-notifications-*,.watcher-history-10*,.ml-notifications-000001,.triggered_watches*,.ml-anomalies-*,.monitoring-beats-7-*,lpr-nr-Ein-*,apm-7.5.1-error*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,apm-7.5.1-transaction*,SIR_mesimot*,apm-7.5.1*, MET:GET, PTH:/_template, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64277, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], } [2024-02-04T20:34:50,735][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1582459714-1233345149#17196311, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:50,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:182467188-1124957641#17196314, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19530, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:51,373][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1059042784-845753706#17196317, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:51,414][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1552079670-1118941019#17196319, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:51,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1447493800-811235705#17196322, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19727, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:52,561][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1311977199--247330635#17196326, TYP:SearchRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=205, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.kibana]], } [2024-02-04T20:34:52,631][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1820768571--150479466#17196327, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:52,718][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1004717724-329848604#17196328, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:52,797][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1751686667-1712650307#17196330, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:52,833][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1668951492-694878710#17196331, TYP:MultiGetRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:data/read/mget, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/_mget, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=90, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.kibana]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.kibana]], } [2024-02-04T20:34:52,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2097481601-519514345#17196333, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19783, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:53,139][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:1533455913-1176474966#17196336, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Connection=keep-alive, Content-Length=821, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], } [2024-02-04T20:34:53,467][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:609208179-625133860#17196337, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=49260, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_http_audit_2024-02]], } [2024-02-04T20:34:53,483][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:955566209-1650123955#17196339, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=64844, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_http_audit_2024-02]], } [2024-02-04T20:34:53,739][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:428953304-1992666889#17196342, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:53,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:800485526-166367766#17196345, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19791, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:54,702][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:609925582-980733188#17196349, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=101839, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_http_audit_2024-02]], } [2024-02-04T20:34:54,961][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:438237821-1106813904#17196351, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20294, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:55,227][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1313655269-1059691819#17196355, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:55,342][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:878608210--1884861561#17196357, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,345][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:945888055-822713203#17196358, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,345][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1574328761-1954473382#17196359, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:613977705--1607741169#17196360, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1833457539-1107035367#17196361, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,356][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:15796791-1156218473#17196362, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,358][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1842468166-1773341967#17196363, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,360][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:589921063-1520593974#17196364, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,362][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:15415931-504774455#17196365, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:55,364][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:643735335--940818444#17196366, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,364][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:105351697-977603174#17196367, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,372][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1615792003-905043503#17196368, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,374][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1200120283--1172311166#17196369, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,376][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:242190428-229070325#17196370, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,378][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1836521266-475903206#17196371, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,379][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1921619302-29003481#17196372, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:34:55,421][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1750323942-779661656#17196373, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:55,424][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:653308542-1420817300#17196374, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,426][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1154055333--1292763550#17196375, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:55,428][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1114082413-748578286#17196376, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,434][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1227438135-1502904903#17196377, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:34:55,437][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:28618932--528871703#17196378, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:55,443][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1772240266-547897172#17196379, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5169, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:55,638][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1883234016-285332041#17196381, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:55,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1409278427-2028440419#17196382, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20405, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:56,744][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:261567557-786261261#17196386, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:56,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1559406043-1379186811#17196389, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20353, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:57,736][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:281607051-340444912#17196393, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:57,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2120841951-982600418#17196395, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20356, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:58,639][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1938095126-222029968#17196399, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:34:58,815][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:289377706-152212032#17196400, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:34:58,867][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:56751523-2023267032#17196401, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:34:58,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:75785597-831408304#17196403, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20232, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:34:59,244][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:1718593783-830256771#17196406, TYP:MainRequest, CGR:N/A, USR:manatRUTY (attempted), BRS:true, KDX:null, ACT:cluster:monitor/main, OA:██████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Accept-Encoding=gzip, Accept=application/json, Authorization=, Host=web001.m.po.dom:9200, User-Agent=Go-http-client/1.1, content-length=0, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->false]], [logstash writer-> RULES:[auth_key->false]], [allow bodyera-> RULES:[auth_key->false]], [allow lpr-> RULES:[auth_key->false]], [allow is-> RULES:[auth_key->false]], [allow taglit-> RULES:[auth_key->false]], [gilda RW-> RULES:[ldap_authentication->false]], [projectname RO-> RULES:[ldap_authentication->false]], [is RW-> RULES:[ldap_authentication->false]], [is RO-> RULES:[ldap_authentication->false]], [SIR RW-> RULES:[ldap_authentication->false]], [SIR RO-> RULES:[ldap_authentication->false]], [bodyera RW-> RULES:[ldap_authentication->false]], [bodyera RO-> RULES:[ldap_authentication->false]], [Ein RW-> RULES:[ldap_authentication->false]], [Ein RO-> RULES:[ldap_authentication->false]], [Pe RW-> RULES:[ldap_authentication->false]], [Pe RO-> RULES:[ldap_authentication->false]], [Tib RW-> RULES:[ldap_authentication->false]], [Tib RO-> RULES:[ldap_authentication->false]], [SharePoint RW-> RULES:[ldap_authentication->false]], [SharePoint RO-> RULES:[ldap_authentication->false]], [Mokdim RW-> RULES:[ldap_authentication->false]], [Mokdim RO-> RULES:[ldap_authentication->false]], [Mapal RW-> RULES:[ldap_authentication->false]], [Mapal RO-> RULES:[ldap_authentication->false]], [Taglit RW-> RULES:[ldap_authentication->false]], [Taglit RO-> RULES:[ldap_authentication->false]], [Kingroad RW-> RULES:[ldap_authentication->false]], [Kingroad RO-> RULES:[ldap_authentication->false]], [Peten RW-> RULES:[ldap_authentication->false]], [Peten RO-> RULES:[ldap_authentication->false]], [Mena RW-> RULES:[ldap_authentication->false]], [Mena RO-> RULES:[ldap_authentication->false]], [AI RW-> RULES:[ldap_authentication->false]], [AI RO-> RULES:[ldap_authentication->false]], [Model RW-> RULES:[ldap_authentication->false]], [Model RO-> RULES:[ldap_authentication->false]], [Adir RW-> RULES:[ldap_authentication->false]], [Adir RO-> RULES:[ldap_authentication->false]], [DataPower RW-> RULES:[ldap_authentication->false]], [DataPower RO-> RULES:[ldap_authentication->false]], [Pros RW-> RULES:[ldap_authentication->false]], [Pros RO-> RULES:[ldap_authentication->false]], [Help Desk RW-> RULES:[ldap_authentication->false]], [Help Desk RO-> RULES:[ldap_authentication->false]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false]], } [2024-02-04T20:34:59,752][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2053562697-1356141730#17196408, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:34:59,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:24695353-1430846028#17196411, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20288, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:00,244][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1425946844-704955082#17196415, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:00,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1916850709-835243813#17196418, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19511, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:01,507][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:967388227-1357104518#17196422, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:35:01,508][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:877082682-2036792146#17196423, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:01,640][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1652089469--1704111915#17196425, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:01,781][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:24019160-1901428610#17196426, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:01,782][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1645254277--1884861561#17196428, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,781][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:791265865-594142946#17196427, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:01,784][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:894643695-2003570931#17196430, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,784][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:926223946-1954473382#17196431, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,786][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1194457349--1607741169#17196432, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,788][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:499263246-292245011#17196433, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,793][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1377992553-1156218473#17196434, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,799][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1994795583-1684939829#17196435, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,800][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:273318615-1728890396#17196436, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,802][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:602521080-504774455#17196437, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:01,808][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:878735126--940818444#17196438, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,808][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1419462966-977603174#17196439, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,819][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1168984545-905043503#17196440, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,820][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:219965824--1172311166#17196441, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,823][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1318363130-229070325#17196442, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,825][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:967105746-616159540#17196443, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,827][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2033930721-1641164790#17196444, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:01,881][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:221312465-779661656#17196445, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:01,884][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:553430800-900098230#17196446, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,886][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:23774586--1292763550#17196447, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:01,888][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1969906545-334978003#17196448, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,893][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1739706562-1502904903#17196449, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:01,897][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1253709970--528871703#17196450, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:01,971][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1899890927-1879248114#17196451, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=21689, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:02,057][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1143349644-880479073#17196455, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:02,057][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1702343269-197756706#17196454, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:02,750][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:893565389-866616331#17196460, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:02,756][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:968994965-200242374#17196462, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:02,977][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:181608517-720357591#17196465, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=26286, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:03,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:921348521--1272278136#17196469, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Connection=keep-alive, Content-Length=821, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], } [2024-02-04T20:35:03,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:513708039-1856478806#17196470, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22728, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:04,643][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1662224560-947437186#17196474, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:04,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2103790287-697867460#17196475, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20836, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:05,259][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1047522882-1462832781#17196479, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:05,342][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1131163480--1884861561#17196481, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,344][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1549779508-1186676645#17196482, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,345][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:989085484-1954473382#17196483, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,350][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:268346081--1607741169#17196484, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:292244557-1175412637#17196485, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:731677988-1156218473#17196486, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,356][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1427156363-270556969#17196487, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,358][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1357152501-27710976#17196488, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:153647584-504774455#17196489, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:05,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:512186765--940818444#17196490, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:472101608-977603174#17196491, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,367][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1570545725-905043503#17196492, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,369][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1122649516--1172311166#17196493, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2124745179-229070325#17196494, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,373][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2127050408-23160777#17196495, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,374][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:663746757-1394096105#17196496, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:05,418][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:836699790-779661656#17196497, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:05,420][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:891509628-1449597840#17196498, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,422][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1504722408--1292763550#17196499, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:05,427][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1681522012-1553736878#17196500, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,430][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2079497772-1502904903#17196501, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:05,433][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1797612507--528871703#17196502, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:05,440][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1547261634-1135836861#17196503, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5168, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:05,760][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1683630222-560550872#17196505, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:05,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1025000629-1950015214#17196508, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=23703, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:06,584][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:1299272495-1730423335#17196512, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Connection=keep-alive, Content-Length=821, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], } [2024-02-04T20:35:06,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:458636731-1538109105#17196513, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19514, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:07,219][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:76396072-1847661762#17196516, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=354, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:07,646][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:611284125--1960572529#17196518, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:07,767][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1287916699-1662211780#17196519, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:07,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:109052752-739331550#17196521, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19555, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:08,764][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:608734064-1781065743#17196525, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:08,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:452961995-1173086869#17196528, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20008, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:09,280][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:56273253-1926200393#17196531, TYP:GetMappingsRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/mappings/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_mapping, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64308, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:35:09,282][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:18200601-1682859421#17196533, TYP:GetIndexTemplatesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/template/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:.monitoring-logstash-7-*,is_ikun_yeshut_status_rechev_metadata*,mark*,.monitoring-kibana-7-*,Tib-log-v1.0-*,.ml-state*,.watches*,is_ikun_yeshut_plus_metadata_history_0_6_1*,ilm_test*,apm-7.5.1-metric*,.ml-meta,.monitoring-alerts-7,mokdim*,.monitoring-es-7-*,apm-7.5.1-span*,.logstash,lpr-test-Ein-*,mokdim_logging*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,lpr-Ein-*,is_ikun_yeshut_status_rechev_0_6*,mokdim_105_events_*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_events*,mokdim_events_*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,kingroad-*,.management-beats,.slm-history-1*,.transform-internal-003,taglit_logging*,.ml-config,.transform-notifications-*,.watcher-history-10*,.ml-notifications-000001,.triggered_watches*,.ml-anomalies-*,.monitoring-beats-7-*,lpr-nr-Ein-*,apm-7.5.1-error*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,apm-7.5.1-transaction*,SIR_mesimot*,apm-7.5.1*, MET:GET, PTH:/_template, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64277, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], } [2024-02-04T20:35:09,283][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:970209340-2087546085#17196532, TYP:GetAliasesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/aliases/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_aliases, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=63446, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:35:09,972][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1140323323-1705912806#17196535, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19706, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:10,274][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1771143741-1007501366#17196539, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:10,647][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:33555046--1138510824#17196542, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:10,975][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:417703929-1693579061#17196543, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20332, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:11,771][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:528339785-1682157921#17196547, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:11,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:607986669-362924399#17196550, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20385, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:12,784][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1866902438-241475531#17196554, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:12,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1681368841-495372887#17196556, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20119, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:13,649][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:73431156--2066819151#17196560, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:13,957][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1357492289-1268314498#17196561, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20577, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:14,777][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:779968845-635356929#17196565, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:14,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1648039346-494710743#17196568, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20385, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:15,291][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:222718637-1256826881#17196572, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:15,344][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1511558405--1884861561#17196574, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:650242947-1126434060#17196575, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1481556540-1954473382#17196576, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:201060603--1607741169#17196577, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,350][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:995084497-1356053491#17196578, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,353][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:369029550-1156218473#17196579, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:827847347-1227747673#17196580, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,356][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:648402195-1601770101#17196581, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:124237329-504774455#17196582, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:15,362][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:316315837--940818444#17196583, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,363][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1742509410-977603174#17196584, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,370][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:871681354-905043503#17196585, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:168960468--1172311166#17196586, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,374][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:997127318-229070325#17196587, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,376][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1027105773-456784426#17196588, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,377][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1632901173-1727663550#17196589, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:15,420][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1663180427-779661656#17196590, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:15,422][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:416095146-231086948#17196591, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,424][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1476500114--1292763550#17196592, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:15,426][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1931421242-665021145#17196593, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,429][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:539131290-1502904903#17196594, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:15,432][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:974152637--528871703#17196595, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:15,444][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1710104591-682558306#17196596, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5184, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:15,962][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1472411084-1784879467#17196598, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19507, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:16,234][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'logstash writer', policy: ALLOW, rules: [auth_key] req={ ID:1899824314-827731742#17196601, TYP:BulkRequest, CGR:N/A, USR:lsWriter, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:SIR_audit_2024-02-04, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=1807, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [logstash writer-> RULES:[auth_key->true] RESOLVED:[user=lsWriter;indices=SIR_audit_2024-02-04]], } [2024-02-04T20:35:16,235][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'logstash writer', policy: ALLOW, rules: [auth_key] req={ ID:2134439805-1633037626#17196602, TYP:BulkRequest, CGR:N/A, USR:lsWriter, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:SIR_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=2155, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=SIR_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=SIR_logging_2024-02]], [logstash writer-> RULES:[auth_key->true] RESOLVED:[user=lsWriter;indices=SIR_logging_2024-02]], } [2024-02-04T20:35:16,652][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1623710955-925532682#17196606, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:16,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1544456072-304985232#17196607, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=24653, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:17,120][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'logstash writer', policy: ALLOW, rules: [auth_key] req={ ID:97151904-474720119#17196610, TYP:BulkRequest, CGR:N/A, USR:lsWriter, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:SIR_audit_2024-02-04, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=1760, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=SIR_audit_2024-02-04]], [logstash writer-> RULES:[auth_key->true] RESOLVED:[user=lsWriter;indices=SIR_audit_2024-02-04]], } [2024-02-04T20:35:17,121][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'logstash writer', policy: ALLOW, rules: [auth_key] req={ ID:673076101-270912228#17196612, TYP:BulkRequest, CGR:N/A, USR:lsWriter, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:SIR_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=2108, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=SIR_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=SIR_logging_2024-02]], [logstash writer-> RULES:[auth_key->true] RESOLVED:[user=lsWriter;indices=SIR_logging_2024-02]], } [2024-02-04T20:35:17,783][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1287841319-897981943#17196615, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:17,797][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1169545265-535640441#17196618, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:17,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1618436095-1040836510#17196620, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22395, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:18,055][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:319680063-1170997397#17196623, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:18,114][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:847742537-1309145648#17196625, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:18,396][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:71442099-175728060#17196627, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:18,962][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:370345232-1776659062#17196630, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20328, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:19,656][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:859281426-293298329#17196634, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:19,971][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1123265789-1288051254#17196635, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=26799, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:20,305][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2093550386-810523257#17196639, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:20,789][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1526909528-2027243333#17196642, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:20,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1064629450-39298823#17196645, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19601, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:21,431][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1150666996-1345778003#17196648, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=668, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:21,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1338699039-494363852#17196651, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19449, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:22,659][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:858299170--1639568787#17196655, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:22,800][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1004651703-893249540#17196656, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:22,812][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1691243496-1568328007#17196657, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:23,097][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:96276748-988668195#17196659, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20009, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:23,795][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:158915764-659825638#17196663, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:23,958][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:420164739-1108796644#17196666, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19784, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:24,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:222563694-185156659#17196670, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20407, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:25,321][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:696680017-1354617269#17196674, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:25,344][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:555852426--1884861561#17196676, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1265030909-1050815153#17196677, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1767819585-1954473382#17196678, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:320892790--1607741169#17196679, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,350][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:5631600-347035693#17196680, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:621681217-1156218473#17196681, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1388943869-795176039#17196682, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:185984603-251214699#17196683, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,360][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:824872875-504774455#17196684, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:25,362][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:4009112--940818444#17196685, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,363][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:868834331-977603174#17196686, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,371][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:276211766-905043503#17196687, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,373][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1145830857--1172311166#17196688, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,375][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:947030996-229070325#17196689, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,377][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:250535348-174890586#17196690, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,378][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:345487379-714732365#17196691, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:25,421][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1513471471-779661656#17196692, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:25,423][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:662264154-1928369126#17196693, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,425][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1675373155--1292763550#17196694, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:25,427][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1179523382-1052077878#17196695, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,432][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:860721129-1502904903#17196696, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:25,435][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:186658855--528871703#17196697, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:25,445][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:956839295-569614992#17196698, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5163, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:25,661][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1346742516--1262553122#17196700, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:25,961][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1388842925-1685666667#17196701, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20253, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:25,982][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:245034875--1293935254#17196704, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Connection=keep-alive, Content-Length=895, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], } [2024-02-04T20:35:25,988][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:791476117--1293935254#17196705, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Connection=keep-alive, Content-Length=895, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], } [2024-02-04T20:35:26,010][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1764166588-2046996622#17196706, TYP:SearchRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=211, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=adir_a3_logging*]], } [2024-02-04T20:35:26,800][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1810946141-2043760714#17196708, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:26,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1906324493-207560901#17196711, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20377, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:27,829][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:744845601-16557013#17196715, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:27,971][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:511243140-871833923#17196717, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20277, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:28,663][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:664807100--1153126145#17196721, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:28,846][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1258166427-1013435777#17196722, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:28,871][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:473244641-1980603131#17196723, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:28,966][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1124559724-917189313#17196725, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20353, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:29,806][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2035751745-590302971#17196729, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:29,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1587692392-128157393#17196732, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20269, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:30,336][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1608819920-907362717#17196736, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:30,958][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2061561140-1634625975#17196739, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19502, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:31,508][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:482660766-1925483547#17196743, TYP:IndexRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/index, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_doc/ui-metric:kibana-user_agent:Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=84, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:31,665][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:910975778--614646035#17196745, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:31,684][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:39848773-1659144830#17196746, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Connection=keep-alive, Content-Length=895, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false] RESOLVED:[indices=adir_a3_logging*]], } [2024-02-04T20:35:31,959][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:458658670-122888240#17196747, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=21689, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:32,811][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:540915846-1412665848#17196751, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:32,843][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:688874530-2009416210#17196754, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:32,992][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2055961743-815900638#17196756, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=28406, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:33,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1989212788-2017296497#17196760, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22697, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:34,474][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:446320263--1713870042#17196763, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:35:34,475][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1699619766-316874805#17196764, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:34,668][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:361277233--769212170#17196767, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:34,704][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1778146039-1038098917#17196769, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=739, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:35:34,704][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:475530403-187557944#17196768, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=823, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:35:34,783][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:422471948-749824995#17196772, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:34,783][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:285157009--1884861561#17196773, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,784][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1888439390-1682477674#17196774, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:34,786][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:984612592-1928799855#17196776, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,786][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:721407701-1954473382#17196777, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,788][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1864496222--1607741169#17196778, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,791][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:921822924-361525059#17196779, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,793][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:687216078-1156218473#17196780, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,796][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2104895105-349457424#17196781, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,797][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:898231928-2113738080#17196782, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,801][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:206504945-504774455#17196783, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:34,804][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1892626775--940818444#17196784, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,804][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1074372921-977603174#17196785, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,813][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1069578148-905043503#17196786, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,815][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2139099895--1172311166#17196787, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,817][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1481217171-229070325#17196788, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,820][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:348648245-583375217#17196789, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,821][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:87290419-1085195291#17196790, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:34,865][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:801698937-779661656#17196791, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:34,868][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:915892798-216339795#17196792, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,870][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:409281537--1292763550#17196793, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:34,873][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1765416606-1002854895#17196794, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,898][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:900149694-1502904903#17196795, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:34,903][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:358362786--528871703#17196796, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:34,952][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1650844507-2007411810#17196797, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20678, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:35,059][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1481216151-1631046356#17196800, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:35,059][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:993071135-281285143#17196801, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:35,345][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:516169583--1884861561#17196806, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,347][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2143572639-1036203193#17196807, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,348][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:765360100-1954473382#17196808, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,349][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1992776690--1607741169#17196809, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,354][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1511519360-1732341399#17196810, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:795838974-1927444006#17196811, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:35,356][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1716410711-1156218473#17196813, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,358][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1967106899-1241423623#17196814, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1170545885-1965157080#17196815, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1453388351-504774455#17196816, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:35,363][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:140484184--940818444#17196817, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,363][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1268821108-977603174#17196818, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,372][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1787444955-905043503#17196819, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,374][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:778620271--1172311166#17196820, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,376][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1171815751-229070325#17196821, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,378][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1529661140-983488721#17196822, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,380][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:125072953-1782231550#17196823, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:35,421][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1803482295-779661656#17196824, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:35,423][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:280490315-1580874789#17196825, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,425][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:522652382--1292763550#17196826, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:35,428][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1315041620-733458412#17196827, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,431][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:396359890-1502904903#17196828, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:35,435][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:822436448--528871703#17196829, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:35,443][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1206802907-2091506459#17196830, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=4487, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:35,816][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:812151304-1695371851#17196832, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:35,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1053770312-813546704#17196835, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=23693, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:36,245][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:963125792-51791110#17196838, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.monitoring-es-6-*,.monitoring-es-7-*, MET:POST, PTH:/.monitoring-es-6-*,.monitoring-es-7-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=285, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.monitoring-es-6-*,.monitoring-es-7-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.monitoring-es-6-*,.monitoring-es-7-*]], } [2024-02-04T20:35:36,246][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2061192293-1162983297#17196839, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:36,506][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:195122751-49122197#17196842, TYP:MainRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/main, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:36,506][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:80975021-40362805#17196843, TYP:ClusterStatsRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/stats, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_cluster/stats, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:36,507][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:418088827--1884861561#17196845, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,509][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:389498822-1759504509#17196846, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,509][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1791175625-1954473382#17196847, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,511][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1704458656--1607741169#17196848, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,513][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:408245137-787337884#17196849, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,515][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1617616740-1156218473#17196850, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,517][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1167010067-229270428#17196851, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,519][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1140220133-1281813978#17196852, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,520][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2126814339-504774455#17196853, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:36,522][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2089156825--940818444#17196854, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,522][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:608444418-977603174#17196855, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,528][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:406802984-905043503#17196856, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,530][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:796686800--1172311166#17196857, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,532][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2021935416-229070325#17196858, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,534][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1188525104-472762605#17196859, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,536][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:590877943-236744225#17196860, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:36,582][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:150940444-779661656#17196861, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:36,585][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1032027787-727547416#17196862, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,586][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:513786607--1292763550#17196863, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:36,589][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1162310486-30663898#17196864, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,591][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1429839343-1502904903#17196865, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:36,595][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:426557274--528871703#17196866, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:36,752][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:323013389-229316747#17196868, TYP:XPackUsageRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/usage, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack/usage, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:36,752][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1092873865-1943594215#17196867, TYP:GetLicenseRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_license, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:36,958][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:632831717-1581981621#17196872, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19586, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:37,224][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2074083405-1847661762#17196875, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=354, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:37,670][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:798849195-1463733676#17196877, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:37,862][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:140095686-1937800168#17196878, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:37,958][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:911363666-1383666027#17196880, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19429, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:38,820][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:484862089-1992894112#17196884, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:38,883][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:711164630--406215591#17196887, TYP:SearchRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:adir_a3_logging*, MET:POST, PTH:/adir_a3_logging*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=191, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=adir_a3_logging*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=adir_a3_logging*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=adir_a3_logging*]], } [2024-02-04T20:35:38,958][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:389978348-1415384276#17196888, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20031, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:39,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2077267190-1142116618#17196892, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19790, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:40,370][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:516479529-738966504#17196896, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:40,673][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:168801418-1245960804#17196899, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:40,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:654919836-453958405#17196900, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20360, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:41,827][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:440107155-429646824#17196904, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:41,962][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1678150582-985865533#17196907, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20332, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:42,876][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1474559825-978899035#17196911, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:42,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1783871389-1213949215#17196913, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20175, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:43,525][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] FORBIDDEN by default req={ ID:1782390264-492920785#17196917, TYP:MainRequest, CGR:N/A, USR:manatRUTY (attempted), BRS:true, KDX:null, ACT:cluster:monitor/main, OA:██████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/, CNT:, HDR:Accept-Encoding=gzip, Accept=application/json, Authorization=, Host=web001.m.po.dom:9200, User-Agent=Go-http-client/1.1, content-length=0, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->false]], [logstash writer-> RULES:[auth_key->false]], [allow bodyera-> RULES:[auth_key->false]], [allow lpr-> RULES:[auth_key->false]], [allow is-> RULES:[auth_key->false]], [allow taglit-> RULES:[auth_key->false]], [gilda RW-> RULES:[ldap_authentication->false]], [projectname RO-> RULES:[ldap_authentication->false]], [is RW-> RULES:[ldap_authentication->false]], [is RO-> RULES:[ldap_authentication->false]], [SIR RW-> RULES:[ldap_authentication->false]], [SIR RO-> RULES:[ldap_authentication->false]], [bodyera RW-> RULES:[ldap_authentication->false]], [bodyera RO-> RULES:[ldap_authentication->false]], [Ein RW-> RULES:[ldap_authentication->false]], [Ein RO-> RULES:[ldap_authentication->false]], [Pe RW-> RULES:[ldap_authentication->false]], [Pe RO-> RULES:[ldap_authentication->false]], [Tib RW-> RULES:[ldap_authentication->false]], [Tib RO-> RULES:[ldap_authentication->false]], [SharePoint RW-> RULES:[ldap_authentication->false]], [SharePoint RO-> RULES:[ldap_authentication->false]], [Mokdim RW-> RULES:[ldap_authentication->false]], [Mokdim RO-> RULES:[ldap_authentication->false]], [Mapal RW-> RULES:[ldap_authentication->false]], [Mapal RO-> RULES:[ldap_authentication->false]], [Taglit RW-> RULES:[ldap_authentication->false]], [Taglit RO-> RULES:[ldap_authentication->false]], [Kingroad RW-> RULES:[ldap_authentication->false]], [Kingroad RO-> RULES:[ldap_authentication->false]], [Peten RW-> RULES:[ldap_authentication->false]], [Peten RO-> RULES:[ldap_authentication->false]], [Mena RW-> RULES:[ldap_authentication->false]], [Mena RO-> RULES:[ldap_authentication->false]], [AI RW-> RULES:[ldap_authentication->false]], [AI RO-> RULES:[ldap_authentication->false]], [Model RW-> RULES:[ldap_authentication->false]], [Model RO-> RULES:[ldap_authentication->false]], [Adir RW-> RULES:[ldap_authentication->false]], [Adir RO-> RULES:[ldap_authentication->false]], [DataPower RW-> RULES:[ldap_authentication->false]], [DataPower RO-> RULES:[ldap_authentication->false]], [Pros RW-> RULES:[ldap_authentication->false]], [Pros RO-> RULES:[ldap_authentication->false]], [Help Desk RW-> RULES:[ldap_authentication->false]], [Help Desk RO-> RULES:[ldap_authentication->false]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->false]], } [2024-02-04T20:35:43,675][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:689886208-1350471295#17196918, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:43,970][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:655922-2083311712#17196919, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20422, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:44,476][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow lpr', policy: ALLOW, rules: [auth_key,indices] req={ ID:737414631-1334031500#17196922, TYP:BulkRequest, CGR:N/A, USR:lpr, BRS:false, KDX:null, ACT:indices:data/write/bulk, OA:█████████████████, XFF:null, DA:████████████████, IDX:lpr-nr-Ein-2024-02, MET:POST, PTH:/lpr-Ein-$URL_Elastic/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Content-Length=2061, Content-Type=application/json, Host=mntelsgenweb001:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=lpr-nr-Ein-2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=lpr-nr-Ein-2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=lpr-nr-Ein-2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=lpr-nr-Ein-2024-02]], [allow lpr-> RULES:[auth_key->true, indices->true] RESOLVED:[user=lpr;indices=lpr-nr-Ein-2024-02]], } [2024-02-04T20:35:44,579][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:398544659-1264594004#17196926, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=823, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:35:44,579][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Pros RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1797764797-1652798116#17196927, TYP:BulkRequest, CGR:N/A, USR:A160001749, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:pros_logging_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=739, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=pros_logging_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=A160001749;indices=pros_logging_2024-02]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=A160001749;group=Elastic-Pros-RW;av_groups=Elastic-Pros-RW;indices=pros_logging_2024-02]], } [2024-02-04T20:35:44,834][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1571083216-828045153#17196930, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:44,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:12827346-745305544#17196933, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20387, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:45,346][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1199060521--1884861561#17196937, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,349][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1462573510-833228221#17196938, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,349][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1245183273-1954473382#17196939, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,351][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2086569085--1607741169#17196940, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1434457295-2066462966#17196941, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:740439152-1156218473#17196942, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:40006016-1917654303#17196943, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,362][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1672467977-1551040659#17196944, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,364][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:757887362-504774455#17196945, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:45,366][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1037384005--940818444#17196946, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,366][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:318140372-977603174#17196947, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,376][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2114880723-905043503#17196948, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,377][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1037205528--1172311166#17196949, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,379][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:15276859-229070325#17196950, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,381][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:736351088-974936573#17196951, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,382][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:493591217-1498965527#17196952, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:45,384][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:551765580-1854772147#17196953, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:45,429][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1666400921-779661656#17196955, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:45,432][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1297314664-86743354#17196956, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,434][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1762054932--1292763550#17196957, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:45,436][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:2073075945-778302776#17196958, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,438][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1146365244-1502904903#17196959, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:45,441][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1530967361--528871703#17196960, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:45,451][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:91410377-1826746125#17196961, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5171, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:45,967][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1579588479-146303968#17196963, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19506, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:46,679][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:63687781-1195618449#17196967, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:46,973][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1367589252-874210125#17196968, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=24078, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:47,839][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:960157034-1908015272#17196972, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:47,893][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1051371000-1258412465#17196975, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:47,944][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow lpr', policy: ALLOW, rules: [auth_key,indices] req={ ID:1039214476-332001583#17196977, TYP:BulkRequest, CGR:N/A, USR:lpr, BRS:false, KDX:null, ACT:indices:data/write/bulk, OA:█████████████████, XFF:null, DA:████████████████, IDX:lpr-Ein-2024-02, MET:POST, PTH:/lpr-Ein-$URL_Elastic/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Content-Length=13107, Content-Type=application/json, Host=mntelsgenweb001:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=lpr-Ein-2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=lpr-Ein-2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=lpr-Ein-2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=lpr-Ein-2024-02]], [allow lpr-> RULES:[auth_key->true, indices->true] RESOLVED:[user=lpr;indices=lpr-Ein-2024-02]], } [2024-02-04T20:35:47,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1823916689-716926782#17196982, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=22507, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:48,087][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:421000095-1432070316#17196985, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:48,140][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1537707231-2097809215#17196987, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:48,407][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2142968932-404596280#17196989, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:48,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1170566790-1692113366#17196992, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20493, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:49,683][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1050897814-1230896479#17196996, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:49,971][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1326462947-567267801#17196997, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=26976, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:50,401][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1260703184-1137825189#17197001, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:50,847][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:676554532-995016380#17197004, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:50,969][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:434301215-1007220840#17197007, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19530, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:51,261][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:16152035-182537237#17197011, TYP:GetAliasesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/aliases/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_aliases, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64308, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:35:51,262][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:795373864-422257441#17197010, TYP:GetMappingsRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/mappings/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:*, MET:GET, PTH:/_mapping, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=63446, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=*]], } [2024-02-04T20:35:51,265][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Domain Admin Access - Read Write', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1772320737-1433443385#17197012, TYP:GetIndexTemplatesRequest, CGR:N/A, USR:Mordi, BRS:false, KDX:null, ACT:indices:admin/template/get, OA:███████████████, XFF:███████████, DA:████████████████, IDX:.monitoring-logstash-7-*,is_ikun_yeshut_status_rechev_metadata*,mark*,.monitoring-kibana-7-*,Tib-log-v1.0-*,.ml-state*,.watches*,is_ikun_yeshut_plus_metadata_history_0_6_1*,ilm_test*,apm-7.5.1-metric*,.ml-meta,.monitoring-alerts-7,mokdim*,.monitoring-es-7-*,apm-7.5.1-span*,.logstash,lpr-test-Ein-*,mokdim_logging*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,lpr-Ein-*,is_ikun_yeshut_status_rechev_0_6*,mokdim_105_events_*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_events*,mokdim_events_*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,kingroad-*,.management-beats,.slm-history-1*,.transform-internal-003,taglit_logging*,.ml-config,.transform-notifications-*,.watcher-history-10*,.ml-notifications-000001,.triggered_watches*,.ml-anomalies-*,.monitoring-beats-7-*,lpr-nr-Ein-*,apm-7.5.1-error*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,apm-7.5.1-transaction*,SIR_mesimot*,apm-7.5.1*, MET:GET, PTH:/_template, CNT:, HDR:Authorization=, Connection=close, content-length=0, content-type=application/json, host=web001.m.po.dom, x-forwarded-for=███████████, x-forwarded-host=mntswarm101:5603, x-forwarded-port=64277, x-forwarded-proto=http, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mokdim RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mapal RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Taglit RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Kingroad RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Peten RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Mena RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [AI RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Model RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Adir RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [DataPower RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Pros RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Help Desk RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=Mordi;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], [Domain Admin Access - Read Write-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=Mordi;group=Elastic-Admins;av_groups=Elastic-Admins;indices=.ml-state*,is_ikun_yeshut_dynamic_graphic_metadata_0_6*,.ml-meta,apm-7.5.1-span*,is_ikun_yeshut_status_rechev_metadata*,is_ikun_yeshut_plus_metadata_online_0_6_1*,SIR_mesimot*,.ml-notifications-000001,apm-7.5.1-error*,lpr-nr-Ein-*,apm-7.5.1-metric*,taglit_logging*,mokdim_105_events_*,.slm-history-1*,.monitoring-es-7-*,.monitoring-alerts-7,.monitoring-beats-7-*,mokdim_events_*,is_ikun_yeshut_plus_metadata_history_reindexed_0_6_1*,access-logs-*,is_ikun_yeshut_plus_metadata_history_0_6_1*,.triggered_watches*,is_ikun_yeshut_zehut_position_metadata_0_6_1*,.ml-anomalies-*,.monitoring-kibana-7-*,Tib-log-v1.0-*,apm-7.5.1*,ilm_test*,.monitoring-logstash-7-*,SIR_events*,apm-7.5.1-transaction*,lpr-Ein-*,.management-beats,.transform-internal-003,.ml-config,.transform-notifications-*,mark*,is_ikun_yeshut_status_rechev_0_6*,mokdim_logging*,.watches*,.watcher-history-10*,mokdim*,kingroad-*,.logstash,lpr-test-Ein-*]], } [2024-02-04T20:35:51,409][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:645597871-25455160#17197013, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:51,483][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:76504768-1313325193#17197015, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=333, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:51,971][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1482944674-1632251100#17197018, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19485, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:52,687][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1977934628-501675453#17197022, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:52,802][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:955463489-3166386#17197023, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:52,907][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:714586793-2096952684#17197024, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:52,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1253069127-227630675#17197026, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20028, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:53,520][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:995429701-1741276041#17197030, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=49258, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_http_audit_2024-02]], } [2024-02-04T20:35:53,551][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:698982901-973455008#17197032, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=64854, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_http_audit_2024-02]], } [2024-02-04T20:35:53,589][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:986274982-1577837571#17197034, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=101831, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_http_audit_2024-02]], } [2024-02-04T20:35:53,855][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1336166082-350665632#17197036, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:53,960][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1032695793-1864533671#17197039, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=19804, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:54,981][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:667994221-548694274#17197043, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20305, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:55,349][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1888925890--1884861561#17197047, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=130, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:360094196-1705692048#17197048, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/kql-telemetry:kql-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,352][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:192548809-1954473382#17197049, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=36, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,355][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:916756024--1607741169#17197050, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=180, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,357][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1893076572-854957635#17197051, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/config:7.5.1, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,359][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:709377387-1156218473#17197052, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=368, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,361][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1690410204-1633358628#17197053, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/ml-telemetry:ml-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,362][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:212126619-759061012#17197054, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/apm-telemetry:apm-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,364][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:691514713-504774455#17197055, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:55,366][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1814188053--940818444#17197056, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,366][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1677725914-977603174#17197057, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=64, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,376][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1623806597-905043503#17197058, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=70, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,378][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:28091774--1172311166#17197059, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=56, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,380][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:939335199-229070325#17197060, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=63, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,382][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1165034515-2089483690#17197061, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/upgrade-assistant-telemetry:upgrade-assistant-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,384][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1457002931-166270854#17197062, TYP:ClusterStateRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/state, OA:███████████████, XFF:null, DA:████████████████, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=*]], } [2024-02-04T20:35:55,416][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1555418862-1216150852#17197063, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:55,446][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1221509079-779661656#17197065, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=171, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:55,448][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:916504230-1777484683#17197066, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/file-upload-telemetry:file-upload-telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,450][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1712833296--1292763550#17197067, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=163, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:55,452][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1331253417-255656944#17197068, TYP:GetRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/get, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/telemetry:telemetry, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,455][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:465707749-1502904903#17197069, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana, MET:POST, PTH:/.kibana/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=201, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana]], } [2024-02-04T20:35:55,459][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1148574516--528871703#17197070, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=562, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:55,468][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1767253507-1519617778#17197071, TYP:MonitoringBulkRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:admin/xpack/monitoring/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:POST, PTH:/_monitoring/bulk, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=5169, Host=web001.m.po.dom:9200, content-type=application/x-ndjson, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:55,694][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1866009021--695389154#17197073, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:55,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:880503300-127776675#17197074, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20346, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:56,859][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1589211731-1363954738#17197078, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:56,964][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:2080920256-1993839278#17197081, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20402, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:57,950][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:420736314-1935237396#17197085, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:57,965][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:1299817453-124852750#17197087, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20325, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:58,697][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:26037735-461087092#17197091, TYP:SearchRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/read/search, OA:███████████████, XFF:null, DA:████████████████, IDX:.reporting-*, MET:POST, PTH:/.reporting-*/_search, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=375, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.reporting-*]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.reporting-*]], } [2024-02-04T20:35:58,875][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:619680781-110690050#17197092, TYP:XPackInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/xpack/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_xpack, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], } [2024-02-04T20:35:58,903][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Mokdim RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:467312647-1063119760#17197093, TYP:BulkRequest, CGR:N/A, USR:e765000790, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:mokdim_bell_http_audit_2024-02, MET:POST, PTH:/_bulk, CNT: , HDR:Accept-Encoding=gzip,deflate, Authorization=, Connection=Keep-Alive, Content-Length=334, Content-Type=application/json, Host=mntelsgenweb001:9200, User-Agent=Manticore 0.6.4, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=mokdim_bell_http_audit_2024-02]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Tib RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [SharePoint RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=e765000790;indices=mokdim_bell_http_audit_2024-02]], [Mokdim RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=e765000790;group=Elastic-Mokdim-RW;av_groups=Elastic-Mokdim-RW;indices=mokdim_bell_http_audit_2024-02]], } [2024-02-04T20:35:58,970][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:962911491-956458761#17197095, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20286, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:35:59,863][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:1116379338-309839142#17197099, TYP:UpdateByQueryRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:indices:data/write/update/byquery, OA:███████████████, XFF:null, DA:████████████████, IDX:.kibana_task_manager, MET:POST, PTH:/.kibana_task_manager/_update_by_query, CNT: , HDR:Authorization=, Connection=keep-alive, Content-Length=1052, Host=web001.m.po.dom:9200, content-type=application/json, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_task_manager]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk;indices=.kibana_task_manager]], } [2024-02-04T20:35:59,963][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'Tib RW', policy: ALLOW, rules: [ldap_authentication,ldap_authorization,indices] req={ ID:917289805-1562720778#17197102, TYP:BulkRequest, CGR:N/A, USR:765, BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:███████████████, XFF:null, DA:████████████████, IDX:Tib-log-v1.0-2024-02-04, MET:POST, PTH:/Tib-log-v1.0-2024-02-04/_doc/_bulk, CNT: , HDR:Accept=application/json, Authorization=, Connection=keep-alive, Content-Length=20281, Content-Type=application/json;charset=utf-8, Host=mntelsgenweb001:9200, User-Agent=Jersey/2.25.1 (HttpUrlConnection 1.8.0_92), HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow all-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [logstash writer-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow bodyera-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow lpr-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow is-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [allow taglit-> RULES:[auth_key->false] RESOLVED:[indices=Tib-log-v1.0-2024-02-04]], [gilda RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [projectname RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [is RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [SIR RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [bodyera RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Ein RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RW-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Pe RO-> RULES:[ldap_authentication->true, ldap_authorization->false] RESOLVED:[user=765;indices=Tib-log-v1.0-2024-02-04]], [Tib RW-> RULES:[ldap_authentication->true, ldap_authorization->true, indices->true] RESOLVED:[user=765;group=Elastic-Tib-RW;av_groups=Elastic-Tib-RW;indices=Tib-log-v1.0-2024-02-04]], } [2024-02-04T20:36:00,459][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [web001.m.po.dom] ALLOWED by { name: 'allow all', policy: ALLOW, rules: [auth_key] req={ ID:287605714-1967608797#17197106, TYP:NodesInfoRequest, CGR:N/A, USR:elk, BRS:false, KDX:null, ACT:cluster:monitor/nodes/info, OA:███████████████, XFF:null, DA:████████████████, IDX:, MET:GET, PTH:/_nodes, CNT:, HDR:Authorization=, Connection=keep-alive, Content-Length=0, Host=web001.m.po.dom:9200, HIS:[Require HTTP Basic Auth-> RULES:[auth_key->false]], [allow all-> RULES:[auth_key->true] RESOLVED:[user=elk]], }