diff --git a/deploy-manage/monitor/logging-configuration/auditing-search-queries.md b/deploy-manage/monitor/logging-configuration/auditing-search-queries.md index 13cfb89ee5..6de9bfe918 100644 --- a/deploy-manage/monitor/logging-configuration/auditing-search-queries.md +++ b/deploy-manage/monitor/logging-configuration/auditing-search-queries.md @@ -11,7 +11,7 @@ applies: # Audit Elasticsearch search queries [auditing-search-queries] -There is no [audit event type](asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events) specifically dedicated to search queries. Search queries are analyzed and then processed; the processing triggers authorization actions that are audited. However, the original raw query, as submitted by the client, is not accessible downstream when authorization auditing occurs. +There is no [audit event type](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events.md) specifically dedicated to search queries. Search queries are analyzed and then processed; the processing triggers authorization actions that are audited. However, the original raw query, as submitted by the client, is not accessible downstream when authorization auditing occurs. Search queries are contained inside HTTP request bodies, however, and some audit events that are generated by the REST layer, on the coordinating node, can be toggled to output the request body to the audit log. Therefore, one must audit request bodies in order to audit search queries. diff --git a/deploy-manage/monitor/logging-configuration/configuring-audit-logs.md b/deploy-manage/monitor/logging-configuration/configuring-audit-logs.md index 5874ee5e9c..e1f74d7f0b 100644 --- a/deploy-manage/monitor/logging-configuration/configuring-audit-logs.md +++ b/deploy-manage/monitor/logging-configuration/configuring-audit-logs.md @@ -24,7 +24,7 @@ When auditing security events, a single client request might generate multiple a :::: For a complete description of event details and format, refer to the following resources: - * [{{es}} audit events details and schema](asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events) + * [{{es}} audit events details and schema](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events.md) * [{{es}} log entry output format](/deploy-manage/monitor/logging-configuration/logfile-audit-output.md#audit-log-entry-format) ### Kibana auditing configuration @@ -38,7 +38,7 @@ In self-managed systems, you can optionally configure audit logs location, and f To configure {{kib}} settings, follow the same [procedure](./enabling-audit-logs.md#enable-audit-logging-procedure) as when enabling {{kib}} audit logs, but apply the relevant settings instead. :::: -For a complete description of auditing event details, such as `category`, `type`, or `action`, refer to [{{kib}} audit events](https://www.elastic.co/guide/en/kibana/current/xpack-security-audit-logging.html#xpack-security-ecs-audit-logging). +For a complete description of auditing event details, such as `category`, `type`, or `action`, refer to [{{kib}} audit events](asciidocalypse://docs/kibana/docs/reference/kibana-audit-events.md). ### General recommendations diff --git a/deploy-manage/monitor/logging-configuration/enabling-audit-logs.md b/deploy-manage/monitor/logging-configuration/enabling-audit-logs.md index 5ae085e5fe..3460c73a4a 100644 --- a/deploy-manage/monitor/logging-configuration/enabling-audit-logs.md +++ b/deploy-manage/monitor/logging-configuration/enabling-audit-logs.md @@ -126,7 +126,6 @@ spec: nodeSets: - name: default config: - # https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html xpack.security.audit.enabled: true --- apiVersion: kibana.k8s.elastic.co/v1 @@ -142,7 +141,6 @@ spec: - name: monitoring namespace: observability config: - # https://www.elastic.co/guide/en/kibana/current/xpack-security-audit-logging.html xpack.security.audit.enabled: true ``` diff --git a/deploy-manage/monitor/logging-configuration/logfile-audit-output.md b/deploy-manage/monitor/logging-configuration/logfile-audit-output.md index 5e91cdb46c..57101a222e 100644 --- a/deploy-manage/monitor/logging-configuration/logfile-audit-output.md +++ b/deploy-manage/monitor/logging-configuration/logfile-audit-output.md @@ -32,4 +32,4 @@ There are however a few attributes that are exceptions to the above format. The When the `request.body` attribute is present (see [Auditing search queries](auditing-search-queries.md)), it contains a string value containing the full HTTP request body, escaped as per the JSON RFC 4677. -Refer to [audit event types](asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events) for a complete list of fields, as well as examples, for each entry type. \ No newline at end of file +Refer to [audit event types](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events.md) for a complete list of fields, as well as examples, for each entry type. diff --git a/deploy-manage/monitor/logging-configuration/security-event-audit-logging.md b/deploy-manage/monitor/logging-configuration/security-event-audit-logging.md index 7869f7ebc0..6027e23b9b 100644 --- a/deploy-manage/monitor/logging-configuration/security-event-audit-logging.md +++ b/deploy-manage/monitor/logging-configuration/security-event-audit-logging.md @@ -32,5 +32,5 @@ By following these guidelines, you can effectively audit system activity, enhanc For a complete description of audit event details and format, refer to: -* [Elasticsearch audit events](asciidocalypse://elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events) -* [Kibana audit events](asciidocalypse://kibana/docs/reference/kibana-audit-events) +* [Elasticsearch audit events](asciidocalypse://docs/elasticsearch/docs/reference/elasticsearch/elasticsearch-audit-events.md) +* [Kibana audit events](asciidocalypse://docs/kibana/docs/reference/kibana-audit-events.md)