I am using elk 7.10.0 with opendistro plugins : security, alerting, anomaly detector, and Audit log
For this last plugin is it possible to track successfull login : date, login … from security-auditlog-* index ?
I have seen event for failed_login but not for success_login.
I have not found such a possibility in the documents of security-auditlog-* index.
The Audit logging configuration has been moved to kibana since 1.10.1, There is an option in the kibana GUI, under Security - Audit logs - REST disabled categories Remove any entries from there and you should start seeing AUTHENTICATED / GRANTED_PRIVILEGES events, There will be quite a few entries for the same login however, due to how it’s currently built, just to bare in mind.