EDR: Why Doesn't The Solr Database Require Authentication?
search cancel

EDR: Why Doesn't The Solr Database Require Authentication?

book

Article ID: 285877

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Can authentication for connections to the Solr database be turned on?

Environment

  • EDR Server: All Supported Versions
  • RHEL: All Supported Versions
  • CentOS: All Supported Versions
  • Solr DB: 5.5.5 and lower

Resolution

It is not recommended to turn on authentication within Solr, as EDR employs a reverse proxy model using Nginx to secure access to the Solr database.

Additional Information

  • Turning on or enabling authentication within Solr is not recommended and would put the system in an unsupported state (meaning the authentication would need to be disabled in order to get Engineering assistance for any Solr issues)
  • It is possible to turn on additional logging within Solr, but this would show every update and query, producing more noise with minimal benefits
  • All incoming access to Solr is authenticated through Nginx acting as a reverse proxy
  • Accessing the database directly must be done from the server hosting Solr
Powered by Wolken Software