# Visualize Audits ## Prerequisites 1. An existing Grey Matter deployment running on Kubernetes ([tutorial](https://greymatter.gitbook.io/grey-matter-documentation/1.3/installation/installation-kubernetes)) 2. `kubectl` or `oc` setup with access to the cluster 3. `greymatter` cli [setup](https://greymatter.gitbook.io/grey-matter-documentation/1.3/installation/commands-cli) with access to the deployment 4. An [ELK stack](https://greymatter.gitbook.io/grey-matter-documentation/1.3/guides/security-guides/audits/elk-stack) with a configured Kibana proxy that is reachable from the Grey Matter application. 5. [Observables enabled](https://greymatter.gitbook.io/grey-matter-documentation/1.3/guides/security-guides/audits/configure-audits) on a sidecar and some data in the Kafka cluster. ## Steps ### 1. Create a Kibana Index Pattern > Note: You **must** have at least some data in the system in order to create an index pattern. If you have not [enabled observables](https://greymatter.gitbook.io/grey-matter-documentation/1.3/guides/security-guides/audits/configure-audits) on and made a request to at least one service, do so before completing this step. Navigate to your Kibana proxy via the Grey Matter application. If you haven't clicked in yet choose `Explore on my own` and click into the `Management` panel on the far bottom of the options on the left. You should see `ElasticSearch` and `Kibana` listed as follows, click `Index Patterns` under `Kibana`. ![Kibana Management](https://1676458320-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LsNFVozLgvw3NDMzxBg%2Fsync%2Fe07569081f745c533f0c76b07f38d868ca2fb853.png?generation=1610036315853710\&alt=media) On the far right, choose `Create index pattern`. There should already be some existing data there if you properly [enabled observables](https://greymatter.gitbook.io/grey-matter-documentation/1.3/guides/security-guides/audits/configure-audits) and made a few requests to your service. In the index pattern, type `greymatter-*`. Click through and create the index. ### 2. Create certs for Dashboarder To create the certificates needed for the [Dashboarder service](https://github.com/greymatter-io/dashboarder), run the following from the root directory of your cloned `helm-charts` repository: > The password is `password` for all of the following. ```bash mkdir observables/certs openssl pkcs12 -in certs/quickstart.p12 -cacerts -nokeys -out observables/certs/ca.crt ``` ```bash openssl pkcs12 -in certs/quickstart.p12 -clcerts -nokeys -out observables/certs/user.crt ``` ```bash openssl pkcs12 -in certs/quickstart.p12 -nocerts -nodes -out observables/certs/user.key ``` ### 3. Use Dashboarder to configure a Kibana Dashboard The Dashboarder service will automatically populate a Kibana Dashboard to visualize Grey Matter audits - run the following to run it: > Note: The [cli](https://greymatter.gitbook.io/grey-matter-documentation/1.3/installation/commands-cli) needs to be properly configured in your terminal and you should be in the root directory of the helm-charts. ```bash docker run --rm -v $(pwd)/observables/certs:/usr/local/dashboarder -e GREYMATTER_URL=https://$GREYMATTER_API_HOST/services/kibana-observables-proxy/7.1.0/api/saved_objects/ docker.greymatter.io/internal/dashboarder generate greymatter ``` If you see the response: ```bash Found the greymatter index Templating the Visualization Applying the service visualization Applying the response_code visualization Applying the request_per_hour visualization Applying the total_requests visualization Applying the user_dn visualization Applying the x_real_ip visualization Applying the service_user_dn visualization Applying the popular_paths visualization Applying the successful_requests visualization Applying the path visualization Applying the user_agent visualization Templating the Dashboard Applying the Dashboard Completed ``` The Kibana Dashboard for Grey Matter was configured! Navigate to the `Dashboard` pane and you will see `Greymatter Dashboard`. This will be a basic visualization of the information available in a Grey Matter observables. ## Questions {% hint style="success" %} Create an account at [Grey Matter Support](https://support.greymatter.io/support/home) to reach our team. {% endhint %}