Tag
This rule identifies potentially unsecured Elasticsearch nodes that lack TLS and/or authentication and are accepting inbound network connections, which could allow adversaries to gain initial access, exfiltrate data, or disrupt services.